Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
File:                     3139332e34332e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          LtC8rR18/I1o+Gue+TSTzMqDzem+JlID+EZKa4O8qd8=
Subject key identifier:   2D:87:8F:20:BE:FD:03:BD:BF:29:F8:4E:76:41:48:4D:91:B1:AA:B2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       467F2F9A35FEE4C7DBFE8CA36E5A1436CAB2DB91
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 11 Aug 2025 04:47:02 +0000
ROA not before:           Mon 11 Aug 2025 04:42:02 +0000
ROA not after:            Mon 10 Aug 2026 04:47:02 +0000
asID:                     834
IP address blocks:        193.43.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 17:37:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:7f:2f:9a:35:fe:e4:c7:db:fe:8c:a3:6e:5a:14:36:ca:b2:db:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 11 04:42:02 2025 GMT
            Not After : Aug 10 04:47:02 2026 GMT
        Subject: CN=2D878F20BEFD03BDBF29F84E7641484D91B1AAB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:99:9a:b0:ae:2e:f8:57:e9:f1:30:3c:38:7d:
                    f9:8f:95:72:39:3e:f9:06:97:f4:21:2c:0c:de:6d:
                    02:17:0a:73:57:60:a4:e2:2a:29:28:2d:29:f4:b6:
                    8d:db:12:59:ee:6d:ca:b0:6f:49:a6:a0:e7:46:08:
                    90:84:37:cd:d2:49:8b:bc:b2:d2:69:b7:01:32:93:
                    b3:73:22:4e:ca:90:a1:5a:35:18:80:1f:63:9e:b2:
                    0b:55:e1:6f:19:a6:b4:3b:91:0c:e7:0a:02:4d:95:
                    0d:d2:5e:86:83:e5:5a:84:64:01:e9:15:01:7d:a3:
                    6d:00:f9:10:82:95:f4:99:36:78:72:97:53:b5:be:
                    e4:42:5c:32:33:c2:b8:d1:a1:d2:e0:a8:c4:8d:b5:
                    c6:5f:76:c5:bd:41:87:76:4c:0e:d8:bb:17:9f:53:
                    2d:62:6b:a7:49:33:12:32:28:1e:9f:f6:bb:75:6c:
                    ed:58:20:7a:5b:1f:7b:77:3a:cf:11:5c:53:4d:e8:
                    3c:1c:5a:52:58:ae:70:01:a9:eb:ed:f7:74:9e:45:
                    30:82:8c:ae:ea:86:41:a3:07:34:24:9f:37:90:3c:
                    49:4c:ca:d9:13:12:e1:c8:4b:0a:03:f3:44:07:63:
                    3c:0a:c2:b1:91:d2:84:e0:55:db:95:7e:5e:d1:33:
                    49:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:87:8F:20:BE:FD:03:BD:BF:29:F8:4E:76:41:48:4D:91:B1:AA:B2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:9b:04:41:a9:b8:30:2b:5f:35:37:ba:3d:2d:73:1f:64:07:
         15:29:4f:37:2f:e7:86:1b:a9:49:6c:0f:a8:55:47:7a:10:bf:
         2d:54:d6:26:b3:eb:59:2e:da:90:53:68:71:ce:1a:e4:e3:fb:
         f2:bf:b2:4d:79:13:7b:c9:78:e6:67:a0:b7:42:17:ef:69:ff:
         9a:93:55:3e:62:50:63:b7:b9:d3:2a:eb:9b:1c:ac:d4:2f:f3:
         a0:fd:47:c4:1d:51:64:73:a1:e3:dd:eb:41:f1:e7:4f:07:e6:
         ba:3d:ff:84:fc:ea:cc:01:8f:ad:28:db:1d:e2:24:76:ae:4e:
         ee:b7:f9:29:d8:19:45:94:0e:46:29:f7:f9:4b:5b:0b:9b:0b:
         6d:85:02:33:4f:80:f3:05:e7:12:77:07:44:08:54:e8:2e:69:
         ad:fa:a8:0d:0d:30:f4:eb:91:20:43:13:ee:b2:fd:a4:b9:2b:
         33:63:d6:0a:f1:a8:d5:cf:7a:e9:cc:8d:e9:3d:e2:0c:71:d6:
         6a:a6:55:19:6f:13:68:8a:8e:26:43:12:88:fe:9a:9b:75:4c:
         55:b2:07:5c:96:a0:e2:3b:1b:2e:bf:83:46:a4:08:b1:98:3f:
         d5:2f:a0:49:94:91:7e:c3:7c:0d:73:01:dc:3b:6a:d1:74:cc:
         0c:89:00:88
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURn8vmjX+5Mfb/oyjbloUNsqy25EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MTEwNDQyMDJaFw0yNjA4MTAwNDQ3MDJaMDMxMTAvBgNV
BAMTKDJEODc4RjIwQkVGRDAzQkRCRjI5Rjg0RTc2NDE0ODREOTFCMUFBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mZqwri74V+nxMDw4ffmPlXI5
PvkGl/QhLAzebQIXCnNXYKTiKikoLSn0to3bElnubcqwb0mmoOdGCJCEN83SSYu8
stJptwEyk7NzIk7KkKFaNRiAH2OesgtV4W8ZprQ7kQznCgJNlQ3SXoaD5VqEZAHp
FQF9o20A+RCClfSZNnhyl1O1vuRCXDIzwrjRodLgqMSNtcZfdsW9QYd2TA7Yuxef
Uy1ia6dJMxIyKB6f9rt1bO1YIHpbH3t3Os8RXFNN6DwcWlJYrnABqevt93SeRTCC
jK7qhkGjBzQknzeQPElMytkTEuHISwoD80QHYzwKwrGR0oTgVduVfl7RM0lzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULYePIL79A72/KfhOdkFITZGxqrIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzNDMzMmUzMTMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBK3cw
DQYJKoZIhvcNAQELBQADggEBABabBEGpuDArXzU3uj0tcx9kBxUpTzcv54YbqUls
D6hVR3oQvy1U1iaz61ku2pBTaHHOGuTj+/K/sk15E3vJeOZnoLdCF+9p/5qTVT5i
UGO3udMq65scrNQv86D9R8QdUWRzoePd60Hx508H5ro9/4T86swBj60o2x3iJHau
Tu63+SnYGUWUDkYp9/lLWwubC22FAjNPgPMF5xJ3B0QIVOguaa36qA0NMPTrkSBD
E+6y/aS5KzNj1grxqNXPeunMjek94gxx1mqmVRlvE2iKjiZDEoj+mpt1TFWyB1yW
oOI7Gy6/g0akCLGYP9UvoEmUkX7DfA1zAdw7atF0zAyJAIg=
-----END CERTIFICATE-----