Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/3231332e3235342e3137302e302f32342d3234203d3e20323134393431.roa
File:                     3231332e3235342e3137302e302f32342d3234203d3e20323134393431.roa (raw, json)
Hash identifier:          WuIyFXGDgkt2cltxoxT/RYao20HHu+r0Sn5rfpjFnHA=
Subject key identifier:   68:70:3D:73:EA:B5:99:85:F0:6C:E6:7F:7A:0C:D1:97:07:CE:A6:20
Certificate issuer:       /CN=5ecb4cadbbadd500f49ca697d566a2761e017608
Certificate serial:       79B4EEA9D70B48AEFE4C9C8CE175099F65A2AE13
Authority key identifier: 5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/3231332e3235342e3137302e302f32342d3234203d3e20323134393431.roa
Signing time:             Mon 13 Oct 2025 18:55:08 +0000
ROA not before:           Mon 13 Oct 2025 18:50:08 +0000
ROA not after:            Mon 12 Oct 2026 18:55:08 +0000
asID:                     214941
IP address blocks:        213.254.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:b4:ee:a9:d7:0b:48:ae:fe:4c:9c:8c:e1:75:09:9f:65:a2:ae:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ecb4cadbbadd500f49ca697d566a2761e017608
        Validity
            Not Before: Oct 13 18:50:08 2025 GMT
            Not After : Oct 12 18:55:08 2026 GMT
        Subject: CN=68703D73EAB59985F06CE67F7A0CD19707CEA620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:43:ef:5f:0f:26:ed:d7:f7:eb:52:cb:aa:16:
                    b3:03:ce:8d:f5:96:9b:b9:0f:44:25:60:a3:44:6a:
                    3d:cc:59:6f:82:99:94:68:07:79:5d:70:ec:ce:88:
                    5d:54:a6:2c:52:a6:ef:15:81:8d:ff:f7:6d:e3:5a:
                    9b:83:d5:aa:ac:73:da:c4:c4:8c:0e:4d:f5:4f:a6:
                    93:bd:17:3e:d4:9d:94:3e:03:e9:59:3a:93:f9:d5:
                    e1:e0:88:53:30:6d:bc:bd:0b:48:e4:0e:c2:7e:db:
                    c8:fc:68:4e:81:a5:2a:2a:1c:f8:c7:6c:22:22:38:
                    d7:32:f8:3f:6e:09:a2:b1:f8:e3:c2:89:be:51:b7:
                    f1:bb:bc:d0:5e:ca:f5:45:ca:fc:c7:cf:e2:28:1f:
                    0c:0a:8c:c5:23:c0:49:88:27:8b:00:1a:7e:96:03:
                    88:f3:68:87:d3:e4:57:3f:a7:ab:db:99:03:c4:21:
                    23:eb:ad:e8:db:01:eb:70:bb:7b:96:0b:ca:c3:ba:
                    62:ab:c3:36:2e:a9:26:74:f0:6d:d0:10:7a:45:5a:
                    7a:c0:04:7a:c3:01:cc:d0:5f:dd:99:12:3d:45:c6:
                    bd:df:27:7d:6f:6d:8d:c4:d3:36:a1:bc:ff:c7:17:
                    a3:9c:64:94:a0:13:48:cf:97:fe:64:d8:cb:63:94:
                    1f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:70:3D:73:EA:B5:99:85:F0:6C:E6:7F:7A:0C:D1:97:07:CE:A6:20
            X509v3 Authority Key Identifier:
                keyid:5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/3231332e3235342e3137302e302f32342d3234203d3e20323134393431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.254.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d4:c8:59:51:57:f4:09:95:18:fc:60:a3:20:13:76:25:3a:
