Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
File:                     3138382e3136342e3135342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dqvIGRBXhp5junH3eUOhnE/BG+vJ7eBfp8AmwMBcjIk=
Subject key identifier:   31:A0:BD:BA:7E:55:4E:C4:D3:9B:B9:11:0F:27:AB:71:25:EE:1C:41
Certificate issuer:       /CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
Certificate serial:       6937DA6B3EC4A7CD5FD6F034BC5A795A7F5210F9
Authority key identifier: 8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
Signing time:             Thu 17 Jul 2025 00:01:42 +0000
ROA not before:           Wed 16 Jul 2025 23:56:42 +0000
ROA not after:            Thu 16 Jul 2026 00:01:42 +0000
asID:                     834
IP address blocks:        188.164.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Aug 2025 10:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:37:da:6b:3e:c4:a7:cd:5f:d6:f0:34:bc:5a:79:5a:7f:52:10:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
        Validity
            Not Before: Jul 16 23:56:42 2025 GMT
            Not After : Jul 16 00:01:42 2026 GMT
        Subject: CN=31A0BDBA7E554EC4D39BB9110F27AB7125EE1C41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:21:cb:3f:0d:94:aa:23:79:f6:50:12:03:c9:
                    d4:b7:d6:58:26:8d:fb:9e:48:7c:74:3f:85:4a:a3:
                    44:a7:d0:2c:40:62:cb:6c:63:fa:5b:9d:24:f2:5f:
                    61:a4:63:57:2f:98:b7:e1:f5:d7:2d:15:9c:3d:05:
                    28:f6:c0:48:e0:85:44:a6:e9:98:29:67:b9:e9:75:
                    30:56:ef:b9:f2:42:90:cd:4a:a4:59:6b:fa:55:f8:
                    e2:3c:6b:37:4e:1a:f5:d5:ab:04:bc:65:e8:8c:26:
                    72:f0:13:c7:37:b3:3c:5a:bb:0b:38:37:d8:df:db:
                    ea:45:c7:c1:f6:e0:24:42:f9:e6:fa:e1:81:0c:34:
                    db:a8:20:27:39:0a:6b:b5:dc:ea:46:d6:6f:6f:7b:
                    99:92:5f:1f:81:83:cb:76:12:b7:69:d1:26:42:70:
                    a1:41:7b:a1:81:97:02:f6:28:d8:4f:03:63:98:0f:
                    c8:5c:38:75:5f:3c:53:7f:af:29:7a:fc:5d:04:66:
                    b8:0d:1c:8a:da:3c:d5:16:73:07:6b:b1:c9:36:36:
                    82:1b:a9:c4:78:8b:84:8a:c1:f5:5f:a6:54:8e:94:
                    34:b8:76:4d:ba:03:2f:68:d3:3e:26:ef:a9:8c:3e:
                    26:c6:5f:70:3b:b6:5c:b2:51:54:13:1a:40:88:e5:
                    a7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A0:BD:BA:7E:55:4E:C4:D3:9B:B9:11:0F:27:AB:71:25:EE:1C:41
            X509v3 Authority Key Identifier:
                keyid:8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:dc:22:74:2d:e8:74:9b:f9:18:85:e3:59:72:6d:d9:f3:41:
