Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e20383334.roa
File:                     3135322e38392e3132352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          o/mWxa6NfUXIw2qGbrUU0MvqXkJa8712v9zsdhMLX6I=
Subject key identifier:   A1:9A:88:8A:59:4F:CE:36:C3:67:F9:23:F2:41:28:6F:FB:4A:1E:60
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       137FCEBE0B4E124FAB3A8A0E6BF9D71979EB0751
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e20383334.roa
Signing time:             Sat 18 Oct 2025 06:08:14 +0000
ROA not before:           Sat 18 Oct 2025 06:03:14 +0000
ROA not after:            Sat 17 Oct 2026 06:08:14 +0000
asID:                     834
IP address blocks:        152.89.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7f:ce:be:0b:4e:12:4f:ab:3a:8a:0e:6b:f9:d7:19:79:eb:07:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 18 06:03:14 2025 GMT
            Not After : Oct 17 06:08:14 2026 GMT
        Subject: CN=A19A888A594FCE36C367F923F241286FFB4A1E60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9a:8a:20:42:27:4a:43:93:39:49:dd:ff:68:
                    fa:4f:be:c7:d0:ee:7e:d3:06:c4:71:91:ac:4a:81:
                    65:72:7c:43:7c:b6:ae:12:f2:72:a1:11:f8:5d:60:
                    3f:9f:ff:3b:be:ab:c0:a8:d0:3d:bd:8d:4d:62:42:
                    b6:2d:9b:92:0b:76:f1:2b:34:84:75:cd:93:9d:e9:
                    6c:c0:a0:82:22:7f:14:b1:2e:cc:60:42:2e:40:b5:
                    37:ca:6e:50:e1:5a:e0:86:11:63:51:0c:5c:5d:06:
                    9e:39:96:84:b2:4e:f1:31:fd:a2:92:b9:8e:fa:7b:
                    65:c6:fa:9f:d7:f2:88:dc:4c:f2:26:76:cb:e6:45:
                    3f:9f:96:36:91:c0:7a:82:f9:e3:e1:1d:61:78:fb:
                    a3:e0:f8:35:35:53:c5:ff:c2:50:da:ce:7f:b3:c2:
                    0d:fb:7d:30:35:df:c3:cf:ca:87:d0:e2:52:bc:13:
                    96:34:62:2f:fd:d0:c8:3a:68:76:3b:6e:ad:e3:a2:
                    76:44:43:8c:8f:ae:85:ae:3f:78:fd:b1:70:98:b5:
                    99:26:ba:a5:09:75:01:cf:ec:5f:21:25:36:f4:0a:
                    84:23:13:33:29:25:7d:e2:dc:11:30:37:57:67:d9:
                    d3:9e:43:e0:65:4f:b9:84:7f:44:32:ac:ab:25:be:
                    c3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:9A:88:8A:59:4F:CE:36:C3:67:F9:23:F2:41:28:6F:FB:4A:1E:60
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:aa:fa:c4:18:8b:20:d7:99:86:d0:31:cb:62:5a:36:ab:51:
         05:1e:87:d7:a2:89:58:81:91:8f:63:cf:6e:f5:1f:0c:5c:af:
         e7:da:d3:dc:47:4e:66:f4:51:1d:a5:a1:58:82:25:82:81:40:
         77:c8:4c:b4:6d:80:99:6c:4f:96:38:a4:89:4d:45:18:05:b1:
         81:c6:c3:28:86:66:3c:fa:20:3f:64:52:b4:53:fe:aa:32:a4:
         da:5c:5b:19:79:93:9a:8d:af:89:07:dc:c3:97:ba:c0:13:2c:
         2f:64:0b:24:20:93:80:b8:6e:82:c4:7a:c4:04:b5:6f:1f:e5:
         0d:cc:b4:1c:84:75:bc:fa:1f:fb:68:ad:30:00:ac:c7:1d:0c:
         f2:2a:87:4a:0f:fb:c5:8f:6a:ff:a1:86:e2:aa:20:ec:6d:99:
         4b:5b:8d:fc:51:cb:80:56:e5:a4:56:6a:de:8c:60:18:00:6e:
         31:cd:f5:a9:08:60:b1:f2:3b:49:64:20:bf:78:c3:e3:30:4b:
         c9:a8:6b:47:bd:e2:8a:97:a2:5c:81:5c:1a:f6:70:88:a2:d6:
         83:a1:68:b7:5c:c3:60:be:13:9b:30:5f:83:18:56:86:cd:92:
         bd:ef:59:9b:1c:c5:7b:f5:8e:e1:4c:79:ac:c3:93:f9:25:28:
         58:e8:f0:c5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUE3/OvgtOEk+rOooOa/nXGXnrB1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMTgwNjAzMTRaFw0yNjEwMTcwNjA4MTRaMDMxMTAvBgNV
BAMTKEExOUE4ODhBNTk0RkNFMzZDMzY3RjkyM0YyNDEyODZGRkI0QTFFNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDemoogQidKQ5M5Sd3/aPpPvsfQ
7n7TBsRxkaxKgWVyfEN8tq4S8nKhEfhdYD+f/zu+q8Co0D29jU1iQrYtm5ILdvEr
NIR1zZOd6WzAoIIifxSxLsxgQi5AtTfKblDhWuCGEWNRDFxdBp45loSyTvEx/aKS
uY76e2XG+p/X8ojcTPImdsvmRT+fljaRwHqC+ePhHWF4+6Pg+DU1U8X/wlDazn+z
wg37fTA138PPyofQ4lK8E5Y0Yi/90Mg6aHY7bq3jonZEQ4yProWuP3j9sXCYtZkm
uqUJdQHP7F8hJTb0CoQjEzMpJX3i3BEwN1dn2dOeQ+BlT7mEf0QyrKslvsOlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoZqIillPzjbDZ/kj8kEob/tKHmAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzNTMyMmUzODM5MmUzMTMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACYWX0w
DQYJKoZIhvcNAQELBQADggEBAA6q+sQYiyDXmYbQMctiWjarUQUeh9eiiViBkY9j
z271Hwxcr+fa09xHTmb0UR2loViCJYKBQHfITLRtgJlsT5Y4pIlNRRgFsYHGwyiG
Zjz6ID9kUrRT/qoypNpcWxl5k5qNr4kH3MOXusATLC9kCyQgk4C4boLEesQEtW8f
5Q3MtByEdbz6H/torTAArMcdDPIqh0oP+8WPav+hhuKqIOxtmUtbjfxRy4BW5aRW
at6MYBgAbjHN9akIYLHyO0lkIL94w+MwS8moa0e94oqXolyBXBr2cIii1oOhaLdc
w2C+E5swX4MYVobNkr3vWZscxXv1juFMeazDk/klKFjo8MU=
-----END CERTIFICATE-----