Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131332e302f32342d3234203d3e20383334.roa
File:                     3138352e39312e3131332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          wUHDND9ukOVNaQ+NWAsi1lWfuN4h8Pf5bBrTJ0wUGT4=
Subject key identifier:   10:EE:A1:73:BC:5F:59:63:31:97:22:FB:B8:35:02:96:0F:94:E2:46
Certificate issuer:       /CN=1498141819112b8446c2d4a3111f53038f05dbe9
Certificate serial:       1CD2D54ED482C63438EEC80BC9967161404DEBF7
Authority key identifier: 14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131332e302f32342d3234203d3e20383334.roa
Signing time:             Wed 04 Jun 2025 09:51:30 +0000
ROA not before:           Wed 04 Jun 2025 09:46:30 +0000
ROA not after:            Wed 03 Jun 2026 09:51:30 +0000
asID:                     834
IP address blocks:        185.91.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:d2:d5:4e:d4:82:c6:34:38:ee:c8:0b:c9:96:71:61:40:4d:eb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1498141819112b8446c2d4a3111f53038f05dbe9
        Validity
            Not Before: Jun  4 09:46:30 2025 GMT
            Not After : Jun  3 09:51:30 2026 GMT
        Subject: CN=10EEA173BC5F5963319722FBB83502960F94E246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e2:de:9b:3a:8d:e5:97:90:60:29:b5:0f:d8:
                    f3:48:af:28:e7:10:33:75:ce:0f:e8:d8:af:3f:14:
                    6e:c6:8a:ab:88:a3:77:ed:25:0e:93:50:fc:52:8f:
                    2d:f0:31:22:d6:ab:3b:aa:56:dc:fd:9e:fe:b5:6e:
                    54:47:57:2a:92:28:0a:c5:b9:44:36:45:29:b0:6d:
                    d6:fa:df:06:8d:56:c1:8f:e5:00:d8:42:7d:f0:27:
                    3e:26:a6:82:75:7b:8b:5b:22:77:ca:0f:08:62:49:
                    51:c2:d3:75:27:1e:1b:61:a2:c8:00:d4:ce:e1:1a:
                    2c:8a:46:78:4b:11:2f:3c:ed:d0:19:35:37:a6:be:
                    d3:55:47:70:e3:80:29:c7:c0:a3:13:23:34:f9:c3:
                    25:fe:20:56:80:20:41:c9:a4:aa:da:b3:fa:67:59:
                    82:01:dd:28:d2:53:9c:02:a6:22:5b:51:d3:bb:cd:
                    f8:8d:53:d6:0e:93:ba:eb:92:75:dd:d8:a0:c7:9a:
                    d1:6e:0b:be:4e:e6:ba:df:3f:40:2e:59:77:6d:bb:
                    63:7d:dd:e7:33:f5:fc:6c:b6:95:b8:95:3e:13:03:
                    eb:80:ed:ab:56:61:cc:9c:5e:fd:b6:a0:26:37:9a:
                    2e:49:4f:72:56:1a:e0:6f:47:da:e9:b2:bb:58:2d:
                    b1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EE:A1:73:BC:5F:59:63:31:97:22:FB:B8:35:02:96:0F:94:E2:46
            X509v3 Authority Key Identifier:
                keyid:14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:c2:77:90:0f:95:e9:ec:e9:70:6c:a5:58:40:d0:ac:ca:95:
