Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36332e302f32342d3234203d3e203633343733.roa
File:                     3139332e32392e36332e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          WiUEK+1/rF6wlQxs2sqpTo+68DTHtMFlQxhqXE/KKiY=
Subject key identifier:   D2:6D:C2:D7:9A:7E:6D:19:52:D1:6B:95:11:3F:06:DA:6D:A5:F3:86
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3292D106DA1B0E8CBA43EAE910272A3D9B3FC7BB
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36332e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 06 Oct 2025 10:47:49 +0000
ROA not before:           Mon 06 Oct 2025 10:42:49 +0000
ROA not after:            Mon 05 Oct 2026 10:47:49 +0000
asID:                     63473
IP address blocks:        193.29.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:92:d1:06:da:1b:0e:8c:ba:43:ea:e9:10:27:2a:3d:9b:3f:c7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct  6 10:42:49 2025 GMT
            Not After : Oct  5 10:47:49 2026 GMT
        Subject: CN=D26DC2D79A7E6D1952D16B95113F06DA6DA5F386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:17:1c:74:8a:a2:3c:0f:94:b9:ad:76:b9:c7:
                    15:6b:4a:df:ab:ee:22:f9:9e:dd:c5:7a:37:7c:91:
                    a9:5a:8a:72:84:78:01:4f:c0:8b:4f:39:c2:d1:37:
                    87:bc:0e:4a:b4:3f:36:1d:1b:72:dc:9f:5a:2f:90:
                    ff:17:ac:59:12:45:61:5d:fe:4a:ec:5e:99:54:49:
                    0a:d4:07:9e:cd:00:a5:5d:bb:cc:af:cd:f1:cb:1b:
                    7c:4a:61:7b:19:11:c5:c3:51:56:9f:6f:f8:e0:af:
                    4a:7a:60:cb:6c:7b:d9:43:85:fe:33:0f:d7:c6:e9:
                    1e:c2:ca:06:47:99:fa:38:63:02:ae:8a:e8:b1:db:
                    e2:1a:5f:cf:63:17:47:56:bc:af:3f:72:3a:ed:b6:
                    21:f6:19:b3:80:bd:20:0d:89:c8:70:13:cc:86:64:
                    a7:77:0a:51:74:2c:f2:ea:31:79:f2:22:68:98:0c:
                    d2:2e:af:e9:da:3d:47:bb:7f:0e:71:e1:03:4e:e2:
                    73:4d:05:dd:3f:85:50:c3:53:34:0f:c8:01:3d:9e:
                    24:fd:9c:98:20:42:5f:64:5b:2f:7c:2f:7c:7f:b2:
                    07:bb:bc:a1:0b:2b:84:bf:4d:9d:41:99:1f:a5:17:
                    3f:f7:7e:2f:f9:ec:6c:e1:c9:b0:52:7b:e5:9d:96:
                    0a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6D:C2:D7:9A:7E:6D:19:52:D1:6B:95:11:3F:06:DA:6D:A5:F3:86
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e32392e36332e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:26:35:ec:96:b5:14:1b:fd:77:42:80:47:e8:2c:7d:8a:f3:
         fd:56:d7:c7:a7:7a:0c:0b:17:e0:4f:16:bc:08:93:3b:0a:b3:
         64:26:4f:94:96:0f:49:ea:59:b1:9d:11:32:c6:79:8c:ec:d1:
         76:f4:8e:e7:0c:5c:80:55:b4:a3:e5:98:6e:b8:6e:b3:d9:67:
         d0:31:02:ed:7d:5c:12:cb:bb:d7:e3:32:99:a3:76:c4:a5:df:
         6d:b6:53:e9:eb:41:f2:b0:b2:0c:e2:b9:63:de:45:6f:90:f0:
         d6:82:13:e2:1f:ad:10:f5:83:d5:25:96:52:63:da:84:1c:f5:
         b2:88:74:33:45:3a:af:16:97:60:e7:13:d7:9c:9b:81:71:9c:
         7e:02:ba:7c:36:1f:c1:36:87:17:fb:17:31:51:80:15:f7:ca:
         4a:51:9e:6d:fb:68:f7:20:1f:72:f8:43:fa:74:9c:5e:a8:2c:
         4e:66:89:4d:b1:74:0d:7a:3e:98:ea:40:2a:0c:48:96:ed:bf:
         f2:66:71:1e:1b:18:5e:71:a5:e2:20:9b:b5:00:74:25:70:5e:
         ef:cc:2c:52:83:ae:b8:89:e5:2a:b6:c6:67:25:81:28:f2:c2:
         0b:49:ff:c5:64:db:a0:d4:fb:9e:a1:53:0f:ae:da:7c:e4:b5:
         fa:93:0f:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMpLRBtobDoy6Q+rpECcqPZs/x7swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMDYxMDQyNDlaFw0yNjEwMDUxMDQ3NDlaMDMxMTAvBgNV
BAMTKEQyNkRDMkQ3OUE3RTZEMTk1MkQxNkI5NTExM0YwNkRBNkRBNUYzODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyFxx0iqI8D5S5rXa5xxVrSt+r
7iL5nt3Fejd8kalainKEeAFPwItPOcLRN4e8Dkq0PzYdG3Lcn1ovkP8XrFkSRWFd
/krsXplUSQrUB57NAKVdu8yvzfHLG3xKYXsZEcXDUVafb/jgr0p6YMtse9lDhf4z
D9fG6R7CygZHmfo4YwKuiuix2+IaX89jF0dWvK8/cjrttiH2GbOAvSANichwE8yG
ZKd3ClF0LPLqMXnyImiYDNIur+naPUe7fw5x4QNO4nNNBd0/hVDDUzQPyAE9niT9
nJggQl9kWy98L3x/sge7vKELK4S/TZ1BmR+lFz/3fi/57GzhybBSe+WdlgrPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0m3C15p+bRlS0WuVET8G2m2l84YwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzMjM5MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEd
PzANBgkqhkiG9w0BAQsFAAOCAQEAfiY17Ja1FBv9d0KAR+gsfYrz/VbXx6d6DAsX
4E8WvAiTOwqzZCZPlJYPSepZsZ0RMsZ5jOzRdvSO5wxcgFW0o+WYbrhus9ln0DEC
7X1cEsu71+MymaN2xKXfbbZT6etB8rCyDOK5Y95Fb5Dw1oIT4h+tEPWD1SWWUmPa
hBz1soh0M0U6rxaXYOcT15ybgXGcfgK6fDYfwTaHF/sXMVGAFffKSlGebfto9yAf
cvhD+nScXqgsTmaJTbF0DXo+mOpAKgxIlu2/8mZxHhsYXnGl4iCbtQB0JXBe78ws
UoOuuInlKrbGZyWBKPLCC0n/xWTboNT7nqFTD67afOS1+pMPug==
-----END CERTIFICATE-----