Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
File:                     3138352e3130302e3231342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          sYx8zwZL7yHQxahh0MERMjQzamXgbKjlV8R7KTOjTao=
Subject key identifier:   F4:A7:8E:EB:BB:1D:D6:F7:B9:70:36:AC:57:46:D5:7A:46:92:88:A2
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       261E51075578DA5C35B5A57EE1E7FA2AE709EDA2
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
Signing time:             Wed 18 Jun 2025 00:03:30 +0000
ROA not before:           Tue 17 Jun 2025 23:58:30 +0000
ROA not after:            Wed 17 Jun 2026 00:03:30 +0000
asID:                     834
IP address blocks:        185.100.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 12:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:1e:51:07:55:78:da:5c:35:b5:a5:7e:e1:e7:fa:2a:e7:09:ed:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jun 17 23:58:30 2025 GMT
            Not After : Jun 17 00:03:30 2026 GMT
        Subject: CN=F4A78EEBBB1DD6F7B97036AC5746D57A469288A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:05:cd:2c:63:ab:c2:eb:1b:d8:28:fa:11:01:
                    33:e3:75:43:1a:3a:72:2c:ac:c8:ec:6f:7f:e3:b0:
                    07:09:37:61:1a:be:07:48:ae:20:e0:e4:a1:21:fd:
                    cc:8a:d6:ba:3f:17:94:12:4b:25:61:52:f1:1c:e9:
                    e2:91:7e:f9:a3:80:43:58:69:bc:15:f6:6a:ef:4a:
                    9f:bf:62:b9:37:d6:75:34:e4:1e:b4:e0:76:34:36:
                    e2:19:7b:e5:c0:99:3a:88:74:57:9f:1d:3b:40:65:
                    52:aa:ed:6d:ac:78:c2:35:6f:e5:21:6e:b0:13:4b:
                    6e:6b:2d:25:ed:c8:91:16:c2:c1:80:fc:02:87:66:
                    09:04:2d:b6:7f:31:4e:b3:cd:b8:a2:87:b6:41:37:
                    18:73:c2:55:c3:a4:17:23:70:cc:6f:51:de:04:f5:
                    8c:1c:93:4f:db:6b:d9:c9:44:21:8c:fb:9e:8b:4a:
                    fd:7e:91:d7:bf:3f:9d:30:ee:8b:e2:36:1a:fc:d4:
                    1e:6d:a1:9a:1b:43:41:d4:d1:6f:cb:6c:d2:4b:ab:
                    40:6f:06:34:ab:36:9f:a3:6d:90:34:84:c1:63:c6:
                    4b:fe:a1:30:c7:b2:52:ac:75:91:b0:34:7b:ed:98:
                    41:80:de:ed:cb:c3:41:76:5c:6e:14:6a:0f:03:44:
                    b9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A7:8E:EB:BB:1D:D6:F7:B9:70:36:AC:57:46:D5:7A:46:92:88:A2
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:57:5e:c1:42:e4:84:9b:43:99:b4:5c:f5:24:a2:e8:6f:28:
         a3:46:62:3a:d0:0d:8a:ad:59:6b:9c:b0:9c:88:85:2f:3a:0a:
         36:39:3e:f5:a3:d9:8e:d5:e4:0a:6f:79:a6:fb:b5:20:1c:7b:
         ff:bb:3f:d3:4c:46:52:f7:c3:fd:e2:75:e2:d5:01:23:e7:e7:
         7f:3f:c3:d8:d3:f1:95:ba:65:e2:26:3e:38:7a:b1:e0:12:50:
         bf:54:80:7a:d4:d2:de:88:fe:aa:2c:df:6c:5e:ac:c8:15:11:
         d5:99:89:60:ce:eb:7c:d7:38:a9:b7:da:92:91:60:4b:4e:1b:
         cd:65:c3:42:7c:56:32:ac:c7:5d:05:93:d7:fc:b7:81:97:75:
         32:b1:36:23:f3:50:6b:35:37:47:8b:b8:d8:da:4e:e3:fd:8f:
         6b:37:c6:d3:8d:2e:54:9f:a4:3f:b2:a7:89:41:55:01:99:ff:
         fb:80:7d:98:b2:49:8b:df:af:f5:36:fb:21:49:c5:6b:fa:24:
         ea:46:ee:ce:9f:b4:fd:97:5f:9f:ca:7e:0e:54:87:4e:5a:7f:
         93:0b:c9:2b:c1:93:ad:2c:c6:6a:56:a8:06:60:83:08:e8:43:
         58:e4:d0:64:07:ba:c9:8d:10:f7:ce:ce:67:5e:03:63:45:63:
         8d:2e:cd:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJh5RB1V42lw1taV+4ef6KucJ7aIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA2MTcyMzU4MzBaFw0yNjA2MTcwMDAzMzBaMDMxMTAvBgNV
BAMTKEY0QTc4RUVCQkIxREQ2RjdCOTcwMzZBQzU3NDZENTdBNDY5Mjg4QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Bc0sY6vC6xvYKPoRATPjdUMa
OnIsrMjsb3/jsAcJN2EavgdIriDg5KEh/cyK1ro/F5QSSyVhUvEc6eKRfvmjgENY
abwV9mrvSp+/Yrk31nU05B604HY0NuIZe+XAmTqIdFefHTtAZVKq7W2seMI1b+Uh
brATS25rLSXtyJEWwsGA/AKHZgkELbZ/MU6zzbiih7ZBNxhzwlXDpBcjcMxvUd4E
9Ywck0/ba9nJRCGM+56LSv1+kde/P50w7oviNhr81B5toZobQ0HU0W/LbNJLq0Bv
BjSrNp+jbZA0hMFjxkv+oTDHslKsdZGwNHvtmEGA3u3Lw0F2XG4Uag8DRLlVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9KeO67sd1ve5cDasV0bVekaSiKIwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlk
1jANBgkqhkiG9w0BAQsFAAOCAQEACFdewULkhJtDmbRc9SSi6G8oo0ZiOtANiq1Z
a5ywnIiFLzoKNjk+9aPZjtXkCm95pvu1IBx7/7s/00xGUvfD/eJ14tUBI+fnfz/D
2NPxlbpl4iY+OHqx4BJQv1SAetTS3oj+qizfbF6syBUR1ZmJYM7rfNc4qbfakpFg
S04bzWXDQnxWMqzHXQWT1/y3gZd1MrE2I/NQazU3R4u42NpO4/2PazfG040uVJ+k
P7KniUFVAZn/+4B9mLJJi9+v9Tb7IUnFa/ok6kbuzp+0/Zdfn8p+DlSHTlp/kwvJ
K8GTrSzGalaoBmCDCOhDWOTQZAe6yY0Q987OZ14DY0VjjS7Nig==
-----END CERTIFICATE-----