         28:41:58:98:bc:4d:24:b8:43:0a:67:28:98:fa:bc:7d:f5:50:
         cd:cf:53:80:e7:51:b0:1b:48:c2:73:ca:34:04:b1:6c:21:5c:
         81:83:95:c6:05:1d:85:2a:f0:11:b3:38:94:39:cc:18:2e:73:
         8a:a8:ed:17:80:e6:de:1c:ec:96:97:c0:f5:68:4b:c5:8f:50:
         1b:67:03:85:42:01:f0:99:06:22:72:35:9e:af:8f:61:d9:92:
         f2:2e:28:20:79:3a:18:a2:15:c1:53:8e:05:89:7c:5b:2e:ef:
         23:f9:21:68:89:a8:2a:0e:7a:2f:f6:f2:d7:cd:3d:f3:9c:7d:
         ed:b2:84:a5:6c:de:99:96:b4:ff:ba:d5:27:a4:03:15:6e:07:
         91:ad:ab:70:60:be:c3:00:03:2f:9d:6a:0a:40:bf:08:96:6b:
         d5:65:e9:04:b4:12:37:98:af:5a:5b:74:08:2b:87:cc:b2:cc:
         cd:5f:4d:ed:1d:48:db:e0:75:ea:d9:39:2e:7a:10:e0:25:af:
         fe:ea:79:4a:28:9d:4a:db:69:a2:02:e3:96:dd:f5:ba:98:27:
         87:af:29:29:73:9b:c3:89:5c:47:b7:bb:f0:84:ce:2b:e3:77:
         1d:dc:aa:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHNLVTtSCxjQ47sgLyZZxYUBN6/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTQ5ODE0MTgxOTExMmI4NDQ2YzJkNGEzMTExZjUzMDM4
ZjA1ZGJlOTAeFw0yNTA2MDQwOTQ2MzBaFw0yNjA2MDMwOTUxMzBaMDMxMTAvBgNV
BAMTKDEwRUVBMTczQkM1RjU5NjMzMTk3MjJGQkI4MzUwMjk2MEY5NEUyNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA4t6bOo3ll5BgKbUP2PNIryjn
EDN1zg/o2K8/FG7GiquIo3ftJQ6TUPxSjy3wMSLWqzuqVtz9nv61blRHVyqSKArF
uUQ2RSmwbdb63waNVsGP5QDYQn3wJz4mpoJ1e4tbInfKDwhiSVHC03UnHhthosgA
1M7hGiyKRnhLES887dAZNTemvtNVR3DjgCnHwKMTIzT5wyX+IFaAIEHJpKras/pn
WYIB3SjSU5wCpiJbUdO7zfiNU9YOk7rrknXd2KDHmtFuC75O5rrfP0AuWXdtu2N9
3ecz9fxstpW4lT4TA+uA7atWYcycXv22oCY3mi5JT3JWGuBvR9rpsrtYLbEhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEO6hc7xfWWMxlyL7uDUClg+U4kYwHwYDVR0j
BBgwFoAUFJgUGBkRK4RGwtSjER9TA48F2+kwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQtZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5
ODk3LzAvMTQ5ODE0MTgxOTExMkI4NDQ2QzJENEEzMTExRjUzMDM4RjA1REJFOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ZKZ1VHQmtSSzRSR3d0U2pFUjlUQTQ4
RjItay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQt
ZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5ODk3LzAvMzEzODM1MmUzOTMxMmUzMTMx
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5W3Ew
DQYJKoZIhvcNAQELBQADggEBACnCd5APlens6XBspVhA0KzKlShBWJi8TSS4Qwpn
KJj6vH31UM3PU4DnUbAbSMJzyjQEsWwhXIGDlcYFHYUq8BGzOJQ5zBguc4qo7ReA
5t4c7JaXwPVoS8WPUBtnA4VCAfCZBiJyNZ6vj2HZkvIuKCB5OhiiFcFTjgWJfFsu
7yP5IWiJqCoOei/28tfNPfOcfe2yhKVs3pmWtP+61SekAxVuB5Gtq3BgvsMAAy+d
agpAvwiWa9Vl6QS0EjeYr1pbdAgrh8yyzM1fTe0dSNvgderZOS56EOAlr/7qeUoo
nUrbaaIC45bd9bqYJ4evKSlzm8OJXEe3u/CEzivjdx3cqm4=
-----END CERTIFICATE-----