Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36322e302f32342d3234203d3e203633343733.roa
File:                     3139332e32392e36322e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          xcfGq15VfbKyGWLAJvOGQW4JGcN9ILKNkwtSm8fe9cY=
Subject key identifier:   7F:5C:C3:5D:17:A1:A3:FC:B7:C5:F9:46:75:55:F1:88:B9:03:2C:58
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       6647674E080B1D1A0809CC9F19E7BCE105099908
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36322e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 06 Oct 2025 10:47:49 +0000
ROA not before:           Mon 06 Oct 2025 10:42:49 +0000
ROA not after:            Mon 05 Oct 2026 10:47:49 +0000
asID:                     63473
IP address blocks:        193.29.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:37:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:47:67:4e:08:0b:1d:1a:08:09:cc:9f:19:e7:bc:e1:05:09:99:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct  6 10:42:49 2025 GMT
            Not After : Oct  5 10:47:49 2026 GMT
        Subject: CN=7F5CC35D17A1A3FCB7C5F9467555F188B9032C58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:49:74:b8:82:61:c1:64:c3:2a:16:27:b9:d0:
                    22:74:6b:45:24:45:92:c1:57:55:e8:9c:bd:a7:56:
                    70:f0:0b:59:91:08:a4:6e:83:69:31:43:0e:ee:25:
                    5f:34:ec:78:ad:83:a7:ea:1d:16:92:46:e5:3d:b5:
                    44:3e:62:75:a9:71:52:6e:48:25:28:f3:30:0b:cf:
                    93:42:33:e4:4c:46:b5:e6:21:7c:50:ae:13:ea:52:
                    30:78:e6:d0:dd:41:44:9b:b9:eb:ae:26:9b:f5:5f:
                    24:07:63:79:6c:ab:89:1c:44:dc:04:98:8f:7e:f5:
                    c8:cb:0e:3c:cf:2b:44:f2:c1:09:33:56:33:75:86:
                    e4:68:f5:e5:19:e6:98:68:e4:5b:8f:4a:50:3e:a6:
                    af:2e:b1:d9:4e:2d:ec:d4:c3:de:41:c5:9f:d4:f9:
                    e5:c2:26:d0:02:b1:bf:c1:7a:09:44:8a:4b:6e:13:
                    55:72:34:9d:15:85:0c:18:ab:96:33:47:db:8d:a9:
                    7d:ae:36:de:e1:11:c1:2b:9c:4c:be:3a:0b:64:17:
                    58:fd:d2:df:94:22:07:9e:a4:0e:01:f0:60:d5:b3:
                    ae:6b:47:e4:d4:6d:bb:1b:48:b7:a9:e6:62:9d:ba:
                    b7:f9:24:38:f7:3f:81:8a:23:4b:2c:86:9d:65:8c:
                    90:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:5C:C3:5D:17:A1:A3:FC:B7:C5:F9:46:75:55:F1:88:B9:03:2C:58
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36322e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:a1:41:8d:9a:8a:48:0d:c2:60:03:f3:08:72:75:cd:b1:d1:
         9c:07:44:5c:18:17:23:e3:42:d3:52:78:e4:34:f0:83:36:95:
         74:a2:37:52:ab:0c:e1:2f:6a:53:79:65:1a:1e:5c:50:58:63:
         3e:8a:1a:7e:ee:c5:dc:6e:64:cc:37:33:cf:32:36:53:e6:54:
         45:69:02:1c:c6:c6:49:c1:2b:55:ad:b0:6a:43:97:2f:25:43:
         78:30:d0:ac:dd:c0:08:a1:ac:27:c3:e5:41:9a:bb:72:ff:6c:
         a8:5a:8d:6e:3f:22:f9:af:c0:49:3e:ca:c2:02:30:da:eb:f0:
         57:30:b5:47:c7:08:69:1e:8e:53:93:e8:87:08:1e:96:3d:2d:
         b6:71:b1:07:c9:32:af:eb:de:aa:af:84:cb:58:fe:1b:d9:32:
         ec:c3:50:a4:64:31:0c:2e:b3:df:be:d1:aa:49:c1:a4:9d:7c:
         2e:b5:6b:cb:cd:04:ef:95:cd:94:bf:05:74:ee:49:51:46:7a:
         4a:9e:7f:ae:72:90:f0:23:f8:a7:2a:c1:9b:04:07:e9:86:ce:
         4a:f7:83:94:35:8b:25:5c:a0:3b:8b:16:cc:c7:44:9a:f1:78:
         5f:4d:77:6c:df:55:66:11:55:a2:bf:95:e6:54:15:58:d7:e8:
         3a:18:df:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZkdnTggLHRoICcyfGee84QUJmQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMDYxMDQyNDlaFw0yNjEwMDUxMDQ3NDlaMDMxMTAvBgNV
BAMTKDdGNUNDMzVEMTdBMUEzRkNCN0M1Rjk0Njc1NTVGMTg4QjkwMzJDNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChSXS4gmHBZMMqFie50CJ0a0Uk
RZLBV1XonL2nVnDwC1mRCKRug2kxQw7uJV807Hitg6fqHRaSRuU9tUQ+YnWpcVJu
SCUo8zALz5NCM+RMRrXmIXxQrhPqUjB45tDdQUSbueuuJpv1XyQHY3lsq4kcRNwE
mI9+9cjLDjzPK0TywQkzVjN1huRo9eUZ5pho5FuPSlA+pq8usdlOLezUw95BxZ/U
+eXCJtACsb/BeglEiktuE1VyNJ0VhQwYq5YzR9uNqX2uNt7hEcErnEy+OgtkF1j9
0t+UIgeepA4B8GDVs65rR+TUbbsbSLep5mKdurf5JDj3P4GKI0sshp1ljJC7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf1zDXReho/y3xflGdVXxiLkDLFgwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzMjM5MmUzNjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEd
PjANBgkqhkiG9w0BAQsFAAOCAQEAbaFBjZqKSA3CYAPzCHJ1zbHRnAdEXBgXI+NC
01J45DTwgzaVdKI3UqsM4S9qU3llGh5cUFhjPooafu7F3G5kzDczzzI2U+ZURWkC
HMbGScErVa2wakOXLyVDeDDQrN3ACKGsJ8PlQZq7cv9sqFqNbj8i+a/AST7KwgIw
2uvwVzC1R8cIaR6OU5Pohwgelj0ttnGxB8kyr+veqq+Ey1j+G9ky7MNQpGQxDC6z
377RqknBpJ18LrVry80E75XNlL8FdO5JUUZ6Sp5/rnKQ8CP4pyrBmwQH6YbOSveD
lDWLJVygO4sWzMdEmvF4X013bN9VZhFVor+V5lQVWNfoOhjfWw==
-----END CERTIFICATE-----