Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa
File:                     3139342e33312e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          HHGLwQVgH0BN0dcl2I5zLx3ph8mEFQrW5M2lnCCX9Ik=
Subject key identifier:   9B:17:3A:7F:8B:40:5A:DF:A0:D8:8D:2F:77:81:4F:52:DB:52:B7:15
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4D7B1BCCA8682AEFBF07A59B582309B31E061C54
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Mon 22 Sep 2025 13:46:40 +0000
ROA not before:           Mon 22 Sep 2025 13:41:40 +0000
ROA not after:            Mon 21 Sep 2026 13:46:40 +0000
asID:                     834
IP address blocks:        194.31.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:7b:1b:cc:a8:68:2a:ef:bf:07:a5:9b:58:23:09:b3:1e:06:1c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Sep 22 13:41:40 2025 GMT
            Not After : Sep 21 13:46:40 2026 GMT
        Subject: CN=9B173A7F8B405ADFA0D88D2F77814F52DB52B715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:08:c6:2d:39:a6:48:00:22:ca:9a:19:4b:18:
                    01:74:98:26:96:f5:af:2d:34:32:cf:96:fb:eb:88:
                    84:bc:d1:9e:f0:2d:b6:2a:fc:b7:50:33:7c:84:68:
                    b3:d9:0e:62:b2:a8:fd:7e:f8:d3:af:e6:c3:a7:09:
                    63:0d:b3:80:67:fd:25:63:d0:34:d8:f7:ad:98:ab:
                    bc:99:82:88:d8:52:88:e5:79:7b:a3:b9:bc:62:53:
                    1b:09:8e:39:96:8a:3d:4a:60:8a:ad:07:05:24:97:
                    4b:0f:2d:44:4e:69:a6:d5:ab:b5:d8:2a:ae:10:94:
                    77:28:fe:b7:e5:36:fc:b4:27:6e:b1:52:32:fa:4e:
                    57:f2:aa:29:6e:2c:8f:cc:fe:e2:18:9d:80:f6:63:
                    5e:90:76:3f:41:22:6d:41:63:56:7a:b4:ce:5e:cc:
                    c0:48:f8:76:b3:19:7b:8d:84:f0:cd:44:48:91:1f:
                    30:7a:6a:5e:b4:f2:53:88:7c:2c:c5:99:56:ee:5c:
                    00:b7:2b:30:b1:af:73:f0:de:ff:fd:5f:f8:85:8c:
                    a2:93:c6:2b:78:c2:fa:75:c2:cb:fd:03:a4:3f:87:
                    de:74:6f:17:93:25:7e:37:27:da:a8:30:5c:26:06:
                    03:1d:d9:75:db:a8:11:53:68:fc:93:6b:7d:3c:47:
                    fb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:17:3A:7F:8B:40:5A:DF:A0:D8:8D:2F:77:81:4F:52:DB:52:B7:15
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a4:63:78:80:1e:9c:a4:9a:91:af:e6:ec:aa:fc:79:81:2f:
         a2:8e:a8:3a:0d:34:aa:4e:9e:4c:f0:11:e0:a2:95:ac:05:03:
         0f:1b:bd:ef:51:51:71:05:ae:58:17:9c:38:91:36:d9:4d:67:
         76:a4:44:be:79:6b:a4:cc:aa:d7:c6:87:33:15:76:51:b7:c9:
         c9:65:39:62:38:e4:0b:f9:b0:27:16:8c:3e:59:e8:90:68:e2:
         d6:fb:76:55:42:8a:4e:e1:cb:89:27:89:95:73:26:b2:62:b6:
         f3:b0:4a:3b:eb:67:2f:80:20:40:8d:8f:89:4c:fb:c2:9b:86:
         7a:3c:bf:a5:63:fa:49:19:c1:98:cc:53:8a:f4:04:31:0d:00:
         d9:65:72:73:b1:51:62:96:22:32:fa:bb:26:76:92:1c:df:ad:
         51:22:39:93:68:7a:08:d0:79:ad:34:5e:2b:e8:2a:59:0e:53:
         54:95:13:57:11:5c:54:90:34:65:d0:19:9f:0e:f5:fd:3b:2f:
         37:8c:77:95:c1:6d:44:a3:ae:ec:0d:0b:9e:58:20:4a:28:84:
         e3:55:25:57:7e:b8:79:10:38:41:46:33:0d:ec:9d:bd:ac:00:
         a4:22:58:23:9b:42:34:f7:e9:41:cf:ab:8e:32:00:6f:1d:a4:
         72:b8:af:e3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTXsbzKhoKu+/B6WbWCMJsx4GHFQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA5MjIxMzQxNDBaFw0yNjA5MjExMzQ2NDBaMDMxMTAvBgNV
BAMTKDlCMTczQTdGOEI0MDVBREZBMEQ4OEQyRjc3ODE0RjUyREI1MkI3MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGCMYtOaZIACLKmhlLGAF0mCaW
9a8tNDLPlvvriIS80Z7wLbYq/LdQM3yEaLPZDmKyqP1++NOv5sOnCWMNs4Bn/SVj
0DTY962Yq7yZgojYUojleXujubxiUxsJjjmWij1KYIqtBwUkl0sPLUROaabVq7XY
Kq4QlHco/rflNvy0J26xUjL6TlfyqiluLI/M/uIYnYD2Y16Qdj9BIm1BY1Z6tM5e
zMBI+HazGXuNhPDNREiRHzB6al608lOIfCzFmVbuXAC3KzCxr3Pw3v/9X/iFjKKT
xit4wvp1wsv9A6Q/h950bxeTJX43J9qoMFwmBgMd2XXbqBFTaPyTa308R/sxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmxc6f4tAWt+g2I0vd4FPUttStxUwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCH5Qw
DQYJKoZIhvcNAQELBQADggEBAHqkY3iAHpykmpGv5uyq/HmBL6KOqDoNNKpOnkzw
EeCilawFAw8bve9RUXEFrlgXnDiRNtlNZ3akRL55a6TMqtfGhzMVdlG3ycllOWI4
5Av5sCcWjD5Z6JBo4tb7dlVCik7hy4kniZVzJrJitvOwSjvrZy+AIECNj4lM+8Kb
hno8v6Vj+kkZwZjMU4r0BDENANllcnOxUWKWIjL6uyZ2khzfrVEiOZNoegjQea00
XivoKlkOU1SVE1cRXFSQNGXQGZ8O9f07LzeMd5XBbUSjruwNC55YIEoohONVJVd+
uHkQOEFGMw3snb2sAKQiWCObQjT36UHPq44yAG8dpHK4r+M=
-----END CERTIFICATE-----