Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e2039333034.roa
File:                     3231332e3133392e36372e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          18Z/kr0BOMbrD7s6WTSNdpCR4gQ+ao7oXZdueQ4RROc=
Subject key identifier:   AB:79:24:8A:13:04:31:37:10:3C:DC:33:21:75:B2:23:0E:A9:3A:88
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       8E1FB1AC8A1BDB3BA4D423616E5334814E281C
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e2039333034.roa
Signing time:             Sun 19 Oct 2025 12:54:49 +0000
ROA not before:           Sun 19 Oct 2025 12:49:49 +0000
ROA not after:            Sun 18 Oct 2026 12:54:49 +0000
asID:                     9304
IP address blocks:        213.139.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:59:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            8e:1f:b1:ac:8a:1b:db:3b:a4:d4:23:61:6e:53:34:81:4e:28:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Oct 19 12:49:49 2025 GMT
            Not After : Oct 18 12:54:49 2026 GMT
        Subject: CN=AB79248A13043137103CDC332175B2230EA93A88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:0b:ab:cc:26:03:60:0e:07:25:16:ce:ed:ab:
                    ef:27:a4:5a:61:02:23:4a:e0:c1:4d:7e:37:1c:b2:
                    81:18:48:6d:e5:75:b1:36:24:ed:47:d4:01:13:0f:
                    47:20:15:5e:27:2e:46:d7:b5:05:fc:6a:02:32:d6:
                    4f:65:7f:b2:ab:75:34:fa:db:cf:51:67:db:45:2f:
                    c7:b4:ca:f4:fd:a5:4d:9b:06:b3:15:6e:61:1f:d5:
                    d4:ac:6a:f3:d2:1d:97:20:13:0b:94:7b:48:07:c1:
                    75:c1:30:2a:53:df:2f:c1:38:a2:15:eb:46:d4:04:
                    06:b0:3a:45:a1:01:ae:73:84:d7:30:25:ae:f6:c2:
                    db:45:02:89:25:3f:86:52:8c:f2:0f:24:01:6a:25:
                    13:d7:8c:fa:ce:81:55:f6:97:1f:b6:65:80:19:84:
                    6a:b9:4b:47:dd:05:e9:c9:08:de:96:7b:f7:d4:43:
                    5f:97:5a:d9:ea:a4:3b:ea:9e:8c:c5:4a:f6:ae:7d:
                    8e:ec:91:96:a8:bf:8b:81:78:47:ad:14:f3:96:8c:
                    2a:a2:2c:6e:76:83:ab:37:c4:a3:81:4d:df:e0:4d:
                    c5:43:69:fe:ab:0d:77:70:a7:0b:ea:7b:da:cc:f3:
                    f5:7f:e6:77:74:6b:eb:5e:41:3f:3b:e8:54:d1:7a:
                    c7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:79:24:8A:13:04:31:37:10:3C:DC:33:21:75:B2:23:0E:A9:3A:88
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:71:45:2f:f0:f3:d8:46:d9:4d:0d:bc:6d:17:f4:75:a9:2c:
         a8:72:ae:e8:e7:fb:05:fd:3d:69:7f:28:b1:f7:b2:5f:56:43:
         b3:e4:95:f4:89:43:88:d1:fc:dc:b7:9c:0b:b9:02:48:36:60:
         cb:b9:d2:60:bd:3d:67:d1:86:45:10:68:79:f7:70:82:01:32:
         0c:68:25:ee:d3:f8:23:44:b8:72:60:6c:4d:6c:8a:34:97:4b:
         4a:53:2f:95:7e:4f:bb:98:63:02:32:49:ee:cc:d0:92:64:fb:
         3d:3e:c2:19:5c:96:62:0e:51:8c:16:03:9e:94:d8:b6:e4:7d:
         09:af:c8:44:ea:d6:7f:d8:f9:29:61:2e:29:2d:cd:4b:fe:9e:
         0d:1a:5b:31:56:65:01:ed:e6:10:bf:45:49:1f:ba:24:b1:a7:
         6b:a7:7f:a3:b1:06:8b:67:d5:f2:06:6d:39:af:c1:82:88:28:
         13:18:68:f6:4e:37:3f:f4:05:19:49:a1:8f:91:92:2f:41:ea:
         b7:6a:f5:6b:ea:91:86:60:4d:4d:09:a6:4d:fd:fd:31:15:41:
         ad:5f:a8:ae:5d:34:14:61:44:4e:08:d8:5f:b4:63:96:94:43:
         9c:99:3e:db:f0:f6:e7:db:14:6f:1e:08:54:b8:02:f8:d3:75:
         d2:08:78:a6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAI4fsayKG9s7pNQjYW5TNIFOKBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTEwMTkxMjQ5NDlaFw0yNjEwMTgxMjU0NDlaMDMxMTAvBgNV
BAMTKEFCNzkyNDhBMTMwNDMxMzcxMDNDREMzMzIxNzVCMjIzMEVBOTNBODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7C6vMJgNgDgclFs7tq+8npFph
AiNK4MFNfjccsoEYSG3ldbE2JO1H1AETD0cgFV4nLkbXtQX8agIy1k9lf7KrdTT6
289RZ9tFL8e0yvT9pU2bBrMVbmEf1dSsavPSHZcgEwuUe0gHwXXBMCpT3y/BOKIV
60bUBAawOkWhAa5zhNcwJa72wttFAoklP4ZSjPIPJAFqJRPXjPrOgVX2lx+2ZYAZ
hGq5S0fdBenJCN6We/fUQ1+XWtnqpDvqnozFSvaufY7skZaov4uBeEetFPOWjCqi
LG52g6s3xKOBTd/gTcVDaf6rDXdwpwvqe9rM8/V/5nd0a+teQT876FTResf7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUq3kkihMEMTcQPNwzIXWyIw6pOogwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
QzANBgkqhkiG9w0BAQsFAAOCAQEAYHFFL/Dz2EbZTQ28bRf0daksqHKu6Of7Bf09
aX8osfeyX1ZDs+SV9IlDiNH83LecC7kCSDZgy7nSYL09Z9GGRRBoefdwggEyDGgl
7tP4I0S4cmBsTWyKNJdLSlMvlX5Pu5hjAjJJ7szQkmT7PT7CGVyWYg5RjBYDnpTY
tuR9Ca/IROrWf9j5KWEuKS3NS/6eDRpbMVZlAe3mEL9FSR+6JLGna6d/o7EGi2fV
8gZtOa/BgogoExho9k43P/QFGUmhj5GSL0Hqt2r1a+qRhmBNTQmmTf39MRVBrV+o
rl00FGFETgjYX7RjlpRDnJk+2/D259sUbx4IVLgC+NN10gh4pg==
-----END CERTIFICATE-----