Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
File:                     3137382e3230382e3138322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          6JNI8Phhtsr9qFxHSD3PWUdccbxwjl8rmUtHlFmzYRQ=
Subject key identifier:   3D:CE:82:83:20:1B:2B:68:27:14:CC:43:DA:84:9E:6E:E4:87:64:87
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       599F96AB34D747E2AEB8BE842F3A21FC34B2AF1A
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 04 Jul 2025 00:02:14 +0000
ROA not before:           Thu 03 Jul 2025 23:57:14 +0000
ROA not after:            Fri 03 Jul 2026 00:02:14 +0000
asID:                     834
IP address blocks:        178.208.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Aug 2025 14:29:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:9f:96:ab:34:d7:47:e2:ae:b8:be:84:2f:3a:21:fc:34:b2:af:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jul  3 23:57:14 2025 GMT
            Not After : Jul  3 00:02:14 2026 GMT
        Subject: CN=3DCE8283201B2B682714CC43DA849E6EE4876487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ca:ae:40:b3:98:ee:6c:92:9e:bc:a1:8f:68:
                    03:3a:46:90:51:dc:5e:39:e9:15:4b:6c:cf:c9:67:
                    fa:b0:f4:32:2f:f2:1b:b6:37:c5:6a:f3:e2:cd:92:
                    9a:3a:1a:37:58:7a:a5:2a:d4:08:b3:7f:b7:31:90:
                    e8:32:1a:f3:f7:ed:92:2a:e5:ec:fb:09:a4:bb:3c:
                    f9:02:bb:74:86:23:cb:e8:e5:11:7a:c4:ba:58:ed:
                    29:80:bd:94:7d:10:a3:40:5e:f8:71:c0:63:7c:95:
                    58:ee:62:a1:d1:e8:72:c5:2c:91:82:6f:3a:26:e1:
                    3e:f1:14:a8:ec:18:33:c7:8f:79:45:4c:dd:7a:7d:
                    e6:b7:0d:26:9d:a3:d5:d6:2a:93:fb:20:24:14:eb:
                    60:a4:33:6a:4c:21:10:a1:be:e9:0a:40:41:aa:f1:
                    be:ab:55:b6:17:6b:f8:ad:ff:c7:19:7d:43:9a:10:
                    bc:e1:71:86:b0:8d:fc:08:0c:86:bc:56:9a:f1:02:
                    44:fb:3e:1c:ec:09:1f:09:0b:e6:ad:f9:41:54:f9:
                    d0:5d:15:94:eb:1f:12:7c:5d:b7:56:b8:bc:5e:d2:
                    20:95:42:13:2b:d1:2f:26:13:63:44:7c:30:65:67:
                    f5:55:2c:4d:49:d8:64:e6:3c:33:27:ef:64:4b:46:
                    8a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:CE:82:83:20:1B:2B:68:27:14:CC:43:DA:84:9E:6E:E4:87:64:87
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:04:90:03:79:83:da:64:55:b8:d3:4e:94:b8:75:55:41:e3:
         e2:9b:c3:28:0b:fa:37:6c:38:79:24:07:4e:f1:35:02:b5:fd:
         c7:63:8c:f4:7b:4c:25:18:2d:7b:a1:eb:dc:f7:33:c2:df:f7:
         5b:6c:f7:a5:fb:66:c4:25:c9:43:61:bb:10:f7:f4:26:92:67:
         4f:a4:17:af:2c:d0:26:9b:49:27:1c:c5:1c:6a:ba:4f:a3:9b:
         b2:bb:f9:99:e4:40:a5:13:e7:a1:ce:cd:c4:a4:89:22:a1:bb:
         4a:12:a5:4b:c1:f4:71:20:d1:ab:58:a7:4d:bd:02:21:09:87:
         fb:a3:ba:d1:e3:09:3b:d6:63:71:61:58:b5:f9:56:31:7f:e0:
         f1:b6:01:4b:cd:8a:ab:9d:fc:52:8f:56:15:2a:7c:c1:c2:4d:
         60:e7:68:9e:58:81:0b:cc:41:5a:d9:65:bb:88:8d:52:41:18:
         09:17:53:93:4f:c9:fc:7a:94:ba:70:48:23:45:83:55:d7:d0:
         97:c5:a4:1f:c5:2d:cd:37:2e:e3:40:0b:66:a5:89:89:9b:69:
         03:95:36:9f:43:32:53:68:02:66:8c:a7:6f:5c:0d:2a:6d:54:
         6d:5d:3e:3e:ad:7d:8c:f8:7b:90:45:cb:21:e0:67:8b:4e:30:
         5a:71:ef:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWZ+WqzTXR+KuuL6ELzoh/DSyrxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA3MDMyMzU3MTRaFw0yNjA3MDMwMDAyMTRaMDMxMTAvBgNV
BAMTKDNEQ0U4MjgzMjAxQjJCNjgyNzE0Q0M0M0RBODQ5RTZFRTQ4NzY0ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvyq5As5jubJKevKGPaAM6RpBR
3F456RVLbM/JZ/qw9DIv8hu2N8Vq8+LNkpo6GjdYeqUq1Aizf7cxkOgyGvP37ZIq
5ez7CaS7PPkCu3SGI8vo5RF6xLpY7SmAvZR9EKNAXvhxwGN8lVjuYqHR6HLFLJGC
bzom4T7xFKjsGDPHj3lFTN16fea3DSado9XWKpP7ICQU62CkM2pMIRChvukKQEGq
8b6rVbYXa/it/8cZfUOaELzhcYawjfwIDIa8VprxAkT7PhzsCR8JC+at+UFU+dBd
FZTrHxJ8XbdWuLxe0iCVQhMr0S8mE2NEfDBlZ/VVLE1J2GTmPDMn72RLRoqpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPc6CgyAbK2gnFMxD2oSebuSHZIcwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzgzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbLQ
tjANBgkqhkiG9w0BAQsFAAOCAQEAhgSQA3mD2mRVuNNOlLh1VUHj4pvDKAv6N2w4
eSQHTvE1ArX9x2OM9HtMJRgte6Hr3Pczwt/3W2z3pftmxCXJQ2G7EPf0JpJnT6QX
ryzQJptJJxzFHGq6T6Obsrv5meRApRPnoc7NxKSJIqG7ShKlS8H0cSDRq1inTb0C
IQmH+6O60eMJO9ZjcWFYtflWMX/g8bYBS82Kq538Uo9WFSp8wcJNYOdonliBC8xB
Wtllu4iNUkEYCRdTk0/J/HqUunBII0WDVdfQl8WkH8UtzTcu40ALZqWJiZtpA5U2
n0MyU2gCZoynb1wNKm1UbV0+Pq19jPh7kEXLIeBni04wWnHvlg==
-----END CERTIFICATE-----