Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
File:                     3138382e3136342e3135342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          7YK9BjVSnfe505W37DxY1ZZyrFLgClau3xqcJepnDzM=
Subject key identifier:   3C:EF:40:C2:2E:47:67:9A:A9:85:22:04:91:1B:D8:D8:E1:76:0E:AD
Certificate issuer:       /CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
Certificate serial:       618F23BAAE4C6B8533BD8B40A861314D8E51D383
Authority key identifier: 8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa
Signing time:             Thu 05 Jun 2025 06:05:44 +0000
ROA not before:           Thu 05 Jun 2025 06:00:44 +0000
ROA not after:            Thu 04 Jun 2026 06:05:44 +0000
asID:                     834
IP address blocks:        188.164.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8f:23:ba:ae:4c:6b:85:33:bd:8b:40:a8:61:31:4d:8e:51:d3:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
        Validity
            Not Before: Jun  5 06:00:44 2025 GMT
            Not After : Jun  4 06:05:44 2026 GMT
        Subject: CN=3CEF40C22E47679AA9852204911BD8D8E1760EAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:59:ef:ba:2b:f8:7e:c0:e3:92:94:31:f6:36:
                    f5:d5:8d:b0:f7:76:90:f3:53:7b:41:34:f5:88:33:
                    cb:a2:54:d5:93:70:d2:a5:e4:b3:8f:0c:d9:00:e0:
                    12:73:94:9a:93:b0:59:c3:fd:f9:d3:0f:14:f1:79:
                    9a:f3:a4:7f:b3:2c:76:b2:fe:cf:ee:59:e7:01:88:
                    ac:5f:ee:44:1a:e8:bf:5c:0b:0d:f5:52:85:72:aa:
                    8d:43:24:ae:b8:85:b0:ed:6f:a1:11:a3:04:a6:60:
                    22:f3:0d:41:21:85:d2:33:b9:b8:0c:f1:d8:e1:7c:
                    1a:11:8a:9c:69:5a:f8:c4:4e:29:e0:59:3e:d5:db:
                    c5:78:2f:7e:c6:24:8b:e5:01:62:ef:10:47:df:4f:
                    bd:a0:05:c1:47:b0:b4:5b:06:49:38:f4:ac:f4:d5:
                    05:09:93:2e:8b:01:4b:11:41:3f:c0:74:9f:09:ac:
                    e4:5d:de:24:ed:4a:8c:4b:b0:fb:70:9f:94:a2:63:
                    cb:07:f6:57:8c:a0:63:ff:49:99:6e:ad:eb:ee:54:
                    e3:9b:3b:12:30:a6:e6:f7:3d:8e:a7:b0:eb:6e:32:
                    bd:7a:97:86:4c:95:e9:43:23:11:07:04:f8:ac:cd:
                    56:9a:f6:52:08:73:4e:7e:cd:49:24:56:a8:48:46:
                    c2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:EF:40:C2:2E:47:67:9A:A9:85:22:04:91:1B:D8:D8:E1:76:0E:AD
            X509v3 Authority Key Identifier:
                keyid:8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b8:ca:46:64:d3:eb:b1:88:e8:99:67:50:41:12:f2:6a:08:
         cd:c8:00:6b:d5:03:27:71:e4:ca:4d:e7:e3:fc:ef:73:62:32:
         61:51:9c:c9:bd:aa:ea:20:52:46:56:db:d3:5b:ce:a8:1e:42:
         fc:f3:e0:e7:fa:77:c7:c1:f2:95:5d:fe:9b:f6:65:0b:5c:ed:
         dd:22:ef:d0:f6:63:17:b4:0e:c4:10:10:79:10:9e:62:3c:83:
         01:d7:c8:e2:64:21:f1:ba:7d:62:78:31:71:cc:3c:85:e7:e5:
         25:83:3b:a9:b9:96:83:08:13:0e:2b:74:57:c9:e1:90:d6:47:
         81:94:ad:b9:8b:b2:8d:f9:9b:f4:de:a7:c1:69:c5:b7:6e:5a:
         98:98:3f:97:0a:9c:14:a4:bf:b2:ec:6c:ca:b9:d0:8a:de:ad:
         42:6f:15:93:8c:96:de:be:f1:37:71:7c:e7:9b:0e:52:03:2e:
         26:e8:f5:38:86:8a:e7:10:8d:d6:f5:23:f3:19:49:67:15:80:
         72:8a:1b:81:47:58:19:fa:50:73:55:16:44:23:ee:26:26:87:
         f3:78:6f:02:d0:06:d1:e0:88:f4:95:e7:3a:de:9f:66:37:46:
         5a:2d:10:0a:12:9c:40:ee:9f:8a:4b:d9:6e:da:b0:80:f3:9f:
         b9:ae:69:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYY8juq5Ma4UzvYtAqGExTY5R04MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI5YmE5YWRkZTk2MzU3NzdiZjU4NmZkNDkzZTE0Y2Qz
MGY3YzRjYTAeFw0yNTA2MDUwNjAwNDRaFw0yNjA2MDQwNjA1NDRaMDMxMTAvBgNV
BAMTKDNDRUY0MEMyMkU0NzY3OUFBOTg1MjIwNDkxMUJEOEQ4RTE3NjBFQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYWe+6K/h+wOOSlDH2NvXVjbD3
dpDzU3tBNPWIM8uiVNWTcNKl5LOPDNkA4BJzlJqTsFnD/fnTDxTxeZrzpH+zLHay
/s/uWecBiKxf7kQa6L9cCw31UoVyqo1DJK64hbDtb6ERowSmYCLzDUEhhdIzubgM
8djhfBoRipxpWvjETingWT7V28V4L37GJIvlAWLvEEffT72gBcFHsLRbBkk49Kz0
1QUJky6LAUsRQT/AdJ8JrORd3iTtSoxLsPtwn5SiY8sH9leMoGP/SZlurevuVOOb
OxIwpub3PY6nsOtuMr16l4ZMlelDIxEHBPiszVaa9lIIc05+zUkkVqhIRsIPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPO9Awi5HZ5qphSIEkRvY2OF2Dq0wHwYDVR0j
BBgwFoAUi5uprd6WNXd79Yb9ST4UzTD3xMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAtZjZlMC00MTBjLWJjOTktYWYwOTIxZDFj
M2E0LzAvOEI5QkE5QURERTk2MzU3NzdCRjU4NkZENDkzRTE0Q0QzMEY3QzRDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2k1dXByZDZXTlhkNzlZYjlTVDRVelRE
M3hNby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAt
ZjZlMC00MTBjLWJjOTktYWYwOTIxZDFjM2E0LzAvMzEzODM4MmUzMTM2MzQyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyk
mjANBgkqhkiG9w0BAQsFAAOCAQEAcLjKRmTT67GI6JlnUEES8moIzcgAa9UDJ3Hk
yk3n4/zvc2IyYVGcyb2q6iBSRlbb01vOqB5C/PPg5/p3x8HylV3+m/ZlC1zt3SLv
0PZjF7QOxBAQeRCeYjyDAdfI4mQh8bp9Yngxccw8heflJYM7qbmWgwgTDit0V8nh
kNZHgZStuYuyjfmb9N6nwWnFt25amJg/lwqcFKS/suxsyrnQit6tQm8Vk4yW3r7x
N3F855sOUgMuJuj1OIaK5xCN1vUj8xlJZxWAcoobgUdYGfpQc1UWRCPuJiaH83hv
AtAG0eCI9JXnOt6fZjdGWi0QChKcQO6fikvZbtqwgPOfua5p0A==
-----END CERTIFICATE-----