Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135362e302f32342d3234203d3e20383334.roa
File:                     3138382e3136342e3135362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          sY/xAuh6Mg68YWt7c8TloEoU7TIBsTXsCx6tRGi7xp4=
Subject key identifier:   D6:B0:E8:24:D8:DC:AB:17:BF:1B:E8:7B:5B:DC:4B:08:80:30:A5:F7
Certificate issuer:       /CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
Certificate serial:       08BF47D244155A142778002E41154491E75444DD
Authority key identifier: 8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135362e302f32342d3234203d3e20383334.roa
Signing time:             Sun 02 Feb 2025 00:01:19 +0000
ROA not before:           Sat 01 Feb 2025 23:56:19 +0000
ROA not after:            Sun 01 Feb 2026 00:01:19 +0000
asID:                     834
IP address blocks:        188.164.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 17:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:bf:47:d2:44:15:5a:14:27:78:00:2e:41:15:44:91:e7:54:44:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9ba9adde9635777bf586fd493e14cd30f7c4ca
        Validity
            Not Before: Feb  1 23:56:19 2025 GMT
            Not After : Feb  1 00:01:19 2026 GMT
        Subject: CN=D6B0E824D8DCAB17BF1BE87B5BDC4B088030A5F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:67:ed:11:60:17:ac:85:d4:a9:58:21:44:c4:
                    21:1e:4e:d1:84:16:55:99:73:d6:0f:5f:33:4b:1d:
                    0f:63:91:8d:e6:cd:61:57:fa:71:8f:d5:8e:18:3f:
                    e8:59:c5:3b:46:49:11:f4:d2:71:d6:f8:d6:59:83:
                    db:c6:c0:84:df:53:2f:0a:9c:30:70:d4:f7:2e:20:
                    6b:db:48:4c:ea:58:74:a1:69:96:07:8e:fa:8e:5a:
                    54:fa:ca:66:5e:cc:b6:e4:c1:e2:62:9a:f3:d9:58:
                    99:56:8d:10:b6:70:c2:a6:4b:1d:46:15:d7:64:60:
                    42:b7:96:2d:4d:6d:c6:ce:e3:ae:a5:74:ff:0f:87:
                    3e:ba:5a:ca:e5:85:5f:03:be:80:fa:c3:f2:15:39:
                    e4:a1:00:ca:31:0a:48:e0:60:5b:26:2a:b8:df:bc:
                    79:36:47:94:07:5b:f4:8c:d5:9a:4d:63:10:23:d1:
                    4f:e6:81:bb:f2:3e:38:18:81:1f:f9:c6:b0:9c:67:
                    ab:47:72:0b:57:89:56:06:28:18:78:56:58:9d:c3:
                    66:76:6f:2f:92:89:9b:0b:3c:75:3e:74:ff:a6:ea:
                    eb:cb:d2:ff:8c:61:19:6c:bd:10:a1:b9:bf:16:e6:
                    a8:69:74:55:21:5b:6b:33:40:7a:ad:f3:98:25:c7:
                    31:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B0:E8:24:D8:DC:AB:17:BF:1B:E8:7B:5B:DC:4B:08:80:30:A5:F7
            X509v3 Authority Key Identifier:
