Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3139302e302f32342d3234203d3e20383334.roa
File:                     3137382e3230382e3139302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          bEvPBqtlrny4xQLtkjNXAp2fW2t5gF65HTzJLpUql2M=
Subject key identifier:   90:C9:5B:C8:B3:79:00:6F:A8:E6:D8:2C:9D:1B:83:EA:A8:D0:9A:C9
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       1AB4A76561C8349564DB63878069E30ADA366968
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3139302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 01 Jun 2026 00:08:42 +0000
ROA not before:           Mon 01 Jun 2026 00:03:42 +0000
ROA not after:            Mon 31 May 2027 00:08:42 +0000
asID:                     834
IP address blocks:        178.208.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 19:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:b4:a7:65:61:c8:34:95:64:db:63:87:80:69:e3:0a:da:36:69:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun  1 00:03:42 2026 GMT
            Not After : May 31 00:08:42 2027 GMT
        Subject: CN=90C95BC8B379006FA8E6D82C9D1B83EAA8D09AC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b2:a0:70:db:55:85:14:43:90:91:3e:95:f0:
                    db:4b:b5:22:e4:90:00:b2:fe:d0:e4:e8:5c:ee:d6:
                    63:0b:49:8a:b7:d0:18:a8:83:7c:02:82:bc:42:2d:
                    65:6a:17:fd:1a:3f:bc:01:bf:20:d2:e4:4b:5f:07:
                    f6:84:b7:b0:0c:aa:81:ff:9e:78:72:c9:f1:eb:42:
                    02:d0:b3:b7:fc:71:6d:a1:f7:b9:c3:16:07:a1:09:
                    08:ba:48:37:eb:fb:94:19:79:1f:18:83:bf:96:e7:
                    d4:d3:a6:21:84:b1:ff:48:9f:a5:4a:27:b5:1c:24:
                    a3:e3:48:71:8b:44:27:96:3f:1a:ce:6a:33:43:09:
                    b5:7d:18:62:48:1e:92:34:44:21:cb:0f:dd:3d:a8:
                    0d:0f:da:f1:3d:b7:37:14:02:82:fb:05:89:a8:63:
                    25:98:71:53:b3:4c:9d:72:fa:ce:e3:b4:36:65:f2:
                    00:48:8b:35:d9:b3:5c:98:5b:78:10:ea:6b:24:3c:
                    31:49:db:a0:cc:98:66:a5:54:a7:e5:46:6a:f2:28:
                    31:21:7e:79:ed:d6:fa:90:fd:93:01:40:93:92:e2:
                    7c:ee:cf:c0:2c:60:29:05:f4:56:42:29:49:50:a9:
                    04:87:ae:7d:54:84:1a:e2:75:f9:cc:17:9a:d3:7d:
                    9a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:C9:5B:C8:B3:79:00:6F:A8:E6:D8:2C:9D:1B:83:EA:A8:D0:9A:C9
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3139302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c0:c5:98:37:66:9c:59:e4:9f:22:76:1f:f9:a4:28:44:64:
         8c:b7:c4:88:2b:5b:5f:25:7c:9d:2c:64:9e:dc:51:a2:a6:35:
         7f:aa:b5:13:18:fb:f4:cf:34:7f:f9:3e:27:8b:85:a4:c7:9c:
         11:9c:fa:1c:41:65:04:ee:88:8d:fc:06:7d:0d:5b:67:05:e5:
         dd:3f:85:4f:40:18:db:05:68:ab:b0:7e:36:ff:31:a2:10:9e:
         f9:84:a2:ba:cf:52:25:83:82:a0:32:d9:bd:5d:f7:87:77:d3:
         8e:b6:96:80:2c:24:7c:2d:88:45:b3:db:35:03:4f:74:63:6c:
         84:a9:bf:40:78:2b:e1:f2:d1:f0:04:ae:46:a7:6a:76:83:4f:
         fc:34:01:3b:f5:e4:3e:bf:d3:bb:f1:6b:d4:75:5f:e4:ed:4d:
         a0:dd:14:ec:ab:7a:2e:0c:10:4c:c1:af:be:46:04:83:9b:f3:
         a7:bc:c9:9c:90:ac:ab:8c:fb:05:3b:de:1a:d2:62:40:00:45:
         57:9f:38:ce:20:e3:39:22:eb:7c:3e:3a:5a:de:cd:52:6b:c5:
         8e:2c:be:dd:21:e1:30:6a:fa:39:90:1d:2c:82:a6:b9:8b:05:
         88:b1:42:75:e5:0c:89:d8:15:38:70:06:b3:4d:90:79:4f:12:
         8a:bc:ab:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGrSnZWHINJVk22OHgGnjCto2aWgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA2MDEwMDAzNDJaFw0yNzA1MzEwMDA4NDJaMDMxMTAvBgNV
BAMTKDkwQzk1QkM4QjM3OTAwNkZBOEU2RDgyQzlEMUI4M0VBQThEMDlBQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHsqBw21WFFEOQkT6V8NtLtSLk
kACy/tDk6Fzu1mMLSYq30Biog3wCgrxCLWVqF/0aP7wBvyDS5EtfB/aEt7AMqoH/
nnhyyfHrQgLQs7f8cW2h97nDFgehCQi6SDfr+5QZeR8Yg7+W59TTpiGEsf9In6VK
J7UcJKPjSHGLRCeWPxrOajNDCbV9GGJIHpI0RCHLD909qA0P2vE9tzcUAoL7BYmo
YyWYcVOzTJ1y+s7jtDZl8gBIizXZs1yYW3gQ6mskPDFJ26DMmGalVKflRmryKDEh
fnnt1vqQ/ZMBQJOS4nzuz8AsYCkF9FZCKUlQqQSHrn1UhBridfnMF5rTfZrdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkMlbyLN5AG+o5tgsnRuD6qjQmskwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzkzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALLQ
vjANBgkqhkiG9w0BAQsFAAOCAQEAj8DFmDdmnFnknyJ2H/mkKERkjLfEiCtbXyV8
nSxkntxRoqY1f6q1Exj79M80f/k+J4uFpMecEZz6HEFlBO6IjfwGfQ1bZwXl3T+F
T0AY2wVoq7B+Nv8xohCe+YSius9SJYOCoDLZvV33h3fTjraWgCwkfC2IRbPbNQNP
dGNshKm/QHgr4fLR8ASuRqdqdoNP/DQBO/XkPr/Tu/Fr1HVf5O1NoN0U7Kt6LgwQ
TMGvvkYEg5vzp7zJnJCsq4z7BTveGtJiQABFV584ziDjOSLrfD46Wt7NUmvFjiy+
3SHhMGr6OZAdLIKmuYsFiLFCdeUMidgVOHAGs02QeU8SiryrpQ==
-----END CERTIFICATE-----