         4d:67:73:68:09:aa:e4:74:70:59:92:a0:56:2c:71:16:ef:18:
         a0:f2:38:a0:09:e9:b9:2e:1c:6e:bf:8b:5f:5d:0f:94:fd:6d:
         46:95:fd:ed:e2:f6:06:d6:34:9a:38:fb:05:91:2d:56:ce:ec:
         e7:75:d3:f5:ae:6c:63:50:ca:60:1f:90:e5:e0:01:ad:ca:ed:
         72:d3:a6:c4:ea:70:6b:d1:26:16:fb:21:ee:73:05:49:05:75:
         97:d1:f7:f3:89:51:46:82:10:26:fc:2d:b1:ad:a3:a8:1d:79:
         15:f2:bd:07:77:51:30:23:a7:e5:c4:e7:34:b5:09:0b:96:af:
         57:2e:7a:c4:4c:e4:36:ec:0d:1a:02:52:61:bc:c0:a5:da:37:
         70:35:ee:23:2b:07:b1:ab:74:76:52:e2:f6:23:7f:0c:6d:54:
         9a:cd:13:63:4d:70:a6:9f:44:54:d3:2e:16:87:88:6b:37:29:
         9e:43:dc:e6:09:90:71:c6:21:f0:c5:28:d1:9d:69:a5:76:53:
         d6:92:31:71:ac:51:73:9c:d5:6c:e0:e5:cb:68:50:90:40:89:
         d4:65:e9:50:1c:a7:0b:23:fd:22:69:af:d5:19:b1:dd:bd:ba:
         2b:bf:69:3e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUebTuqdcLSK7+TJyM4XUJn2WirhMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVjYjRjYWRiYmFkZDUwMGY0OWNhNjk3ZDU2NmEyNzYx
ZTAxNzYwODAeFw0yNTEwMTMxODUwMDhaFw0yNjEwMTIxODU1MDhaMDMxMTAvBgNV
BAMTKDY4NzAzRDczRUFCNTk5ODVGMDZDRTY3RjdBMENEMTk3MDdDRUE2MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Q+9fDybt1/frUsuqFrMDzo31
lpu5D0QlYKNEaj3MWW+CmZRoB3ldcOzOiF1UpixSpu8VgY3/923jWpuD1aqsc9rE
xIwOTfVPppO9Fz7UnZQ+A+lZOpP51eHgiFMwbby9C0jkDsJ+28j8aE6BpSoqHPjH
bCIiONcy+D9uCaKx+OPCib5Rt/G7vNBeyvVFyvzHz+IoHwwKjMUjwEmIJ4sAGn6W
A4jzaIfT5Fc/p6vbmQPEISPrrejbAetwu3uWC8rDumKrwzYuqSZ08G3QEHpFWnrA
BHrDAczQX92ZEj1Fxr3fJ31vbY3E0zahvP/HF6OcZJSgE0jPl/5k2MtjlB87AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUaHA9c+q1mYXwbOZ/egzRlwfOpiAwHwYDVR0j
BBgwFoAUXstMrbut1QD0nKaX1Waidh4BdggwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgtYmZlMC00MjM1LWFmYjQtZDUzZWRmYmFj
ZGQyLzAvNUVDQjRDQURCQkFERDUwMEY0OUNBNjk3RDU2NkEyNzYxRTAxNzYwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hzdE1yYnV0MVFEMG5LYVgxV2FpZGg0
QmRnZy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgt
YmZlMC00MjM1LWFmYjQtZDUzZWRmYmFjZGQyLzAvMzIzMTMzMmUzMjM1MzQyZTMx
MzczMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDM5MzQzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANX+qjANBgkqhkiG9w0BAQsFAAOCAQEAeNTIWVFX9AmVGPxgoyATdiU6TWdz
aAmq5HRwWZKgVixxFu8YoPI4oAnpuS4cbr+LX10PlP1tRpX97eL2BtY0mjj7BZEt
Vs7s53XT9a5sY1DKYB+Q5eABrcrtctOmxOpwa9EmFvsh7nMFSQV1l9H384lRRoIQ
Jvwtsa2jqB15FfK9B3dRMCOn5cTnNLUJC5avVy56xEzkNuwNGgJSYbzApdo3cDXu
IysHsat0dlLi9iN/DG1Ums0TY01wpp9EVNMuFoeIazcpnkPc5gmQccYh8MUo0Z1p
pXZT1pIxcaxRc5zVbODly2hQkECJ1GXpUBynCyP9Immv1Rmx3b26K79pPg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:40:45 2025 by rpki-client