Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/3138352e3234322e3138332e302f32342d3234203d3e203431373230.roa
File:                     3138352e3234322e3138332e302f32342d3234203d3e203431373230.roa (raw, json)
Hash identifier:          V4bF3gDy6FE6zlNg9r0xUvpdAXLZEuLnN1FQtQz0KTM=
Subject key identifier:   B6:44:1A:80:0C:7C:CF:00:31:86:6C:DA:EE:FB:DB:28:F5:77:59:11
Certificate issuer:       /CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
Certificate serial:       01388749DF2742EE894757E084953136D0D4E78C
Authority key identifier: 88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/3138352e3234322e3138332e302f32342d3234203d3e203431373230.roa
Signing time:             Thu 24 Jul 2025 16:39:45 +0000
ROA not before:           Thu 24 Jul 2025 16:34:45 +0000
ROA not after:            Thu 23 Jul 2026 16:39:45 +0000
asID:                     41720
IP address blocks:        185.242.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 15:55:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:38:87:49:df:27:42:ee:89:47:57:e0:84:95:31:36:d0:d4:e7:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
        Validity
            Not Before: Jul 24 16:34:45 2025 GMT
            Not After : Jul 23 16:39:45 2026 GMT
        Subject: CN=B6441A800C7CCF0031866CDAEEFBDB28F5775911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bf:37:fc:31:63:cb:10:6e:39:f2:11:47:17:
                    da:29:b2:d4:73:28:c9:ee:c0:1f:c1:c7:ce:42:68:
                    a6:f2:c5:ed:2a:7e:bb:e4:33:e8:4c:65:a0:73:5f:
                    18:a4:af:dc:f2:d7:2d:b5:8d:bc:53:8f:90:c1:2c:
                    b7:ee:a6:e7:bb:0a:e1:18:74:a2:02:01:e4:92:5c:
                    ed:b4:b0:d2:b5:79:f4:44:2f:7b:6a:0a:7a:11:a4:
                    34:b1:fa:60:eb:0f:e9:41:f7:f6:56:76:3b:3a:3b:
                    73:7c:c0:6c:4f:4c:4f:cd:de:95:de:e9:a8:75:07:
                    14:eb:ca:7b:27:f0:db:99:5b:03:f2:17:32:a7:1f:
                    11:df:7a:00:12:90:28:ec:a1:ad:82:aa:9f:2b:66:
                    04:68:d4:18:fe:15:d5:ff:76:e7:f1:04:a2:6c:50:
                    ae:eb:9f:dc:22:12:71:9e:ea:67:f6:8b:02:80:61:
                    87:2d:09:a3:a1:7a:37:1c:c2:82:c3:e2:60:1f:8f:
                    81:07:c9:7d:31:f7:dc:eb:d5:1b:3c:88:6c:c8:07:
                    d9:39:b2:d8:c2:0c:03:92:b5:24:08:db:e7:e7:a5:
                    6e:77:e7:86:ed:a7:85:66:7b:43:cb:ba:81:bc:86:
                    8c:1a:75:31:56:af:a9:1b:f0:03:fa:78:40:d7:10:
                    82:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:44:1A:80:0C:7C:CF:00:31:86:6C:DA:EE:FB:DB:28:F5:77:59:11
            X509v3 Authority Key Identifier:
