Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/3138352e3139302e3232382e302f32332d3233203d3e20383334.roa
File:                     3138352e3139302e3232382e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          o5JJVAsBzcUVFNJ8gFI9g37VvghyzApiiIfu6sGCWy8=
Subject key identifier:   5B:E0:03:77:77:4D:94:37:DF:6F:E8:CC:2A:D3:F2:5D:2C:3B:BE:70
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       76519D54005B0692DF96D0E4BE56CB0E3897BDCE
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/3138352e3139302e3232382e302f32332d3233203d3e20383334.roa
Signing time:             Fri 29 Aug 2025 08:14:02 +0000
ROA not before:           Fri 29 Aug 2025 08:09:02 +0000
ROA not after:            Fri 28 Aug 2026 08:14:02 +0000
asID:                     834
IP address blocks:        185.190.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:51:9d:54:00:5b:06:92:df:96:d0:e4:be:56:cb:0e:38:97:bd:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:02 2025 GMT
            Not After : Aug 28 08:14:02 2026 GMT
        Subject: CN=5BE00377774D9437DF6FE8CC2AD3F25D2C3BBE70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a9:20:1c:f5:71:65:40:ac:21:01:5d:2f:87:
                    ef:cb:0e:3c:2e:6e:7f:99:ba:4b:e8:30:37:6c:f1:
                    f1:08:70:5b:33:bb:8b:15:1b:90:9b:67:be:a7:b6:
                    c8:29:8f:96:9a:f5:97:0a:2b:d2:bf:5b:f2:7d:8f:
                    4c:bc:fd:a4:3b:57:0a:6a:de:b8:f2:74:6b:f7:8e:
                    45:48:bc:7b:97:4d:d6:29:93:2a:a1:8c:2f:0c:8c:
                    6f:e6:19:e5:b4:03:97:28:d9:ad:43:35:a4:f8:3e:
                    b3:dd:ab:ef:b1:27:99:2f:a8:8e:36:b4:39:32:00:
                    16:09:e8:7a:67:d2:6c:d7:10:60:6b:b8:f7:48:6a:
                    76:c3:e3:c3:0c:c9:bf:63:a9:86:c8:c0:56:9c:09:
                    9a:0d:03:b0:d8:17:fb:14:b0:35:87:73:6d:11:f4:
                    4a:97:44:a0:7e:4d:c6:14:15:ac:b2:15:6f:11:76:
                    87:72:c4:9a:f4:3d:fb:16:97:29:e7:fa:03:bc:e7:
                    34:06:f0:df:ec:b2:21:22:45:07:70:5e:cb:7c:3d:
                    d9:a0:28:d8:05:ec:36:09:e6:29:ff:df:23:3c:23:
                    b9:36:d6:84:2b:30:9a:94:ce:c1:7c:b5:fa:61:c3:
                    b9:ef:1f:ec:ed:83:61:d7:f3:10:fd:a5:c6:96:a6:
                    ab:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E0:03:77:77:4D:94:37:DF:6F:E8:CC:2A:D3:F2:5D:2C:3B:BE:70
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/3138352e3139302e3232382e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:b9:c3:85:95:88:f8:b2:3d:e6:b1:88:71:9f:b6:02:05:a1:
         34:81:17:7e:15:74:9d:f3:66:a9:62:76:33:71:59:1f:c0:87:
         b4:74:3f:d6:79:77:9a:36:ae:2d:f5:ff:3b:0f:31:c7:3a:64:
         a6:ff:8c:74:fa:f3:dc:0d:b8:1d:d1:5e:a5:1d:1d:d7:87:67:
         2a:62:7b:a6:f8:82:ab:e7:0c:04:53:4b:32:0d:f6:57:34:d5:
         d7:5d:be:62:87:27:b9:9b:f0:ff:1d:62:6c:cf:83:9d:b5:a1:
         3e:c6:21:26:a6:79:83:2d:bb:00:8d:fe:37:3f:2e:67:7e:41:
         74:4d:c4:df:b1:75:6c:7e:67:5b:2d:f3:b6:56:b2:cc:d2:b0:
         b7:34:b4:f8:72:b5:26:4c:46:e1:df:38:93:ae:9e:da:bc:29:
         11:24:fd:d4:d6:e0:ed:00:7c:13:6c:9a:7a:88:b2:55:28:40:
         f4:60:07:1a:4a:82:23:7f:dc:f0:ed:52:e5:cb:f9:3e:82:63:
         ec:e8:89:aa:bc:44:26:f4:ec:06:5e:ea:47:db:29:c0:ca:66:
         2f:28:84:e3:5b:1a:bf:38:79:d9:5e:d9:27:28:06:56:b6:47:
         a6:75:18:08:27:5d:f7:16:b6:94:19:75:92:1f:93:87:8f:88:
         80:3e:e0:d5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdlGdVABbBpLfltDkvlbLDjiXvc4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MDJaFw0yNjA4MjgwODE0MDJaMDMxMTAvBgNV
BAMTKDVCRTAwMzc3Nzc0RDk0MzdERjZGRThDQzJBRDNGMjVEMkMzQkJFNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnqSAc9XFlQKwhAV0vh+/LDjwu
bn+ZukvoMDds8fEIcFszu4sVG5CbZ76ntsgpj5aa9ZcKK9K/W/J9j0y8/aQ7Vwpq
3rjydGv3jkVIvHuXTdYpkyqhjC8MjG/mGeW0A5co2a1DNaT4PrPdq++xJ5kvqI42
tDkyABYJ6Hpn0mzXEGBruPdIanbD48MMyb9jqYbIwFacCZoNA7DYF/sUsDWHc20R
9EqXRKB+TcYUFayyFW8RdodyxJr0PfsWlynn+gO85zQG8N/ssiEiRQdwXst8Pdmg
KNgF7DYJ5in/3yM8I7k21oQrMJqUzsF8tfphw7nvH+ztg2HX8xD9pcaWpqvTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW+ADd3dNlDffb+jMKtPyXSw7vnAwHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzEzODM1MmUzMTM5MzAyZTMy
MzIzODJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbm+
5DANBgkqhkiG9w0BAQsFAAOCAQEARrnDhZWI+LI95rGIcZ+2AgWhNIEXfhV0nfNm
qWJ2M3FZH8CHtHQ/1nl3mjauLfX/Ow8xxzpkpv+MdPrz3A24HdFepR0d14dnKmJ7
pviCq+cMBFNLMg32VzTV112+YocnuZvw/x1ibM+DnbWhPsYhJqZ5gy27AI3+Nz8u
Z35BdE3E37F1bH5nWy3ztlayzNKwtzS0+HK1JkxG4d84k66e2rwpEST91Nbg7QB8
E2yaeoiyVShA9GAHGkqCI3/c8O1S5cv5PoJj7OiJqrxEJvTsBl7qR9spwMpmLyiE
41savzh52V7ZJygGVrZHpnUYCCdd9xa2lBl1kh+Th4+IgD7g1Q==
-----END CERTIFICATE-----