Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3138352e3231332e3235312e302f32342d3234203d3e20393834.roa
File:                     3138352e3231332e3235312e302f32342d3234203d3e20393834.roa (raw, json)
Hash identifier:          +mGpTck72lzkh7Ood/3OgnV6lEE5Ty61FGiwl0p4XrE=
Subject key identifier:   D0:BD:72:C8:C6:1C:13:C0:04:53:64:A4:4D:F9:EE:00:10:52:1B:B0
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       089477FCED3EB07C3C0A03376927BE2F3723EA16
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3138352e3231332e3235312e302f32342d3234203d3e20393834.roa
Signing time:             Mon 15 Sep 2025 03:13:10 +0000
ROA not before:           Mon 15 Sep 2025 03:08:10 +0000
ROA not after:            Mon 14 Sep 2026 03:13:10 +0000
asID:                     984
IP address blocks:        185.213.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 21:57:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:94:77:fc:ed:3e:b0:7c:3c:0a:03:37:69:27:be:2f:37:23:ea:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Sep 15 03:08:10 2025 GMT
            Not After : Sep 14 03:13:10 2026 GMT
        Subject: CN=D0BD72C8C61C13C0045364A44DF9EE0010521BB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:57:ad:f1:ba:1e:36:4d:38:da:8a:ff:c2:7b:
                    8e:46:fa:56:44:a2:25:a6:c7:f4:0b:e9:8f:e0:f7:
                    05:2f:73:c4:77:a3:fc:a6:76:24:1f:aa:52:7e:aa:
                    27:8b:88:a5:f4:36:ed:1a:f7:2f:cc:b5:d2:72:6d:
                    51:2d:be:fd:87:87:f4:19:36:21:a7:79:50:d5:17:
                    bd:70:05:01:b1:a2:8a:61:5d:59:a8:88:c0:49:6c:
                    0e:9a:73:5b:bd:3f:a5:f0:0b:49:87:9c:ee:cc:7a:
                    ac:df:59:0a:8d:56:8e:19:44:ed:03:2e:ee:a6:36:
                    b1:6f:98:12:5a:b8:f5:25:0b:68:c2:2c:6a:0c:c6:
                    21:ac:be:61:d3:d8:5f:0b:ea:fc:82:84:15:40:a6:
                    cd:e5:f0:1f:e7:29:1c:6a:1d:e2:7b:2c:f0:df:ec:
                    b9:a5:16:9e:96:34:38:55:89:38:d3:4f:b7:72:06:
                    17:e6:41:ec:64:fe:9d:a6:3f:fd:ec:22:5a:f3:f8:
                    2d:6a:75:54:52:68:79:01:2d:1d:43:cc:e5:50:d1:
                    e0:37:3f:ea:9f:62:0c:fc:b3:66:3c:1a:75:23:c8:
                    c3:1a:09:4a:1d:19:f0:8a:11:41:07:22:db:49:6a:
                    2b:1e:31:96:cb:74:1c:e8:08:42:04:63:35:9c:0e:
                    5a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:BD:72:C8:C6:1C:13:C0:04:53:64:A4:4D:F9:EE:00:10:52:1B:B0
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3138352e3231332e3235312e302f32342d3234203d3e20393834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:8a:71:ac:54:94:98:6c:0b:e3:94:eb:86:98:69:e8:ca:ab:
         7e:31:1d:83:e7:bc:4b:36:68:a9:f7:9c:1b:c5:43:e0:19:d9:
         61:0e:22:8f:78:8f:93:03:03:4f:c5:6f:d3:fc:19:53:13:d9:
         a5:6e:64:cb:38:cb:a7:82:27:c0:49:90:f8:21:72:8f:28:c6:
         65:33:fb:21:9b:bd:dc:1c:e7:4a:ff:ec:63:eb:93:2c:19:2c:
         db:01:14:d0:73:a6:8d:58:02:81:e7:0a:eb:7d:4d:8b:3a:16:
         4d:42:8c:16:cc:57:96:72:42:45:b0:37:95:59:6b:70:91:6d:
         14:10:db:d5:37:21:e4:aa:fd:f5:00:84:b9:0b:4b:a8:9f:99:
         b2:8b:59:e0:a0:4f:24:10:26:ca:8d:74:e6:11:86:74:44:3e:
         d8:93:06:ef:ff:f2:ef:47:56:3c:ae:d5:76:71:af:a8:cd:49:
         af:95:3c:64:50:c4:72:af:b6:ff:5b:cb:03:ff:35:5b:15:37:
         71:c9:cf:36:45:ad:0d:95:22:a8:8f:26:bc:65:5c:6a:84:7c:
         4d:bf:9e:05:3c:d3:2e:5e:2d:af:fb:c3:eb:99:00:71:e5:7c:
         09:ba:25:bd:35:44:4d:7b:ad:10:ee:ce:61:5a:8e:d5:e7:03:
         20:75:93:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCJR3/O0+sHw8CgM3aSe+Lzcj6hYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTA5MTUwMzA4MTBaFw0yNjA5MTQwMzEzMTBaMDMxMTAvBgNV
BAMTKEQwQkQ3MkM4QzYxQzEzQzAwNDUzNjRBNDRERjlFRTAwMTA1MjFCQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBV63xuh42TTjaiv/Ce45G+lZE
oiWmx/QL6Y/g9wUvc8R3o/ymdiQfqlJ+qieLiKX0Nu0a9y/MtdJybVEtvv2Hh/QZ
NiGneVDVF71wBQGxoophXVmoiMBJbA6ac1u9P6XwC0mHnO7MeqzfWQqNVo4ZRO0D
Lu6mNrFvmBJauPUlC2jCLGoMxiGsvmHT2F8L6vyChBVAps3l8B/nKRxqHeJ7LPDf
7LmlFp6WNDhViTjTT7dyBhfmQexk/p2mP/3sIlrz+C1qdVRSaHkBLR1DzOVQ0eA3
P+qfYgz8s2Y8GnUjyMMaCUodGfCKEUEHIttJaiseMZbLdBzoCEIEYzWcDlpNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0L1yyMYcE8AEU2SkTfnuABBSG7AwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzODM1MmUzMjMxMzMyZTMy
MzUzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnV
+zANBgkqhkiG9w0BAQsFAAOCAQEAPYpxrFSUmGwL45Trhphp6MqrfjEdg+e8SzZo
qfecG8VD4BnZYQ4ij3iPkwMDT8Vv0/wZUxPZpW5kyzjLp4InwEmQ+CFyjyjGZTP7
IZu93BznSv/sY+uTLBks2wEU0HOmjVgCgecK631NizoWTUKMFsxXlnJCRbA3lVlr
cJFtFBDb1Tch5Kr99QCEuQtLqJ+ZsotZ4KBPJBAmyo105hGGdEQ+2JMG7//y70dW
PK7VdnGvqM1Jr5U8ZFDEcq+2/1vLA/81WxU3ccnPNkWtDZUiqI8mvGVcaoR8Tb+e
BTzTLl4tr/vD65kAceV8CbolvTVETXutEO7OYVqO1ecDIHWTUg==
-----END CERTIFICATE-----