Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e20383334.roa
File:                     3138352e39332e33352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tVWmb6kJhDqV43zx9HSVic9UdaE0FNOhH9Dck/5Yrlc=
Subject key identifier:   8A:B4:5B:29:76:DC:86:01:59:D4:54:CC:D1:3B:BC:37:AA:BB:0A:BE
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       115E91DC03096DB338E2071172A29931AC8C5E7F
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e20383334.roa
Signing time:             Sat 22 Feb 2025 00:00:47 +0000
ROA not before:           Fri 21 Feb 2025 23:55:47 +0000
ROA not after:            Sat 21 Feb 2026 00:00:47 +0000
asID:                     834
IP address blocks:        185.93.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:50:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:5e:91:dc:03:09:6d:b3:38:e2:07:11:72:a2:99:31:ac:8c:5e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb 21 23:55:47 2025 GMT
            Not After : Feb 21 00:00:47 2026 GMT
        Subject: CN=8AB45B2976DC860159D454CCD13BBC37AABB0ABE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:4c:bd:15:14:81:9d:77:5b:f7:14:d8:40:9a:
                    60:b8:f3:04:96:f7:e3:7c:fa:2e:32:9a:96:fb:85:
                    ee:a2:c6:b1:4f:a3:b1:4d:21:96:56:ce:da:4b:64:
                    5f:15:7e:b1:82:6e:fa:cf:35:a2:6a:b0:cf:97:70:
                    4b:b0:5a:18:6d:77:c3:c6:84:bb:00:42:21:5f:13:
                    7c:20:61:65:e8:21:4d:1c:27:92:da:36:ff:63:72:
                    fd:ee:ae:6f:63:2a:36:a3:3f:d3:1a:1c:39:60:5c:
                    5c:4f:63:45:a7:12:13:77:d3:96:73:17:10:f2:73:
                    86:4b:41:d6:2a:75:0e:a5:3d:50:6b:ae:09:20:89:
                    a5:e5:be:66:37:c9:05:e1:9e:f3:b3:dc:e9:74:07:
                    d6:0b:45:0e:9f:77:89:64:da:bd:81:b7:f1:4d:ed:
                    35:bf:79:c1:57:4b:7a:db:b6:4b:5d:4a:03:03:b5:
                    b9:f9:4d:93:08:0b:c4:16:87:d6:41:98:d3:c2:e3:
                    25:83:8e:ef:2d:12:0c:a4:1b:ed:85:e7:e3:c7:f1:
                    10:33:93:13:af:29:9f:65:58:05:65:90:bd:14:cf:
                    61:cc:86:0b:3f:c0:97:93:d0:92:33:b6:61:35:e6:
                    5b:c2:ae:6e:95:14:78:a6:89:6d:f5:34:d7:b2:2f:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B4:5B:29:76:DC:86:01:59:D4:54:CC:D1:3B:BC:37:AA:BB:0A:BE
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:aa:74:87:76:ae:1e:fc:8f:34:9b:31:4b:e5:a3:40:a8:1e:
         77:af:87:ac:78:95:0a:2a:b5:3a:de:94:e4:22:46:f8:52:69:
         7e:b0:32:0e:77:e5:6f:e6:5f:e7:b2:7e:59:f7:57:96:80:4a:
         ae:8e:78:2e:9b:10:16:84:ae:41:93:52:50:bd:a5:a9:0e:ae:
         4c:9d:a4:77:72:ed:05:b1:fd:da:ea:d6:6b:b5:a9:3c:2b:d9:
         30:3d:51:5d:f5:1b:b7:02:9a:28:7f:3b:24:28:f9:a4:cc:73:
         f2:cf:59:58:5b:08:06:8b:a6:84:58:d4:07:ed:5b:c9:5c:17:
         ab:74:b1:ef:9c:07:dd:b7:a2:cc:6d:b7:3a:40:75:0f:e7:7e:
         12:16:f5:8a:0f:0c:04:e7:b3:f3:57:22:f6:97:3d:87:ec:a4:
         08:13:43:95:42:a6:0b:3e:84:30:e9:4a:d8:88:5a:9b:cc:21:
         b3:a8:3b:d8:de:6a:75:4a:ac:e2:80:0d:97:e9:b5:40:e0:31:
         b3:68:4c:83:86:2c:c6:8f:01:66:e7:0d:7a:cf:7c:c9:dc:3c:
         f5:f2:79:5d:42:cb:0b:50:d8:b0:90:4f:94:31:d3:17:67:61:
         26:dc:80:59:fe:22:c2:e0:07:a6:0d:26:12:62:ad:cb:d9:ed:
         21:f1:30:02
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUEV6R3AMJbbM44gcRcqKZMayMXn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAyMjEyMzU1NDdaFw0yNjAyMjEwMDAwNDdaMDMxMTAvBgNV
BAMTKDhBQjQ1QjI5NzZEQzg2MDE1OUQ0NTRDQ0QxM0JCQzM3QUFCQjBBQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyTL0VFIGdd1v3FNhAmmC48wSW
9+N8+i4ympb7he6ixrFPo7FNIZZWztpLZF8VfrGCbvrPNaJqsM+XcEuwWhhtd8PG
hLsAQiFfE3wgYWXoIU0cJ5LaNv9jcv3urm9jKjajP9MaHDlgXFxPY0WnEhN305Zz
FxDyc4ZLQdYqdQ6lPVBrrgkgiaXlvmY3yQXhnvOz3Ol0B9YLRQ6fd4lk2r2Bt/FN
7TW/ecFXS3rbtktdSgMDtbn5TZMIC8QWh9ZBmNPC4yWDju8tEgykG+2F5+PH8RAz
kxOvKZ9lWAVlkL0Uz2HMhgs/wJeT0JIztmE15lvCrm6VFHimiW31NNeyL9sDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUirRbKXbchgFZ1FTM0Tu8N6q7Cr4wHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzOTMzMmUzMzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV0jMA0G
CSqGSIb3DQEBCwUAA4IBAQBAqnSHdq4e/I80mzFL5aNAqB53r4eseJUKKrU63pTk
Ikb4Uml+sDIOd+Vv5l/nsn5Z91eWgEqujngumxAWhK5Bk1JQvaWpDq5MnaR3cu0F
sf3a6tZrtak8K9kwPVFd9Ru3ApoofzskKPmkzHPyz1lYWwgGi6aEWNQH7VvJXBer
dLHvnAfdt6LMbbc6QHUP534SFvWKDwwE57PzVyL2lz2H7KQIE0OVQqYLPoQw6UrY
iFqbzCGzqDvY3mp1SqzigA2X6bVA4DGzaEyDhizGjwFm5w16z3zJ3Dz18nldQssL
UNiwkE+UMdMXZ2Em3IBZ/iLC4AemDSYSYq3L2e0h8TAC
-----END CERTIFICATE-----