Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa
File:                     3134392e36322e33362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Ahef5dcs3+uL1jbzW3IIcYRNb4aNoubXOa0mis7MJcY=
Subject key identifier:   38:7D:78:34:3E:5F:CE:29:05:94:90:09:B5:12:46:CB:D1:9A:C0:BC
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       6822F024B05727FCC0FEA359B3E45272728A34DD
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Jun 2025 10:30:43 +0000
ROA not before:           Fri 20 Jun 2025 10:25:43 +0000
ROA not after:            Fri 19 Jun 2026 10:30:43 +0000
asID:                     834
IP address blocks:        149.62.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:22:f0:24:b0:57:27:fc:c0:fe:a3:59:b3:e4:52:72:72:8a:34:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Jun 20 10:25:43 2025 GMT
            Not After : Jun 19 10:30:43 2026 GMT
        Subject: CN=387D78343E5FCE2905949009B51246CBD19AC0BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:8b:bb:5b:ad:f6:73:d9:c6:06:1b:79:7c:
                    1f:97:94:3c:0c:82:5a:53:8f:e3:7c:14:e6:b5:04:
                    3c:d1:a3:cf:f6:25:49:2b:b8:fd:14:36:a1:40:6a:
                    73:49:13:5b:12:ea:87:a0:c5:00:bf:df:fd:18:0f:
                    d0:13:86:7b:28:74:3f:ce:37:bb:ec:b1:eb:34:6b:
                    b9:46:c9:36:b0:ba:92:dc:d2:86:8b:3c:92:2d:bd:
                    3d:81:de:c9:3a:1d:3f:5d:55:fb:72:5b:22:36:80:
                    89:57:d5:4e:08:67:9e:d9:1e:2c:99:e8:22:29:d3:
                    31:49:f0:1a:7c:5a:d2:aa:77:66:9d:25:0e:72:34:
                    8e:ec:ea:41:ae:b1:95:47:1f:9b:6a:12:60:a2:fa:
                    d6:df:93:79:67:7c:86:2c:34:4e:22:96:3d:ea:b1:
                    97:bb:cd:df:3a:11:86:64:29:83:41:66:0e:49:b5:
                    0d:9a:da:9e:83:e4:2e:b0:c1:06:44:25:6f:98:83:
                    2e:a8:8e:3d:84:81:5e:6a:80:16:6a:35:ee:71:64:
                    00:87:d8:f9:2c:2f:b6:d8:d9:5e:de:6d:6b:f1:68:
                    0e:16:0a:9b:c5:f7:11:dc:10:98:8e:72:83:8f:c0:
                    a9:70:fd:df:90:6a:0c:f5:f5:da:1b:c7:3d:56:85:
                    fc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:7D:78:34:3E:5F:CE:29:05:94:90:09:B5:12:46:CB:D1:9A:C0:BC
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a8:e1:22:3f:5c:23:97:81:97:ae:37:f0:60:6d:a9:ba:db:
         a6:10:0b:11:3d:39:0d:a3:42:d5:4c:93:38:b5:1b:10:f3:df:
         41:11:f7:ee:c5:b1:9d:16:cd:9e:72:36:cb:70:3c:88:67:03:
         5f:fe:86:cd:29:d0:06:3e:ed:c5:3c:b9:4a:b8:ed:1e:01:08:
         b0:fe:c3:c2:34:69:5b:b6:2b:fd:e4:89:b4:d1:08:23:8d:87:
         a5:b3:c1:21:0e:e8:60:32:1e:16:56:68:2b:ab:3e:38:6f:6a:
         60:66:ff:3b:99:fd:5e:9d:52:97:e6:21:5f:69:d1:1b:a4:6a:
         d4:7d:2f:d3:98:2d:61:a2:6f:db:9e:35:aa:2e:41:01:27:dd:
         87:7b:91:bc:99:39:24:11:d9:f9:bd:3b:41:a0:8d:b0:c7:e4:
         5e:e8:ab:ea:08:3c:e8:15:5b:9d:c5:e2:a8:9e:5f:1a:ca:a6:
         b6:7a:b1:d1:da:c7:9c:62:87:a5:38:8f:6d:58:ac:84:8d:0b:
         03:44:df:ca:88:70:da:3f:33:de:6d:5e:f3:fa:76:d0:38:62:
         65:ef:fa:dd:d9:21:2f:40:13:11:98:2f:b5:92:0b:45:b7:d5:
         cb:36:bc:bd:30:3e:5e:e1:23:8b:18:51:94:26:e2:3b:33:a4:
         04:81:69:10
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUaCLwJLBXJ/zA/qNZs+RScnKKNN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNTA2MjAxMDI1NDNaFw0yNjA2MTkxMDMwNDNaMDMxMTAvBgNV
BAMTKDM4N0Q3ODM0M0U1RkNFMjkwNTk0OTAwOUI1MTI0NkNCRDE5QUMwQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4sIu7W632c9nGBht5fB+XlDwM
glpTj+N8FOa1BDzRo8/2JUkruP0UNqFAanNJE1sS6oegxQC/3/0YD9AThnsodD/O
N7vsses0a7lGyTawupLc0oaLPJItvT2B3sk6HT9dVftyWyI2gIlX1U4IZ57ZHiyZ
6CIp0zFJ8Bp8WtKqd2adJQ5yNI7s6kGusZVHH5tqEmCi+tbfk3lnfIYsNE4ilj3q
sZe7zd86EYZkKYNBZg5JtQ2a2p6D5C6wwQZEJW+Ygy6ojj2EgV5qgBZqNe5xZACH
2PksL7bY2V7ebWvxaA4WCpvF9xHcEJiOcoOPwKlw/d+Qagz19dobxz1WhfxjAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUOH14ND5fzikFlJAJtRJGy9GawLwwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM0MzkyZTM2MzIy
ZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACV
PiQwDQYJKoZIhvcNAQELBQADggEBAGuo4SI/XCOXgZeuN/Bgbam626YQCxE9OQ2j
QtVMkzi1GxDz30ER9+7FsZ0WzZ5yNstwPIhnA1/+hs0p0AY+7cU8uUq47R4BCLD+
w8I0aVu2K/3kibTRCCONh6WzwSEO6GAyHhZWaCurPjhvamBm/zuZ/V6dUpfmIV9p
0RukatR9L9OYLWGib9ueNaouQQEn3Yd7kbyZOSQR2fm9O0GgjbDH5F7oq+oIPOgV
W53F4qieXxrKprZ6sdHax5xih6U4j21YrISNCwNE38qIcNo/M95tXvP6dtA4YmXv
+t3ZIS9AExGYL7WSC0W31cs2vL0wPl7hI4sYUZQm4jszpASBaRA=
-----END CERTIFICATE-----