Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38302e302f32342d3234203d3e203339343231.roa
File:                     3138352e34342e38302e302f32342d3234203d3e203339343231.roa (raw, json)
Hash identifier:          UQetgJ8gkrizZ8Ee9Cz8vW5vh9g+HY6FYRsN52DUj8Y=
Subject key identifier:   A1:D9:E3:45:7A:12:36:94:DC:70:71:88:D5:E5:B6:06:C4:83:4F:3F
Certificate issuer:       /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial:       5D62988EF89F9EE381C3960F65AEEC4E88F63AD2
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38302e302f32342d3234203d3e203339343231.roa
Signing time:             Wed 04 Jun 2025 21:32:15 +0000
ROA not before:           Wed 04 Jun 2025 21:27:15 +0000
ROA not after:            Wed 03 Jun 2026 21:32:15 +0000
asID:                     39421
IP address blocks:        185.44.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 01:40:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:62:98:8e:f8:9f:9e:e3:81:c3:96:0f:65:ae:ec:4e:88:f6:3a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
        Validity
            Not Before: Jun  4 21:27:15 2025 GMT
            Not After : Jun  3 21:32:15 2026 GMT
        Subject: CN=A1D9E3457A123694DC707188D5E5B606C4834F3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:dc:2a:62:36:c8:13:67:0c:e3:fe:a6:18:46:
                    a8:98:cf:d1:fc:62:c5:2c:74:02:02:b1:9b:1b:60:
                    59:42:e5:83:1b:42:89:c9:18:4f:d9:f7:34:30:bf:
                    1c:0b:79:92:90:10:da:72:92:8b:56:22:0f:0e:1a:
                    1c:de:58:0d:e9:39:b4:78:fe:e6:0a:ca:d1:bb:29:
                    a5:4e:b3:80:e0:5c:2b:8c:fb:dc:22:70:19:ed:92:
                    ce:58:1e:46:62:d5:7c:c0:ca:d0:bd:b5:30:84:f2:
                    d7:21:77:88:5d:de:ab:b6:83:00:dc:a4:26:4e:44:
                    e4:8b:26:ab:7e:9d:06:dd:50:88:8e:22:21:66:51:
                    09:03:64:c9:ae:6c:af:33:a3:a9:c0:c6:02:37:04:
                    2f:ab:0e:82:ea:d8:71:e5:18:be:82:80:aa:1e:07:
                    61:b1:05:f9:24:b5:64:19:87:3f:57:91:b5:aa:5d:
                    8a:92:7b:90:ea:1b:38:cb:f8:d4:3a:e3:5e:d6:0f:
                    33:81:9a:97:0e:c2:ba:03:11:14:eb:81:b7:b4:c5:
                    b7:bb:19:bb:3f:08:27:08:9a:82:01:c6:db:6f:a1:
                    43:53:2d:77:80:2f:92:91:34:75:22:e1:95:ce:78:
                    53:dc:28:a8:21:7b:24:26:9b:83:f6:1f:1d:28:9d:
                    58:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D9:E3:45:7A:12:36:94:DC:70:71:88:D5:E5:B6:06:C4:83:4F:3F
            X509v3 Authority Key Identifier:
                keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38302e302f32342d3234203d3e203339343231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:37:8f:4a:54:e5:19:4a:67:26:66:06:e2:55:b9:63:a8:b5:
         2b:47:de:19:46:36:b4:c6:51:9b:d0:43:97:7f:f6:92:31:4d:
         66:09:84:35:81:3b:a6:ac:bf:6f:63:a1:34:06:67:5e:df:44:
         c7:f9:0a:e2:1b:c0:c9:ab:f9:79:76:92:0f:f9:07:50:7f:6f:
         e1:70:ff:13:64:3b:2b:53:92:6e:6d:04:99:29:69:25:0a:98:
         ac:68:69:87:83:29:98:6c:32:5a:8e:dd:c3:ec:9e:c3:f9:16:
         3e:67:50:50:7c:ce:e5:8c:96:de:f0:50:74:61:61:61:7c:c1:
         b1:d3:cd:a3:a9:d5:d5:9c:04:6b:84:53:5f:55:77:67:0f:0e:
         cd:09:e6:77:22:7a:8c:3e:47:47:0f:ab:b9:0b:b3:65:a9:20:
         e0:70:9a:ba:0d:85:0b:2b:c9:d2:33:36:b1:7d:d1:9c:db:ed:
         36:55:8a:a2:33:ee:7e:54:e7:2a:25:52:63:5a:ec:b4:f6:2c:
         e7:9b:f3:9c:a3:44:b3:85:a4:7d:45:30:e7:ab:ed:b9:bb:a3:
         6b:bc:1d:96:87:5d:7a:eb:73:f1:b0:d2:6a:bc:f9:07:4d:7e:
         da:06:ef:59:4c:91:3e:5d:03:24:56:83:dc:14:4f:8a:13:63:
         e0:b3:a6:37
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUXWKYjvifnuOBw5YPZa7sToj2OtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNTA2MDQyMTI3MTVaFw0yNjA2MDMyMTMyMTVaMDMxMTAvBgNV
BAMTKEExRDlFMzQ1N0ExMjM2OTREQzcwNzE4OEQ1RTVCNjA2QzQ4MzRGM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC53CpiNsgTZwzj/qYYRqiYz9H8
YsUsdAICsZsbYFlC5YMbQonJGE/Z9zQwvxwLeZKQENpykotWIg8OGhzeWA3pObR4
/uYKytG7KaVOs4DgXCuM+9wicBntks5YHkZi1XzAytC9tTCE8tchd4hd3qu2gwDc
pCZOROSLJqt+nQbdUIiOIiFmUQkDZMmubK8zo6nAxgI3BC+rDoLq2HHlGL6CgKoe
B2GxBfkktWQZhz9XkbWqXYqSe5DqGzjL+NQ6417WDzOBmpcOwroDERTrgbe0xbe7
Gbs/CCcImoIBxttvoUNTLXeAL5KRNHUi4ZXOeFPcKKgheyQmm4P2Hx0onVgfAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUodnjRXoSNpTccHGI1eW2BsSDTz8wHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUHMAuGgYtyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMxMzgzNTJlMzQzNDJlMzgz
MDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNDMyMzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5
LFAwDQYJKoZIhvcNAQELBQADggEBAE83j0pU5RlKZyZmBuJVuWOotStH3hlGNrTG
UZvQQ5d/9pIxTWYJhDWBO6asv29joTQGZ17fRMf5CuIbwMmr+Xl2kg/5B1B/b+Fw
/xNkOytTkm5tBJkpaSUKmKxoaYeDKZhsMlqO3cPsnsP5Fj5nUFB8zuWMlt7wUHRh
YWF8wbHTzaOp1dWcBGuEU19Vd2cPDs0J5ncieow+R0cPq7kLs2WpIOBwmroNhQsr
ydIzNrF90Zzb7TZViqIz7n5U5yolUmNa7LT2LOeb85yjRLOFpH1FMOer7bm7o2u8
HZaHXXrrc/Gw0mq8+QdNftoG71lMkT5dAyRWg9wUT4oTY+Czpjc=
-----END CERTIFICATE-----