         1b:1a:71:8c:30:42:52:97:9a:cf:bf:99:16:9d:72:ee:f0:dd:
         45:b6:4b:2e:35:86:9b:31:41:cf:5c:74:c7:e0:7f:17:32:52:
         73:92:70:08:5b:8f:96:6f:a9:f2:80:b3:a1:db:e2:2f:cc:0d:
         7c:e6:9c:be:99:29:93:e6:7b:b9:af:b7:71:ba:0b:25:d7:40:
         f6:e4:85:73:90:47:f7:87:13:ad:48:2c:2b:e1:b1:70:93:33:
         d6:8b:4a:69:cb:c9:e7:2b:e1:0b:0e:9c:04:5b:9f:85:22:a4:
         02:8f:56:f7:0a:30:8b:d3:65:86:64:a0:2e:cb:3c:c0:83:f2:
         98:cb:82:f7:cf:56:08:49:87:3a:92:d3:e4:c9:09:d2:9f:16:
         f1:48:83:a7:07:4e:62:c1:7f:25:54:4c:f6:cd:fb:5b:c0:c5:
         70:c1:c1:9e:b8:32:7d:dc:f4:ea:17:52:4b:19:0a:b3:a4:19:
         68:ac:9d:17:ef:74:cb:5b:71:b6:b9:73:67:72:6c:27:3c:f6:
         ff:36:ca:8d:88:ac:35:61:13:d1:71:9e:63:c1:71:31:33:9d:
         9a:97:bc:b7:ef:a0:8a:69:89:75:e0:57:2a:26:61:59:d6:7c:
         33:0c:09:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaTfaaz7Ep81f1vA0vFp5Wn9SEPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI5YmE5YWRkZTk2MzU3NzdiZjU4NmZkNDkzZTE0Y2Qz
MGY3YzRjYTAeFw0yNTA3MTYyMzU2NDJaFw0yNjA3MTYwMDAxNDJaMDMxMTAvBgNV
BAMTKDMxQTBCREJBN0U1NTRFQzREMzlCQjkxMTBGMjdBQjcxMjVFRTFDNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLIcs/DZSqI3n2UBIDydS31lgm
jfueSHx0P4VKo0Sn0CxAYstsY/pbnSTyX2GkY1cvmLfh9dctFZw9BSj2wEjghUSm
6ZgpZ7npdTBW77nyQpDNSqRZa/pV+OI8azdOGvXVqwS8ZeiMJnLwE8c3szxauws4
N9jf2+pFx8H24CRC+eb64YEMNNuoICc5Cmu13OpG1m9ve5mSXx+Bg8t2Erdp0SZC
cKFBe6GBlwL2KNhPA2OYD8hcOHVfPFN/ryl6/F0EZrgNHIraPNUWcwdrsck2NoIb
qcR4i4SKwfVfplSOlDS4dk26Ay9o0z4m76mMPibGX3A7tlyyUVQTGkCI5adBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMaC9un5VTsTTm7kRDyercSXuHEEwHwYDVR0j
BBgwFoAUi5uprd6WNXd79Yb9ST4UzTD3xMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAtZjZlMC00MTBjLWJjOTktYWYwOTIxZDFj
M2E0LzAvOEI5QkE5QURERTk2MzU3NzdCRjU4NkZENDkzRTE0Q0QzMEY3QzRDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2k1dXByZDZXTlhkNzlZYjlTVDRVelRE
M3hNby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAt
ZjZlMC00MTBjLWJjOTktYWYwOTIxZDFjM2E0LzAvMzEzODM4MmUzMTM2MzQyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyk
mjANBgkqhkiG9w0BAQsFAAOCAQEAOtwidC3odJv5GIXjWXJt2fNBGxpxjDBCUpea
z7+ZFp1y7vDdRbZLLjWGmzFBz1x0x+B/FzJSc5JwCFuPlm+p8oCzodviL8wNfOac
vpkpk+Z7ua+3cboLJddA9uSFc5BH94cTrUgsK+GxcJMz1otKacvJ5yvhCw6cBFuf
hSKkAo9W9wowi9NlhmSgLss8wIPymMuC989WCEmHOpLT5MkJ0p8W8UiDpwdOYsF/
JVRM9s37W8DFcMHBnrgyfdz06hdSSxkKs6QZaKydF+90y1txtrlzZ3JsJzz2/zbK
jYisNWET0XGeY8FxMTOdmpe8t++gimmJdeBXKiZhWdZ8MwwJVw==
-----END CERTIFICATE-----