                keyid:88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/3138352e3234322e3138332e302f32342d3234203d3e203431373230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:65:c4:14:9c:5e:f0:81:0b:3f:b6:39:23:6b:ef:8a:5e:f2:
         7e:3b:3f:e4:06:30:c3:0a:ea:24:0d:90:bf:9d:1c:1d:88:1c:
         17:17:2f:74:fa:b7:a0:f9:1a:a2:1c:5e:84:a7:35:8c:c5:14:
         fa:04:60:2b:41:eb:12:eb:b8:58:47:ea:b8:16:c7:b4:f6:52:
         a9:22:22:ae:63:87:f3:4f:48:01:22:0b:34:f1:5e:00:89:59:
         f4:1f:d7:c2:b6:a2:da:61:4a:17:d3:91:e9:a5:e8:78:f2:43:
         72:22:1b:94:78:9f:d9:16:e8:74:11:6f:41:8c:a4:8e:3d:2b:
         e0:05:39:df:d3:8a:72:7b:f2:2b:59:64:c5:1d:f0:68:f6:fc:
         4a:68:89:0b:14:58:84:f8:eb:1f:a4:37:c0:8f:c5:2e:1e:79:
         db:95:79:fb:b3:46:63:6e:4f:18:05:0a:ea:af:6e:3c:0d:86:
         a5:50:ba:ec:01:ea:f6:8e:6e:b8:ff:a2:91:6a:a3:89:1a:26:
         34:75:a6:b4:fd:31:e8:b6:ac:f1:84:4e:c8:8e:43:2a:d7:b3:
         64:02:28:a5:6b:fb:45:fd:a2:27:43:32:1e:ed:c4:74:ab:6c:
         c4:e2:ca:57:71:6f:62:ec:09:a6:6e:bc:0f:7b:54:8f:b2:98:
         78:b8:25:cc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUATiHSd8nQu6JR1fghJUxNtDU54wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjZGQ5YzE5M2RhOTE4NWE0YWMxNWIyYWRlODc1ZmU5
N2I2ZjQ5MTAeFw0yNTA3MjQxNjM0NDVaFw0yNjA3MjMxNjM5NDVaMDMxMTAvBgNV
BAMTKEI2NDQxQTgwMEM3Q0NGMDAzMTg2NkNEQUVFRkJEQjI4RjU3NzU5MTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvzf8MWPLEG458hFHF9opstRz
KMnuwB/Bx85CaKbyxe0qfrvkM+hMZaBzXxikr9zy1y21jbxTj5DBLLfupue7CuEY
dKICAeSSXO20sNK1efREL3tqCnoRpDSx+mDrD+lB9/ZWdjs6O3N8wGxPTE/N3pXe
6ah1BxTrynsn8NuZWwPyFzKnHxHfegASkCjsoa2Cqp8rZgRo1Bj+FdX/dufxBKJs
UK7rn9wiEnGe6mf2iwKAYYctCaOhejccwoLD4mAfj4EHyX0x99zr1Rs8iGzIB9k5
stjCDAOStSQI2+fnpW5354btp4Vme0PLuoG8howadTFWr6kb8AP6eEDXEIIxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUtkQagAx8zwAxhmza7vvbKPV3WREwHwYDVR0j
BBgwFoAUiM3ZwZPakYWkrBWyreh1/pe29JEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQtNjFjNS00MjkwLThhNmQtNWYyYjkwMjcz
MjJmLzAvODhDREQ5QzE5M0RBOTE4NUE0QUMxNUIyQURFODc1RkU5N0I2RjQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNM1p3WlBha1lXa3JCV3lyZWgxX3Bl
MjlKRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQt
NjFjNS00MjkwLThhNmQtNWYyYjkwMjczMjJmLzAvMzEzODM1MmUzMjM0MzIyZTMx
MzgzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzEzNzMyMzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC58rcwDQYJKoZIhvcNAQELBQADggEBAG9lxBScXvCBCz+2OSNr74pe8n47P+QG
MMMK6iQNkL+dHB2IHBcXL3T6t6D5GqIcXoSnNYzFFPoEYCtB6xLruFhH6rgWx7T2
UqkiIq5jh/NPSAEiCzTxXgCJWfQf18K2otphShfTkeml6HjyQ3IiG5R4n9kW6HQR
b0GMpI49K+AFOd/TinJ78itZZMUd8Gj2/EpoiQsUWIT46x+kN8CPxS4eeduVefuz
RmNuTxgFCuqvbjwNhqVQuuwB6vaObrj/opFqo4kaJjR1prT9Mei2rPGETsiOQyrX
s2QCKKVr+0X9oidDMh7txHSrbMTiyldxb2LsCaZuvA97VI+ymHi4Jcw=
-----END CERTIFICATE-----
Generated at Sat Jul 26 01:52:46 2025 by rpki-client