Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38312e302f32342d3234203d3e203339343231.roa
File:                     3138352e34342e38312e302f32342d3234203d3e203339343231.roa (raw, json)
Hash identifier:          BF6S2GfzcRLVtvnyZ19+5dCLfsNDbMuOlEIUiJ5+jzQ=
Subject key identifier:   8E:95:3F:37:3A:D2:89:AF:D4:30:77:8B:2B:76:2B:22:31:F9:30:42
Certificate issuer:       /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial:       6107AFA165683E455DB6277B5F98B088F63ED3DC
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38312e302f32342d3234203d3e203339343231.roa
Signing time:             Wed 04 Jun 2025 21:32:13 +0000
ROA not before:           Wed 04 Jun 2025 21:27:13 +0000
ROA not after:            Wed 03 Jun 2026 21:32:13 +0000
asID:                     39421
IP address blocks:        185.44.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 01:40:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:07:af:a1:65:68:3e:45:5d:b6:27:7b:5f:98:b0:88:f6:3e:d3:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
        Validity
            Not Before: Jun  4 21:27:13 2025 GMT
            Not After : Jun  3 21:32:13 2026 GMT
        Subject: CN=8E953F373AD289AFD430778B2B762B2231F93042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9f:c5:27:04:08:43:2a:b1:9e:4c:b3:bf:af:
                    b5:49:4a:01:1b:8a:f6:4a:02:b4:49:13:39:2e:e1:
                    6b:01:c8:d7:c4:71:c9:e3:40:0b:83:0b:7b:43:7f:
                    fc:4e:11:da:41:5f:57:1d:b0:c2:ea:c8:ea:50:bd:
                    72:0b:74:8b:82:7c:1c:c2:21:b1:76:04:02:bd:2c:
                    fc:16:d1:e2:35:03:ad:2c:3e:7b:81:2e:b6:78:75:
                    e7:ff:5c:a3:44:5a:51:7f:30:c8:19:cd:6f:2f:74:
                    a3:1d:6f:26:32:87:a7:fc:7e:74:19:6a:98:4e:ac:
                    59:dc:fa:a3:b2:ea:9b:7b:f5:1b:40:c3:54:8d:63:
                    76:e4:3e:99:5a:ea:af:7f:84:76:7f:3f:a7:bb:a0:
                    13:e4:ec:5c:65:e2:29:77:da:8e:94:9d:9e:f4:53:
                    4e:88:c5:d3:d6:a0:27:c8:64:c4:08:8f:79:3d:3e:
                    41:c5:e2:d1:d5:10:d6:67:9a:f7:56:c3:a5:1e:94:
                    99:52:2c:5c:92:ad:b6:dc:7c:ce:e5:1a:d6:05:e7:
                    61:29:cb:f2:cd:94:3e:d6:6f:ac:77:75:27:75:ce:
                    fe:d9:c7:2a:4f:9d:ce:61:d6:f3:82:8b:dc:51:b9:
                    e7:c6:0b:07:59:2b:f6:48:99:1b:d5:d0:dd:92:46:
                    07:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:95:3F:37:3A:D2:89:AF:D4:30:77:8B:2B:76:2B:22:31:F9:30:42
            X509v3 Authority Key Identifier:
                keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e34342e38312e302f32342d3234203d3e203339343231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c6:02:82:c0:ad:a0:84:c5:9d:37:b2:af:0c:c7:0b:1b:d2:
         76:f3:98:14:0b:2a:8f:b3:bd:06:39:53:19:66:b2:db:64:ae:
         87:89:6d:a2:a7:c5:18:16:bc:af:a3:1f:33:db:b8:1d:06:1d:
         27:4e:25:8b:0f:f7:07:1c:8b:21:ec:ad:b0:02:e7:05:78:c8:
         1c:a3:3c:b3:fb:97:e2:6a:14:3f:03:06:c0:33:d5:13:6c:5e:
         1c:72:62:ab:8a:0a:c2:9d:ad:66:49:0b:16:2c:b2:c6:65:45:
         1f:0b:47:dc:4a:2f:a0:9f:f1:bc:f9:3f:31:87:6b:c9:06:20:
         43:cb:4b:bf:3b:72:c1:f4:17:15:6b:27:bb:3d:db:f5:12:ae:
         1e:79:5b:0a:9b:9f:a3:1e:c6:f5:5c:57:00:79:7e:3a:dd:61:
         d8:8d:92:ee:b2:d8:d1:33:68:13:96:8c:2d:c5:85:2d:09:3e:
         d2:93:8a:4e:b2:23:75:01:e9:d7:47:5f:8d:35:27:e0:88:0a:
         b1:7f:67:50:19:7d:d7:9e:ce:df:6a:88:13:79:1f:ce:64:68:
         b3:1b:37:9f:94:3e:86:7c:0f:1d:8c:76:ba:0e:12:70:4e:93:
         01:71:6e:53:79:e2:d7:63:23:75:b5:f5:30:79:d8:ef:d9:48:
         26:9e:be:4f
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUYQevoWVoPkVdtid7X5iwiPY+09wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNTA2MDQyMTI3MTNaFw0yNjA2MDMyMTMyMTNaMDMxMTAvBgNV
BAMTKDhFOTUzRjM3M0FEMjg5QUZENDMwNzc4QjJCNzYyQjIyMzFGOTMwNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkn8UnBAhDKrGeTLO/r7VJSgEb
ivZKArRJEzku4WsByNfEccnjQAuDC3tDf/xOEdpBX1cdsMLqyOpQvXILdIuCfBzC
IbF2BAK9LPwW0eI1A60sPnuBLrZ4def/XKNEWlF/MMgZzW8vdKMdbyYyh6f8fnQZ
aphOrFnc+qOy6pt79RtAw1SNY3bkPpla6q9/hHZ/P6e7oBPk7Fxl4il32o6UnZ70
U06IxdPWoCfIZMQIj3k9PkHF4tHVENZnmvdWw6UelJlSLFySrbbcfM7lGtYF52Ep
y/LNlD7Wb6x3dSd1zv7ZxypPnc5h1vOCi9xRuefGCwdZK/ZImRvV0N2SRgeFAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUjpU/NzrSia/UMHeLK3YrIjH5MEIwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUHMAuGgYtyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMxMzgzNTJlMzQzNDJlMzgz
MTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNDMyMzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5
LFEwDQYJKoZIhvcNAQELBQADggEBAEnGAoLAraCExZ03sq8Mxwsb0nbzmBQLKo+z
vQY5UxlmsttkroeJbaKnxRgWvK+jHzPbuB0GHSdOJYsP9wcciyHsrbAC5wV4yByj
PLP7l+JqFD8DBsAz1RNsXhxyYquKCsKdrWZJCxYsssZlRR8LR9xKL6Cf8bz5PzGH
a8kGIEPLS787csH0FxVrJ7s92/USrh55Wwqbn6MexvVcVwB5fjrdYdiNku6y2NEz
aBOWjC3FhS0JPtKTik6yI3UB6ddHX401J+CICrF/Z1AZfdeezt9qiBN5H85kaLMb
N5+UPoZ8Dx2MdroOEnBOkwFxblN54tdjI3W19TB52O/ZSCaevk8=
-----END CERTIFICATE-----