Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e203235313938.roa
File:                     3138352e39332e33332e302f32342d3234203d3e203235313938.roa (raw, json)
Hash identifier:          NwgWf7HFawy9NZp/EPQ1/PPI6NToVfvJ+vjeNOim8/k=
Subject key identifier:   EF:CD:3E:7E:72:23:55:13:62:B0:99:38:A5:AD:9F:1B:D9:50:F1:33
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6792209C4FF93C67F841F2B0CD4004DDD5DD4804
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e203235313938.roa
Signing time:             Thu 11 Sep 2025 12:41:26 +0000
ROA not before:           Thu 11 Sep 2025 12:36:26 +0000
ROA not after:            Thu 10 Sep 2026 12:41:26 +0000
asID:                     25198
IP address blocks:        185.93.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:92:20:9c:4f:f9:3c:67:f8:41:f2:b0:cd:40:04:dd:d5:dd:48:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 11 12:36:26 2025 GMT
            Not After : Sep 10 12:41:26 2026 GMT
        Subject: CN=EFCD3E7E7223551362B09938A5AD9F1BD950F133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:29:44:47:b2:9e:29:30:e9:e1:11:6d:e9:18:
                    15:e5:64:21:c8:84:62:03:c6:54:59:bf:fa:08:7b:
                    68:b7:fb:5f:b7:d7:50:65:7f:07:d5:c5:30:71:e5:
                    a1:b3:02:93:9d:bd:a2:7a:e4:a5:97:75:85:c2:77:
                    21:eb:42:bd:fd:c9:52:37:ef:f5:d0:e8:ee:3a:0d:
                    50:13:f2:41:16:88:bc:88:0e:f8:6d:a1:f2:bd:3b:
                    03:c2:ce:b8:bb:ff:e7:ab:26:5c:3a:c6:78:14:af:
                    01:b7:91:95:81:ea:f6:1b:81:eb:f5:0b:00:4c:35:
                    ae:6e:4b:94:6e:0b:a3:68:ab:8f:49:29:2f:4b:ed:
                    85:22:a4:23:71:05:d0:ef:05:20:06:89:ed:01:4f:
                    f3:bf:a8:7f:86:99:8d:09:03:0b:d6:0a:e9:6b:fe:
                    73:d4:47:db:84:88:a6:8d:7a:21:7a:33:fe:0d:83:
                    5d:ce:eb:7f:f9:a0:1e:74:2f:c0:47:8c:3a:a8:6e:
                    e6:4e:6d:38:3a:2a:ba:bb:57:16:b5:28:01:74:f1:
                    eb:f6:45:42:33:59:e3:bb:1b:8b:69:a2:ae:d4:2a:
                    fb:48:5b:58:45:85:e0:9e:c6:9a:5c:65:c3:3c:9b:
                    06:49:a5:37:34:61:0c:b0:f3:5c:59:43:c9:ae:c2:
                    a4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CD:3E:7E:72:23:55:13:62:B0:99:38:A5:AD:9F:1B:D9:50:F1:33
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e203235313938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ab:a4:4b:a6:38:2a:99:18:0d:1a:a6:72:eb:77:76:17:f1:
         44:71:ed:f9:b0:ce:64:f5:74:a8:01:31:78:19:f1:4e:1c:62:
         a9:bd:41:3c:6e:69:65:8c:b4:dd:68:7c:94:65:cc:8a:f5:75:
         f4:23:58:01:fa:be:f3:25:d5:47:5a:6a:f7:4c:fa:6d:2d:79:
         fa:7b:2c:aa:6e:85:8e:4a:a9:b0:ef:34:d3:85:29:f5:be:f1:
         f6:d5:37:25:6c:1e:76:95:71:d5:b4:ea:93:cc:05:32:71:e3:
         24:d5:30:25:2b:df:d4:7f:ea:fc:e4:1c:8e:7e:6b:1f:65:9a:
         a1:7c:ed:e8:9b:60:fe:c3:4d:ae:db:34:a3:e8:76:5d:6d:ab:
         3b:af:b5:f6:6d:e4:d6:32:bc:a6:ca:f7:79:38:55:57:16:ca:
         37:9b:df:7e:8f:53:cf:4b:cf:b7:28:d2:dd:7c:6a:30:ca:61:
         95:1e:38:d5:98:fa:79:16:b9:a0:16:e5:cf:77:99:6f:fb:3c:
         8e:1f:27:21:b9:42:a8:e0:d7:91:4d:d7:97:c9:23:cf:0b:7f:
         2a:6f:d7:7a:6d:a2:28:6f:e7:90:ee:88:b9:84:e9:8a:90:c0:
         d9:a8:a8:e8:f1:16:78:58:bd:03:bc:b9:0d:7e:f1:bf:cf:8e:
         23:4f:a6:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ5IgnE/5PGf4QfKwzUAE3dXdSAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTExMjM2MjZaFw0yNjA5MTAxMjQxMjZaMDMxMTAvBgNV
BAMTKEVGQ0QzRTdFNzIyMzU1MTM2MkIwOTkzOEE1QUQ5RjFCRDk1MEYxMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzKURHsp4pMOnhEW3pGBXlZCHI
hGIDxlRZv/oIe2i3+1+311BlfwfVxTBx5aGzApOdvaJ65KWXdYXCdyHrQr39yVI3
7/XQ6O46DVAT8kEWiLyIDvhtofK9OwPCzri7/+erJlw6xngUrwG3kZWB6vYbgev1
CwBMNa5uS5RuC6Noq49JKS9L7YUipCNxBdDvBSAGie0BT/O/qH+GmY0JAwvWCulr
/nPUR9uEiKaNeiF6M/4Ng13O63/5oB50L8BHjDqobuZObTg6Krq7Vxa1KAF08ev2
RUIzWeO7G4tpoq7UKvtIW1hFheCexppcZcM8mwZJpTc0YQyw81xZQ8muwqT5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU780+fnIjVRNisJk4pa2fG9lQ8TMwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzOTMzMmUzMzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTMxMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALld
ITANBgkqhkiG9w0BAQsFAAOCAQEAS6ukS6Y4KpkYDRqmcut3dhfxRHHt+bDOZPV0
qAExeBnxThxiqb1BPG5pZYy03Wh8lGXMivV19CNYAfq+8yXVR1pq90z6bS15+nss
qm6FjkqpsO8004Up9b7x9tU3JWwedpVx1bTqk8wFMnHjJNUwJSvf1H/q/OQcjn5r
H2WaoXzt6Jtg/sNNrts0o+h2XW2rO6+19m3k1jK8psr3eThVVxbKN5vffo9Tz0vP
tyjS3XxqMMphlR441Zj6eRa5oBblz3eZb/s8jh8nIblCqODXkU3Xl8kjzwt/Km/X
em2iKG/nkO6IuYTpipDA2aio6PEWeFi9A7y5DX7xv8+OI0+mfQ==
-----END CERTIFICATE-----