                keyid:8B:9B:A9:AD:DE:96:35:77:7B:F5:86:FD:49:3E:14:CD:30:F7:C4:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/8B9BA9ADDE9635777BF586FD493E14CD30F7C4CA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5uprd6WNXd79Yb9ST4UzTD3xMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c030890-f6e0-410c-bc99-af0921d1c3a4/0/3138382e3136342e3135362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3c:f0:22:cf:b5:45:b2:e2:51:42:70:f5:33:ee:c2:f6:eb:
         a4:40:3b:42:cc:e7:f8:5d:92:d4:2a:da:07:73:b9:0b:e0:fb:
         dc:89:60:ef:42:c8:bc:c1:20:8e:a4:e3:71:ab:e0:68:c6:ea:
         af:94:26:0e:4f:a6:ac:93:61:9f:97:76:fb:02:e8:d2:05:71:
         fe:fa:1d:bb:37:ed:c3:d2:a2:da:90:ec:ea:42:94:d7:8d:76:
         17:f4:f7:8e:27:d7:4d:f8:48:14:88:73:e2:59:ff:74:c5:da:
         37:8d:dc:0c:64:a1:8f:73:b2:7b:b8:de:f7:c1:60:e9:24:0a:
         7a:e8:28:7a:6a:0d:48:8e:d7:01:40:11:80:5b:91:f4:74:23:
         9e:7d:1a:d7:94:5b:d9:3b:46:dc:2d:a6:f4:8e:5e:aa:b2:da:
         4e:8b:97:b4:a0:2a:ce:06:de:75:77:35:13:4d:9f:1c:09:05:
         29:b6:6e:01:54:35:9f:c8:e8:c3:4b:65:19:46:84:03:f4:d3:
         29:9d:a5:f0:3c:74:66:ce:28:d7:d1:78:d1:41:89:d8:e0:f7:
         bb:1f:61:b1:4e:56:3e:0d:d5:1e:46:0e:39:a2:19:f1:c2:d1:
         f2:7b:fa:f2:8e:41:fb:77:b0:5d:de:c0:8d:b6:39:7c:dd:69:
         d7:c6:12:ce
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCL9H0kQVWhQneAAuQRVEkedURN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI5YmE5YWRkZTk2MzU3NzdiZjU4NmZkNDkzZTE0Y2Qz
MGY3YzRjYTAeFw0yNTAyMDEyMzU2MTlaFw0yNjAyMDEwMDAxMTlaMDMxMTAvBgNV
BAMTKEQ2QjBFODI0RDhEQ0FCMTdCRjFCRTg3QjVCREM0QjA4ODAzMEE1RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOZ+0RYBeshdSpWCFExCEeTtGE
FlWZc9YPXzNLHQ9jkY3mzWFX+nGP1Y4YP+hZxTtGSRH00nHW+NZZg9vGwITfUy8K
nDBw1PcuIGvbSEzqWHShaZYHjvqOWlT6ymZezLbkweJimvPZWJlWjRC2cMKmSx1G
FddkYEK3li1NbcbO466ldP8Phz66WsrlhV8DvoD6w/IVOeShAMoxCkjgYFsmKrjf
vHk2R5QHW/SM1ZpNYxAj0U/mgbvyPjgYgR/5xrCcZ6tHcgtXiVYGKBh4Vlidw2Z2
by+SiZsLPHU+dP+m6uvL0v+MYRlsvRChub8W5qhpdFUhW2szQHqt85glxzHTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1rDoJNjcqxe/G+h7W9xLCIAwpfcwHwYDVR0j
BBgwFoAUi5uprd6WNXd79Yb9ST4UzTD3xMowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAtZjZlMC00MTBjLWJjOTktYWYwOTIxZDFj
M2E0LzAvOEI5QkE5QURERTk2MzU3NzdCRjU4NkZENDkzRTE0Q0QzMEY3QzRDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2k1dXByZDZXTlhkNzlZYjlTVDRVelRE
M3hNby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmMwMzA4OTAt
ZjZlMC00MTBjLWJjOTktYWYwOTIxZDFjM2E0LzAvMzEzODM4MmUzMTM2MzQyZTMx
MzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyk
nDANBgkqhkiG9w0BAQsFAAOCAQEAIjzwIs+1RbLiUUJw9TPuwvbrpEA7Qszn+F2S
1CraB3O5C+D73Ilg70LIvMEgjqTjcavgaMbqr5QmDk+mrJNhn5d2+wLo0gVx/vod
uzftw9Ki2pDs6kKU1412F/T3jifXTfhIFIhz4ln/dMXaN43cDGShj3Oye7je98Fg
6SQKeugoemoNSI7XAUARgFuR9HQjnn0a15Rb2TtG3C2m9I5eqrLaTouXtKAqzgbe
dXc1E02fHAkFKbZuAVQ1n8jow0tlGUaEA/TTKZ2l8Dx0Zs4o19F40UGJ2OD3ux9h
sU5WPg3VHkYOOaIZ8cLR8nv68o5B+3ewXd7AjbY5fN1p18YSzg==
-----END CERTIFICATE-----