Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33342e302f32342d3234203d3e203631333137.roa
File:                     3138352e39332e33342e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          NB8GHrW1gaqiRjT3MhBCFVFxRtPycSh7VxWA55s/QKA=
Subject key identifier:   79:25:81:F0:9C:77:9F:5E:40:FB:B6:CF:A4:1D:35:A9:AC:9D:88:99
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       17A4FC0FB2B12E334515FD4B35E25F9B17EE7A02
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33342e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 10 Sep 2025 09:55:00 +0000
ROA not before:           Wed 10 Sep 2025 09:50:00 +0000
ROA not after:            Wed 09 Sep 2026 09:55:00 +0000
asID:                     61317
IP address blocks:        185.93.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:a4:fc:0f:b2:b1:2e:33:45:15:fd:4b:35:e2:5f:9b:17:ee:7a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 10 09:50:00 2025 GMT
            Not After : Sep  9 09:55:00 2026 GMT
        Subject: CN=792581F09C779F5E40FBB6CFA41D35A9AC9D8899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:17:62:e5:8d:11:97:c3:a9:18:75:12:0b:d0:
                    08:e9:46:bf:c6:53:7c:bc:e7:36:ac:2f:a6:d2:15:
                    3b:97:57:6d:70:55:bc:3a:c2:11:f0:94:3a:0b:6a:
                    58:c6:0f:20:70:8f:eb:a6:d2:81:f9:fb:da:bd:8f:
                    0d:ed:e5:70:79:d2:fb:f8:11:69:ee:b3:14:07:7d:
                    40:62:e4:a6:6c:e9:78:af:bf:85:5e:7b:cd:66:79:
                    1b:d8:ad:2e:34:4e:69:3d:1f:74:28:36:40:28:d7:
                    09:00:42:48:75:32:5b:ce:13:72:f8:ce:42:c0:0f:
                    98:2e:e0:41:89:9c:27:f8:26:54:36:b4:4b:e4:5f:
                    1d:d4:62:b5:84:5a:57:2c:dc:fc:f0:2c:a1:b5:3d:
                    95:67:9a:c0:41:bd:58:37:1b:20:5d:31:84:d4:20:
                    63:ee:6b:50:f8:50:47:32:f0:62:8e:49:11:2c:14:
                    17:e3:20:4f:a9:bf:51:4c:1d:67:84:5a:64:8e:79:
                    3f:1a:67:a6:20:5d:e7:c9:00:e9:5e:fc:0f:2a:37:
                    4b:3f:42:5f:63:47:96:9d:aa:11:cd:73:a1:90:42:
                    93:57:4a:f0:d6:74:60:e1:cb:b8:4a:76:89:7a:1d:
                    59:88:21:34:04:02:b9:80:fe:2f:2e:a9:de:2c:12:
                    19:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:25:81:F0:9C:77:9F:5E:40:FB:B6:CF:A4:1D:35:A9:AC:9D:88:99
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33342e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:42:34:6a:19:79:0b:40:0d:32:39:c2:dc:0b:ea:a4:9c:eb:
         1b:9a:1f:d9:e2:70:d8:eb:b0:d5:bc:d3:09:c8:d2:79:5a:2c:
         4f:a0:2c:57:1c:5d:7b:56:87:25:63:f8:5f:a7:65:a9:04:6c:
         7b:68:e0:4d:ce:fa:87:3c:4d:27:ce:b8:d5:c4:ac:cf:9a:26:
         43:26:cc:33:47:d6:f0:db:8c:7c:62:f3:b3:81:d0:40:e4:6b:
         19:92:67:7a:6b:33:fe:6d:ac:ef:43:66:eb:fa:78:91:35:47:
         62:d3:f6:81:91:46:35:91:98:50:32:f0:f9:cc:e8:e0:6e:7f:
         03:67:ff:a4:4d:03:5f:1e:bf:60:a3:38:fe:47:d8:68:2e:84:
         48:00:2f:a8:ca:e3:d6:1c:07:06:20:ba:2c:f8:19:93:56:d4:
         1e:03:80:77:1c:45:3d:89:2e:7c:22:b2:c1:21:79:a7:46:a3:
         16:3f:a2:5b:76:a5:de:35:d0:5b:f6:66:58:8e:56:dd:e6:70:
         69:2b:09:60:68:44:5e:e3:5f:fc:bf:a4:e1:2c:68:a3:b8:8c:
         ae:ab:1c:1f:fc:de:d7:b1:40:de:d8:c2:8a:12:67:d6:f9:91:
         b2:d8:0b:10:b4:3a:48:a8:98:5f:24:e3:bd:a1:f4:8d:9d:3d:
         0e:8a:14:c7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF6T8D7KxLjNFFf1LNeJfmxfuegIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDBaFw0yNjA5MDkwOTU1MDBaMDMxMTAvBgNV
BAMTKDc5MjU4MUYwOUM3NzlGNUU0MEZCQjZDRkE0MUQzNUE5QUM5RDg4OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSF2LljRGXw6kYdRIL0AjpRr/G
U3y85zasL6bSFTuXV21wVbw6whHwlDoLaljGDyBwj+um0oH5+9q9jw3t5XB50vv4
EWnusxQHfUBi5KZs6Xivv4Vee81meRvYrS40Tmk9H3QoNkAo1wkAQkh1MlvOE3L4
zkLAD5gu4EGJnCf4JlQ2tEvkXx3UYrWEWlcs3PzwLKG1PZVnmsBBvVg3GyBdMYTU
IGPua1D4UEcy8GKOSREsFBfjIE+pv1FMHWeEWmSOeT8aZ6YgXefJAOle/A8qN0s/
Ql9jR5adqhHNc6GQQpNXSvDWdGDhy7hKdol6HVmIITQEArmA/i8uqd4sEhmNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeSWB8Jx3n15A+7bPpB01qaydiJkwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzOTMzMmUzMzM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALld
IjANBgkqhkiG9w0BAQsFAAOCAQEAk0I0ahl5C0ANMjnC3AvqpJzrG5of2eJw2Ouw
1bzTCcjSeVosT6AsVxxde1aHJWP4X6dlqQRse2jgTc76hzxNJ8641cSsz5omQybM
M0fW8NuMfGLzs4HQQORrGZJnemsz/m2s70Nm6/p4kTVHYtP2gZFGNZGYUDLw+czo
4G5/A2f/pE0DXx6/YKM4/kfYaC6ESAAvqMrj1hwHBiC6LPgZk1bUHgOAdxxFPYku
fCKywSF5p0ajFj+iW3al3jXQW/ZmWI5W3eZwaSsJYGhEXuNf/L+k4Sxoo7iMrqsc
H/ze17FA3tjCihJn1vmRstgLELQ6SKiYXyTjvaH0jZ09DooUxw==
-----END CERTIFICATE-----