Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa
File:                     3137382e32332e3138382e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          GKO1xHzUJGinckXhhCthyQ7yu4eOcaWTxHAnYAzelTo=
Subject key identifier:   AA:34:18:FE:F4:8F:38:10:09:89:6D:0B:9A:C3:47:27:F8:4E:5B:13
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       1C383C39330A394B8716CE975E49ED867457FE89
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa
Signing time:             Mon 10 Mar 2025 18:37:35 +0000
ROA not before:           Mon 10 Mar 2025 18:32:35 +0000
ROA not after:            Mon 09 Mar 2026 18:37:35 +0000
asID:                     3320
IP address blocks:        178.23.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:38:3c:39:33:0a:39:4b:87:16:ce:97:5e:49:ed:86:74:57:fe:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Mar 10 18:32:35 2025 GMT
            Not After : Mar  9 18:37:35 2026 GMT
        Subject: CN=AA3418FEF48F381009896D0B9AC34727F84E5B13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:59:bd:77:cd:62:d2:7a:9b:8c:cf:04:18:11:
                    99:07:8c:bd:13:08:87:33:27:48:d3:b8:58:34:75:
                    55:a2:1f:69:68:ff:fb:28:c4:95:12:b1:1f:fe:c4:
                    3c:31:00:c0:b0:2f:9f:ef:f4:da:13:c7:cf:08:3b:
                    57:fa:65:6a:86:e5:9d:b7:3b:09:7a:dc:fc:3d:63:
                    60:47:4a:b9:87:fb:ad:1c:20:b9:9d:e1:dd:81:cf:
                    80:8a:58:dd:06:c8:6c:f8:e8:62:9c:39:eb:8d:5c:
                    bc:9c:8e:c2:2b:b4:e2:09:61:3a:66:1d:05:db:03:
                    45:37:da:1b:37:5a:15:c1:b0:22:88:97:aa:3f:27:
                    36:c6:ea:b6:4f:92:73:70:5f:74:1a:b0:89:73:25:
                    6c:4a:43:5b:14:f8:cd:70:2d:3c:d1:a1:a1:77:df:
                    32:50:d2:3f:42:9b:ed:4a:af:80:d3:e6:c0:10:27:
                    01:90:fb:8e:d5:00:49:f6:c9:a2:8c:fd:2b:57:bf:
                    1b:dd:26:97:ff:5a:71:58:9c:f7:e9:3f:a1:34:34:
                    91:a1:13:1a:af:61:c8:70:d0:4f:9b:8c:c1:c6:d5:
                    35:c6:ee:45:29:55:1f:3a:9e:5d:c2:b3:94:99:bc:
                    67:c2:db:d1:dc:9f:c0:2d:4d:1e:8d:4f:e1:d0:cb:
                    0d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:34:18:FE:F4:8F:38:10:09:89:6D:0B:9A:C3:47:27:F8:4E:5B:13
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:79:3e:7a:bc:dd:14:df:f0:46:32:14:df:6d:34:55:c4:9a:
         0e:f0:93:fe:26:7a:e5:61:f9:5b:26:90:eb:59:d2:96:df:79:
         76:3c:8a:f3:f6:11:29:71:45:ae:ff:37:29:00:1a:8b:bb:05:
         42:95:f2:7d:3a:37:f5:0e:50:85:3a:6c:2c:0d:67:c3:9e:2b:
         8b:04:c3:af:59:f1:8f:38:8f:b2:a0:c3:14:18:20:ad:b7:81:
         f2:13:9c:a2:d1:bc:99:5d:9f:eb:38:bc:19:ae:27:f5:22:99:
         3c:55:d9:2a:b1:13:c0:45:f5:c2:84:b3:22:26:a8:fe:77:ba:
         14:45:03:e9:08:7d:3d:42:ef:bb:85:eb:2a:5f:40:54:88:50:
         51:26:39:bf:46:ec:12:a5:43:e5:dd:41:05:a8:b6:13:6f:2a:
         bc:d8:cc:60:f1:98:5d:d3:7c:58:5a:dd:17:a7:89:6c:b5:45:
         cd:9e:2e:14:e4:71:15:52:a4:08:af:27:92:75:50:4e:b8:8f:
         71:ae:1c:ba:75:d7:ed:b5:0c:69:0e:76:13:5f:d6:f5:d2:01:
         e6:62:35:57:90:66:11:70:48:84:0f:bc:37:e6:b7:92:f9:08:
         9f:ed:2f:30:fd:5f:fd:2a:16:03:55:8e:31:68:c7:c1:f7:7c:
         f2:73:9d:51
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHDg8OTMKOUuHFs6XXknthnRX/okwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNTAzMTAxODMyMzVaFw0yNjAzMDkxODM3MzVaMDMxMTAvBgNV
BAMTKEFBMzQxOEZFRjQ4RjM4MTAwOTg5NkQwQjlBQzM0NzI3Rjg0RTVCMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXWb13zWLSepuMzwQYEZkHjL0T
CIczJ0jTuFg0dVWiH2lo//soxJUSsR/+xDwxAMCwL5/v9NoTx88IO1f6ZWqG5Z23
Owl63Pw9Y2BHSrmH+60cILmd4d2Bz4CKWN0GyGz46GKcOeuNXLycjsIrtOIJYTpm
HQXbA0U32hs3WhXBsCKIl6o/JzbG6rZPknNwX3QasIlzJWxKQ1sU+M1wLTzRoaF3
3zJQ0j9Cm+1Kr4DT5sAQJwGQ+47VAEn2yaKM/StXvxvdJpf/WnFYnPfpP6E0NJGh
ExqvYchw0E+bjMHG1TXG7kUpVR86nl3Cs5SZvGfC29Hcn8AtTR6NT+HQyw0FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqjQY/vSPOBAJiW0LmsNHJ/hOWxMwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzEzNzM4MmUzMjMzMmUzMTM4
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALIX
vDANBgkqhkiG9w0BAQsFAAOCAQEASXk+erzdFN/wRjIU3200VcSaDvCT/iZ65WH5
WyaQ61nSlt95djyK8/YRKXFFrv83KQAai7sFQpXyfTo39Q5QhTpsLA1nw54riwTD
r1nxjziPsqDDFBggrbeB8hOcotG8mV2f6zi8Ga4n9SKZPFXZKrETwEX1woSzIiao
/ne6FEUD6Qh9PULvu4XrKl9AVIhQUSY5v0bsEqVD5d1BBai2E28qvNjMYPGYXdN8
WFrdF6eJbLVFzZ4uFORxFVKkCK8nknVQTriPca4cunXX7bUMaQ52E1/W9dIB5mI1
V5BmEXBIhA+8N+a3kvkIn+0vMP1f/SoWA1WOMWjHwfd88nOdUQ==
-----END CERTIFICATE-----