Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa
File:                     3138352e3231362e3230322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ZtQJogBS0a4dv/WUT0UjG/SANdBWOvb3QTbz/MJJdcg=
Subject key identifier:   4E:12:82:F7:6F:88:45:5E:2A:D7:0F:B9:92:92:6E:B6:3D:B2:36:1D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2AFD51D1E34486846D2A90183F8953F4C270B449
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa
Signing time:             Sun 06 Jul 2025 08:46:49 +0000
ROA not before:           Sun 06 Jul 2025 08:41:49 +0000
ROA not after:            Sun 05 Jul 2026 08:46:49 +0000
asID:                     834
IP address blocks:        185.216.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:fd:51:d1:e3:44:86:84:6d:2a:90:18:3f:89:53:f4:c2:70:b4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul  6 08:41:49 2025 GMT
            Not After : Jul  5 08:46:49 2026 GMT
        Subject: CN=4E1282F76F88455E2AD70FB992926EB63DB2361D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5a:6f:3e:55:6c:c5:d3:93:bc:5b:c1:3a:f5:
                    79:af:53:c4:57:85:2a:e8:3e:2e:52:46:e6:89:05:
                    3f:05:1e:4c:dd:2e:29:37:fd:ef:a5:ff:3f:79:f3:
                    ab:d3:a2:65:64:d9:ca:73:b3:6d:77:28:76:01:a9:
                    c7:fa:df:cc:0d:18:b3:d2:01:e5:04:f9:49:d2:34:
                    0f:df:6a:f5:e6:2f:a2:95:50:d0:3d:ec:20:54:5e:
                    46:c0:84:45:bc:02:62:a4:c5:cd:6e:bb:6c:63:92:
                    0d:65:de:90:46:ac:52:1b:1c:4f:0c:5b:df:2c:b0:
                    4b:eb:55:96:f8:3c:8a:14:2e:d5:41:13:7c:c2:e8:
                    52:88:25:4c:fa:7d:a7:32:74:71:b9:7f:1d:40:bc:
                    96:6b:85:c9:f6:ac:1a:5d:71:04:01:16:aa:8b:e8:
                    34:8f:4a:c0:bd:55:db:05:a5:b3:39:80:06:d9:df:
                    bc:a4:72:7d:c7:39:65:2e:c8:9f:d0:33:5b:bc:d1:
                    24:d7:23:94:81:fb:58:cd:68:f1:62:09:2f:eb:f7:
                    82:56:13:b3:6a:63:b6:cd:7c:5e:19:99:bc:bc:e4:
                    c9:e1:d4:6d:82:f4:a5:34:b7:12:aa:a1:5c:52:8e:
                    c6:f5:3f:a5:8a:e3:24:c0:1b:94:2b:22:aa:c9:22:
                    1e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:12:82:F7:6F:88:45:5E:2A:D7:0F:B9:92:92:6E:B6:3D:B2:36:1D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:85:5a:cd:d9:ec:d1:d9:f1:b6:16:ab:93:ca:8a:c5:aa:e9:
         8f:ab:e3:77:8d:c1:ae:06:60:fb:52:23:3b:f4:bb:ad:e3:bb:
         96:75:6a:29:31:ab:c3:f0:2c:f3:7a:4b:51:37:38:15:e6:5a:
         0b:f4:57:9b:bf:7e:3a:6a:fc:cc:19:cd:c2:50:ea:8b:0b:ac:
         da:42:62:8d:b7:d0:34:83:40:c4:98:14:0e:46:c9:55:43:b1:
         32:3a:d0:2a:4a:a4:05:b4:40:ff:f2:13:1f:d8:23:e3:1e:b6:
         e4:21:21:41:b9:8f:09:91:61:f1:d0:84:74:53:dd:fa:5e:8c:
         10:80:e8:f5:c3:fc:5d:11:9e:a7:23:94:0a:72:b4:a2:d1:51:
         99:16:65:26:22:5c:b7:fe:1b:e4:ac:48:93:28:1d:41:44:10:
         c5:33:6d:f5:20:f1:e9:c1:0e:53:f2:a4:15:ae:3e:a9:eb:07:
         86:1a:bd:10:e3:ca:ad:6a:9d:95:b6:74:3c:0e:63:6a:71:e4:
         bf:ea:5b:21:40:83:62:26:41:4c:3b:72:58:13:3b:28:d3:af:
         37:66:df:3e:97:4e:2f:c3:a0:36:57:22:10:0f:58:fc:25:2c:
         f5:8e:2c:21:92:e7:d4:4e:6d:06:37:68:74:d3:2a:20:79:1e:
         b5:cf:37:ad
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKv1R0eNEhoRtKpAYP4lT9MJwtEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MDYwODQxNDlaFw0yNjA3MDUwODQ2NDlaMDMxMTAvBgNV
BAMTKDRFMTI4MkY3NkY4ODQ1NUUyQUQ3MEZCOTkyOTI2RUI2M0RCMjM2MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfWm8+VWzF05O8W8E69XmvU8RX
hSroPi5SRuaJBT8FHkzdLik3/e+l/z9586vTomVk2cpzs213KHYBqcf638wNGLPS
AeUE+UnSNA/favXmL6KVUNA97CBUXkbAhEW8AmKkxc1uu2xjkg1l3pBGrFIbHE8M
W98ssEvrVZb4PIoULtVBE3zC6FKIJUz6facydHG5fx1AvJZrhcn2rBpdcQQBFqqL
6DSPSsC9VdsFpbM5gAbZ37ykcn3HOWUuyJ/QM1u80STXI5SB+1jNaPFiCS/r94JW
E7NqY7bNfF4Zmby85Mnh1G2C9KU0txKqoVxSjsb1P6WK4yTAG5QrIqrJIh53AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUThKC92+IRV4q1w+5kpJutj2yNh0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzYyZTMy
MzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnY
yjANBgkqhkiG9w0BAQsFAAOCAQEAn4Vazdns0dnxthark8qKxarpj6vjd43BrgZg
+1IjO/S7reO7lnVqKTGrw/As83pLUTc4FeZaC/RXm79+Omr8zBnNwlDqiwus2kJi
jbfQNINAxJgUDkbJVUOxMjrQKkqkBbRA//ITH9gj4x625CEhQbmPCZFh8dCEdFPd
+l6MEIDo9cP8XRGepyOUCnK0otFRmRZlJiJct/4b5KxIkygdQUQQxTNt9SDx6cEO
U/KkFa4+qesHhhq9EOPKrWqdlbZ0PA5janHkv+pbIUCDYiZBTDtyWBM7KNOvN2bf
PpdOL8OgNlciEA9Y/CUs9Y4sIZLn1E5tBjdodNMqIHketc83rQ==
-----END CERTIFICATE-----