Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138382e302f32342d3234203d3e20313939363935.roa
File:                     3130392e3131302e3138382e302f32342d3234203d3e20313939363935.roa (raw, json)
Hash identifier:          mlzDyM65N/KrRM+ekSAjQgzypMzhs+yFePG9j6bsMrg=
Subject key identifier:   E2:56:77:E8:81:E2:09:60:5B:DE:44:EC:10:5A:A6:B5:13:63:5D:B1
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       082F2689B67957D8F8698C966B85EE41DAA88673
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138382e302f32342d3234203d3e20313939363935.roa
Signing time:             Thu 12 Jun 2025 14:54:09 +0000
ROA not before:           Thu 12 Jun 2025 14:49:09 +0000
ROA not after:            Thu 11 Jun 2026 14:54:09 +0000
asID:                     199695
IP address blocks:        109.110.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 15:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:2f:26:89:b6:79:57:d8:f8:69:8c:96:6b:85:ee:41:da:a8:86:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Jun 12 14:49:09 2025 GMT
            Not After : Jun 11 14:54:09 2026 GMT
        Subject: CN=E25677E881E209605BDE44EC105AA6B513635DB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a4:aa:0b:f0:15:a7:6e:05:68:1b:68:bd:55:
                    49:d9:da:f6:e6:4d:00:4b:0d:53:b7:75:32:00:be:
                    11:55:a8:f8:33:bf:f0:f2:de:73:c5:60:e3:b1:ff:
                    62:c9:b8:51:45:21:88:96:20:9e:30:59:2f:28:b4:
                    80:cd:b8:98:30:91:08:3b:82:7a:6e:ca:5f:2f:c4:
                    5b:72:d4:15:fd:69:78:4a:e4:c7:eb:85:ea:af:9f:
                    a0:f9:67:b6:34:16:d9:85:bb:c1:c5:34:0c:09:be:
                    34:90:97:e1:24:9f:d6:6c:38:47:fc:2d:f7:85:10:
                    10:fb:b8:79:50:1e:f3:e3:3d:0f:a7:3b:10:25:3c:
                    e9:5e:9f:76:ad:e2:d7:f8:8c:5c:cf:f3:f0:f1:40:
                    5e:d9:94:b6:51:54:88:3a:1e:79:60:70:e9:51:15:
                    c8:4c:18:0f:28:3f:37:1e:22:4a:45:7a:45:24:b7:
                    37:4c:64:d6:05:ac:0b:58:93:e1:6b:27:09:9e:8b:
                    48:98:a0:9c:75:7a:72:b0:13:07:ee:8f:b7:c9:c3:
                    db:8e:99:bf:58:44:ca:3e:ad:70:97:ed:73:fc:f1:
                    9c:24:80:f8:7a:4b:f3:66:8f:ec:54:ba:3d:6d:41:
                    22:9e:74:41:74:0d:b7:1b:d0:04:d5:2f:00:23:52:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:56:77:E8:81:E2:09:60:5B:DE:44:EC:10:5A:A6:B5:13:63:5D:B1
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138382e302f32342d3234203d3e20313939363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d0:76:00:00:1d:63:73:dc:5c:8e:19:df:a8:16:9f:1d:b5:
         1c:43:51:d1:d0:a3:3b:7b:5e:64:c9:11:47:64:e4:a4:d8:80:
         bf:26:b1:f7:cc:64:7a:c7:06:28:26:cc:c2:97:64:8d:8e:84:
         33:e0:66:39:2c:a1:f8:33:e5:0b:e2:5f:8c:bd:e8:fa:dd:35:
         80:48:98:64:c3:a0:25:59:cd:fc:b8:38:9c:f9:01:91:63:42:
         31:54:5c:8e:14:5d:2f:68:71:8e:57:15:7a:18:5f:d9:d6:9e:
         7e:fb:15:23:06:fb:a2:9a:d1:cc:88:4c:76:9d:b5:94:bc:3b:
         b0:36:49:ac:3d:64:81:2c:ca:5e:5b:0a:f0:8f:9c:02:ba:ce:
         55:4b:80:17:9a:9d:c2:52:d1:fb:07:73:39:d0:47:ae:20:33:
         82:7a:e5:44:34:10:b2:a3:03:03:cf:b8:3c:ab:74:af:45:bd:
         86:ef:62:df:a9:a0:30:8c:46:37:59:63:0c:e9:8a:60:54:fc:
         c8:b0:c2:a0:2c:57:ba:36:0b:71:eb:9d:7a:06:85:ee:4a:2f:
         c7:aa:3b:91:1a:a5:28:ac:cf:cb:d6:85:67:21:b3:6d:70:55:
         54:fa:23:27:de:42:9d:09:fa:d7:61:e0:8a:ec:61:71:15:67:
         82:79:61:71
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUCC8mibZ5V9j4aYyWa4XuQdqohnMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNTA2MTIxNDQ5MDlaFw0yNjA2MTExNDU0MDlaMDMxMTAvBgNV
BAMTKEUyNTY3N0U4ODFFMjA5NjA1QkRFNDRFQzEwNUFBNkI1MTM2MzVEQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIpKoL8BWnbgVoG2i9VUnZ2vbm
TQBLDVO3dTIAvhFVqPgzv/Dy3nPFYOOx/2LJuFFFIYiWIJ4wWS8otIDNuJgwkQg7
gnpuyl8vxFty1BX9aXhK5Mfrheqvn6D5Z7Y0FtmFu8HFNAwJvjSQl+Ekn9ZsOEf8
LfeFEBD7uHlQHvPjPQ+nOxAlPOlen3at4tf4jFzP8/DxQF7ZlLZRVIg6HnlgcOlR
FchMGA8oPzceIkpFekUktzdMZNYFrAtYk+FrJwmei0iYoJx1enKwEwfuj7fJw9uO
mb9YRMo+rXCX7XP88ZwkgPh6S/Nmj+xUuj1tQSKedEF0Dbcb0ATVLwAjUgvbAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU4lZ36IHiCWBb3kTsEFqmtRNjXbEwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzgzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzOTM2MzkzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAG1uvDANBgkqhkiG9w0BAQsFAAOCAQEAPtB2AAAdY3PcXI4Z36gWnx21HENR
0dCjO3teZMkRR2TkpNiAvyax98xkescGKCbMwpdkjY6EM+BmOSyh+DPlC+JfjL3o
+t01gEiYZMOgJVnN/Lg4nPkBkWNCMVRcjhRdL2hxjlcVehhf2daefvsVIwb7oprR
zIhMdp21lLw7sDZJrD1kgSzKXlsK8I+cArrOVUuAF5qdwlLR+wdzOdBHriAzgnrl
RDQQsqMDA8+4PKt0r0W9hu9i36mgMIxGN1ljDOmKYFT8yLDCoCxXujYLceudegaF
7kovx6o7kRqlKKzPy9aFZyGzbXBVVPojJ95CnQn612HgiuxhcRVngnlhcQ==
-----END CERTIFICATE-----
Generated at Tue Jul 1 00:44:46 2025 by rpki-client