Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133382e302f32332d3234203d3e20383334.roa
File:                     3138352e3135302e3133382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          2RYt+mcllg5owp/pmKl773pVjvDQyIgIwrL9m7Ciq/o=
Subject key identifier:   D4:5C:74:C8:55:03:46:71:62:5E:FE:06:08:B2:B1:3E:00:39:04:AE
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       4710483226214323BFF0BE58FE036D03A72F22EA
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133382e302f32332d3234203d3e20383334.roa
Signing time:             Wed 20 May 2026 00:04:22 +0000
ROA not before:           Tue 19 May 2026 23:59:22 +0000
ROA not after:            Wed 19 May 2027 00:04:22 +0000
asID:                     834
IP address blocks:        185.150.138.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 19:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:10:48:32:26:21:43:23:bf:f0:be:58:fe:03:6d:03:a7:2f:22:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: May 19 23:59:22 2026 GMT
            Not After : May 19 00:04:22 2027 GMT
        Subject: CN=D45C74C855034671625EFE0608B2B13E003904AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:51:2f:86:28:bc:e6:94:89:29:9c:37:c5:
                    c3:88:7a:6e:2a:23:20:4f:46:f7:3c:15:d3:b9:d7:
                    e1:8b:45:5a:80:88:61:ac:48:bd:49:e2:fa:3e:83:
                    d7:48:7c:00:d0:f9:8a:c7:a2:87:8f:7e:c0:83:9a:
                    c3:aa:01:5f:a5:70:62:01:da:fc:47:88:6f:50:00:
                    2c:d9:7d:41:f1:83:c9:18:04:58:ef:92:f6:10:65:
                    4a:82:64:3b:47:32:95:9d:51:cc:be:c9:44:4d:c4:
                    db:32:13:86:15:f1:b0:84:79:68:9d:59:54:38:9c:
                    0b:f6:da:46:6e:f7:3e:b4:93:66:32:2a:b2:01:e4:
                    8b:43:de:03:1c:e6:7a:6f:0d:43:5b:14:cf:58:a8:
                    e5:24:d5:40:0d:f0:bc:98:c5:a9:aa:36:93:a5:6d:
                    d2:82:90:f1:11:2f:8f:53:62:5e:18:b6:51:56:3b:
                    cf:3a:c7:f0:c1:0c:f2:53:22:24:28:fe:88:9c:48:
                    b0:74:f8:07:c4:55:4b:70:c5:0d:e9:14:4a:0e:1c:
                    8c:e2:ed:0c:5f:87:79:e6:9d:2f:d7:5f:59:d0:8a:
                    91:d8:f5:1f:60:4b:41:15:7d:06:c8:6d:1a:de:94:
                    5d:4b:03:c2:f5:82:af:3e:dd:7e:97:6a:41:40:1e:
                    95:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5C:74:C8:55:03:46:71:62:5E:FE:06:08:B2:B1:3E:00:39:04:AE
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:e6:19:28:43:71:28:6d:ed:c4:8b:c1:0d:82:96:ed:5d:f3:
         e6:92:19:d8:d2:d2:93:d9:70:17:97:d3:84:3f:ff:9b:8b:8b:
         de:d0:c9:16:83:6a:b3:5e:10:7e:28:40:f7:bf:51:44:20:b6:
         1d:69:ac:ba:9c:a1:59:5c:7a:3a:a8:08:41:9e:cb:d0:ed:ed:
         c5:5d:67:02:76:0d:a8:7e:d8:64:49:36:e5:43:b7:7f:5a:1c:
         62:b4:71:6d:21:0e:08:10:58:f3:ed:e3:05:aa:16:50:82:a3:
         c6:0c:b2:cd:47:fc:82:f5:af:c1:09:fd:60:cd:64:0b:ad:10:
         bd:35:94:2b:9c:61:59:59:dd:31:12:82:02:1c:3b:5d:e2:38:
         2e:bf:a6:a5:07:f5:60:24:e2:ef:33:05:8a:be:04:a5:f6:56:
         21:cf:d6:eb:68:d6:54:a3:fd:2d:48:5f:dc:81:69:1f:2f:a2:
         44:9f:2c:f0:70:93:50:66:6e:88:48:7c:e9:bd:22:51:05:82:
         5f:6e:d0:83:05:01:d9:e8:18:c6:bc:88:b7:ab:85:70:6f:d7:
         32:d4:be:6f:08:ae:61:bf:83:f3:ff:bd:45:c7:48:9c:63:d1:
         c6:64:a6:92:1b:5c:ef:1e:66:5b:80:3a:56:4b:e6:11:95:74:
         2c:92:88:7a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURxBIMiYhQyO/8L5Y/gNtA6cvIuowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA1MTkyMzU5MjJaFw0yNzA1MTkwMDA0MjJaMDMxMTAvBgNV
BAMTKEQ0NUM3NEM4NTUwMzQ2NzE2MjVFRkUwNjA4QjJCMTNFMDAzOTA0QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzMlEvhii85pSJKZw3xcOIem4q
IyBPRvc8FdO51+GLRVqAiGGsSL1J4vo+g9dIfADQ+YrHooePfsCDmsOqAV+lcGIB
2vxHiG9QACzZfUHxg8kYBFjvkvYQZUqCZDtHMpWdUcy+yURNxNsyE4YV8bCEeWid
WVQ4nAv22kZu9z60k2YyKrIB5ItD3gMc5npvDUNbFM9YqOUk1UAN8LyYxamqNpOl
bdKCkPERL49TYl4YtlFWO886x/DBDPJTIiQo/oicSLB0+AfEVUtwxQ3pFEoOHIzi
7Qxfh3nmnS/XX1nQipHY9R9gS0EVfQbIbRrelF1LA8L1gq8+3X6XakFAHpU7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1Fx0yFUDRnFiXv4GCLKxPgA5BK4wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzODM1MmUzMTM1MzAyZTMx
MzMzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmW
ijANBgkqhkiG9w0BAQsFAAOCAQEAfeYZKENxKG3txIvBDYKW7V3z5pIZ2NLSk9lw
F5fThD//m4uL3tDJFoNqs14QfihA979RRCC2HWmsupyhWVx6OqgIQZ7L0O3txV1n
AnYNqH7YZEk25UO3f1ocYrRxbSEOCBBY8+3jBaoWUIKjxgyyzUf8gvWvwQn9YM1k
C60QvTWUK5xhWVndMRKCAhw7XeI4Lr+mpQf1YCTi7zMFir4EpfZWIc/W62jWVKP9
LUhf3IFpHy+iRJ8s8HCTUGZuiEh86b0iUQWCX27QgwUB2egYxryIt6uFcG/XMtS+
bwiuYb+D8/+9RcdInGPRxmSmkhtc7x5mW4A6VkvmEZV0LJKIeg==
-----END CERTIFICATE-----