Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137372e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3137372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          g+blrMHUH5126oJGLv8H8/JcjDI6ofjOIMJPV9roSGc=
Subject key identifier:   21:E5:F7:5A:BE:44:A2:FD:56:E8:3E:31:72:BC:5F:6C:5C:0B:8F:1E
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       2329BADC38AC3449BD8B9F5FBC8B46242D97CFDA
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Aug 2025 13:41:17 +0000
ROA not before:           Mon 18 Aug 2025 13:36:17 +0000
ROA not after:            Mon 17 Aug 2026 13:41:17 +0000
asID:                     834
IP address blocks:        109.110.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:29:ba:dc:38:ac:34:49:bd:8b:9f:5f:bc:8b:46:24:2d:97:cf:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Aug 18 13:36:17 2025 GMT
            Not After : Aug 17 13:41:17 2026 GMT
        Subject: CN=21E5F75ABE44A2FD56E83E3172BC5F6C5C0B8F1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bf:d4:f7:0e:72:ff:06:3c:e7:9e:17:7a:19:
                    60:6a:53:e4:d9:4c:95:bd:39:ce:df:35:c1:08:04:
                    48:3d:b2:cb:3c:b7:4d:9e:f8:63:c9:63:7b:f3:73:
                    67:1a:2d:87:41:55:36:72:57:68:dc:24:19:f8:a1:
                    31:92:3e:dd:36:0d:c4:23:8d:69:d0:74:a7:22:ef:
                    df:09:99:95:85:a5:e3:65:81:7b:d9:45:ad:64:44:
                    26:b3:52:05:63:a4:ce:26:55:d9:bf:e5:f1:17:a3:
                    52:47:7f:7e:8a:1c:a5:a4:ba:b4:74:e0:cf:1f:70:
                    ff:74:2c:7d:46:ed:5b:b2:78:08:ef:f1:f5:61:2f:
                    c5:54:e4:bc:eb:07:4b:e6:28:19:2c:42:fb:0d:90:
                    78:c4:4a:cb:96:8e:11:e3:23:da:c2:2d:e4:fb:8a:
                    56:c7:48:53:69:9d:a3:f7:ff:61:9e:be:1c:19:8b:
                    58:88:bc:c7:83:46:56:41:af:5b:ca:ef:72:4a:0d:
                    52:19:cc:06:dc:9f:37:d3:9d:4d:64:37:cb:e4:c5:
                    78:60:fa:88:06:5d:ae:be:3f:03:a8:5e:fd:d6:64:
                    48:4b:46:91:b6:c0:80:c4:26:48:50:25:c1:fa:40:
                    70:19:21:1c:8c:b8:af:1d:d5:e6:28:81:6e:21:3c:
                    37:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E5:F7:5A:BE:44:A2:FD:56:E8:3E:31:72:BC:5F:6C:5C:0B:8F:1E
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:70:eb:2f:1a:d1:32:9f:cf:a8:0e:8c:e1:2e:98:df:95:f0:
         fc:52:dc:48:e2:6c:78:79:3f:b1:1b:b1:dc:fb:ed:54:66:00:
         ab:71:b8:56:b2:1a:93:34:0c:e4:78:5a:3c:d7:99:78:b3:01:
         1e:e1:2d:e0:b0:48:20:5c:6e:c1:ea:3a:af:e5:e7:e7:03:10:
         ad:55:e7:f1:76:fd:15:2e:2d:1a:de:a3:26:50:0c:cc:24:b3:
         2d:e5:74:9c:4a:0a:34:30:04:f8:46:5f:82:08:b3:c4:32:b7:
         3e:f9:d0:99:d4:b8:3b:cc:8f:2a:d9:bf:7b:a3:e2:58:92:a6:
         6e:52:bd:be:2a:94:e0:e6:20:c1:72:86:63:e4:48:9a:89:96:
         85:70:95:45:0b:87:c2:48:63:fa:06:d7:41:29:fc:f0:b5:f9:
         94:a4:fd:81:93:7d:b5:4c:2b:71:79:3f:bd:62:32:b4:bb:1a:
         d6:19:e7:48:75:31:25:61:71:ad:a2:e8:ec:e2:2c:98:c8:cb:
         60:e5:47:9c:77:8c:bf:e9:a5:91:29:5e:c5:62:c9:f7:fd:ec:
         b1:20:44:a4:3b:75:a5:72:b5:62:f9:d9:2c:9f:3d:02:5e:bb:
         6a:5a:84:be:c8:92:91:70:cc:65:35:a0:9c:cd:74:4f:a4:97:
         68:6e:e2:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIym63DisNEm9i59fvItGJC2Xz9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNTA4MTgxMzM2MTdaFw0yNjA4MTcxMzQxMTdaMDMxMTAvBgNV
BAMTKDIxRTVGNzVBQkU0NEEyRkQ1NkU4M0UzMTcyQkM1RjZDNUMwQjhGMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXv9T3DnL/Bjznnhd6GWBqU+TZ
TJW9Oc7fNcEIBEg9sss8t02e+GPJY3vzc2caLYdBVTZyV2jcJBn4oTGSPt02DcQj
jWnQdKci798JmZWFpeNlgXvZRa1kRCazUgVjpM4mVdm/5fEXo1JHf36KHKWkurR0
4M8fcP90LH1G7VuyeAjv8fVhL8VU5LzrB0vmKBksQvsNkHjESsuWjhHjI9rCLeT7
ilbHSFNpnaP3/2GevhwZi1iIvMeDRlZBr1vK73JKDVIZzAbcnzfTnU1kN8vkxXhg
+ogGXa6+PwOoXv3WZEhLRpG2wIDEJkhQJcH6QHAZIRyMuK8d1eYogW4hPDfRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIeX3Wr5Eov1W6D4xcrxfbFwLjx4wHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzczNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
sTANBgkqhkiG9w0BAQsFAAOCAQEARnDrLxrRMp/PqA6M4S6Y35Xw/FLcSOJseHk/
sRux3PvtVGYAq3G4VrIakzQM5HhaPNeZeLMBHuEt4LBIIFxuweo6r+Xn5wMQrVXn
8Xb9FS4tGt6jJlAMzCSzLeV0nEoKNDAE+EZfggizxDK3PvnQmdS4O8yPKtm/e6Pi
WJKmblK9viqU4OYgwXKGY+RImomWhXCVRQuHwkhj+gbXQSn88LX5lKT9gZN9tUwr
cXk/vWIytLsa1hnnSHUxJWFxraLo7OIsmMjLYOVHnHeMv+mlkSlexWLJ9/3ssSBE
pDt1pXK1YvnZLJ89Al67alqEvsiSkXDMZTWgnM10T6SXaG7ipQ==
-----END CERTIFICATE-----