Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3139312e302f32342d3234203d3e203534323532.roa
File:                     38302e38332e3139312e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          t/r9GueVtBRqkEzG5ECpDmGAbhT8tQffnXyVbWMfuP8=
Subject key identifier:   81:83:EA:70:62:0F:B0:11:EC:65:1E:AC:32:29:6D:5F:3A:13:50:61
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       316DAC97844B8B06A6E440324EEA36CE495CF0AC
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3139312e302f32342d3234203d3e203534323532.roa
Signing time:             Fri 29 Aug 2025 08:14:02 +0000
ROA not before:           Fri 29 Aug 2025 08:09:02 +0000
ROA not after:            Fri 28 Aug 2026 08:14:02 +0000
asID:                     54252
IP address blocks:        80.83.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:6d:ac:97:84:4b:8b:06:a6:e4:40:32:4e:ea:36:ce:49:5c:f0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:02 2025 GMT
            Not After : Aug 28 08:14:02 2026 GMT
        Subject: CN=8183EA70620FB011EC651EAC32296D5F3A135061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fb:c1:5c:41:89:7d:31:a1:b0:87:eb:d5:42:
                    65:65:44:bf:0c:36:9c:de:a0:03:59:45:f3:20:00:
                    57:5b:e0:34:af:9d:00:2d:a7:b1:27:dd:2f:41:d2:
                    02:a7:39:d7:6e:1c:c3:1c:42:76:4b:07:14:ac:34:
                    8c:9a:13:f3:e8:84:fa:4b:f6:49:eb:a5:95:1f:33:
                    f8:26:ce:db:f7:d4:64:00:84:65:37:90:c5:78:74:
                    aa:33:4e:dc:ca:66:98:01:04:43:93:76:57:2e:33:
                    b2:00:00:b4:c6:2e:c0:d7:4c:07:74:0a:e2:76:91:
                    fc:1d:8f:7e:10:6b:d5:1f:f7:55:bf:47:67:9c:68:
                    d8:40:f6:b8:23:20:33:de:cc:89:10:50:6b:03:84:
                    c9:87:08:8a:87:5e:e5:3b:d9:47:4a:b2:f6:75:66:
                    6d:ff:46:dd:ff:db:d8:5a:d6:62:bc:ea:77:5d:ed:
                    ee:a3:2b:61:f7:7c:9f:e7:7c:0a:da:49:e2:4f:8c:
                    7f:7a:67:54:25:f2:24:37:6b:cb:3d:16:24:98:b1:
                    10:fe:8b:fe:18:67:a6:0d:65:8f:3e:64:34:59:96:
                    92:4c:c9:65:90:b3:d9:9e:3a:df:ca:5d:0f:5a:64:
                    60:81:7e:46:0c:38:f3:21:2a:8b:b2:f1:f1:29:b4:
                    f7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:83:EA:70:62:0F:B0:11:EC:65:1E:AC:32:29:6D:5F:3A:13:50:61
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3139312e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:36:7e:f8:70:77:1e:85:a5:3c:5e:e2:18:40:8f:19:e9:0d:
         ff:19:94:1b:50:d7:35:56:ac:08:1f:6b:ab:01:e8:aa:87:c4:
         65:8e:71:b6:01:3a:0a:b2:d9:92:51:47:b0:a7:38:ce:f9:0a:
         07:4c:0b:a1:69:fc:4f:b8:69:c0:c9:8d:39:63:52:8e:10:7d:
         04:48:14:08:49:33:76:46:8e:48:c5:1d:b0:cc:b3:33:ae:30:
         a2:7c:e1:55:bc:70:78:67:2e:b7:74:db:e1:2e:0b:ac:a3:7e:
         44:68:0a:58:3d:0e:dd:29:15:30:6b:b7:34:e9:71:aa:26:8f:
         f9:c1:c1:b3:66:e5:15:c0:69:7a:72:ae:3a:b6:0c:9e:6f:5a:
         8f:e4:ce:55:77:34:be:58:86:53:66:5e:57:61:e4:29:b9:d5:
         c2:02:38:0e:dc:4f:1f:b1:7f:e9:e1:98:df:18:40:1b:3d:08:
         50:81:29:d7:a8:0b:da:45:dd:d2:bf:4a:0b:b8:f3:04:2b:56:
         8f:08:fb:01:03:e3:dc:50:1d:8f:a8:c4:ed:4e:fe:cd:68:5f:
         37:bf:7b:22:a4:98:cb:5c:3b:7a:77:15:6e:e1:cc:17:f6:75:
         66:86:25:08:ac:bd:f1:f1:0f:90:73:80:82:eb:b4:4b:1d:27:
         e5:c4:bf:68
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMW2sl4RLiwam5EAyTuo2zklc8KwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MDJaFw0yNjA4MjgwODE0MDJaMDMxMTAvBgNV
BAMTKDgxODNFQTcwNjIwRkIwMTFFQzY1MUVBQzMyMjk2RDVGM0ExMzUwNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp+8FcQYl9MaGwh+vVQmVlRL8M
NpzeoANZRfMgAFdb4DSvnQAtp7En3S9B0gKnOdduHMMcQnZLBxSsNIyaE/PohPpL
9knrpZUfM/gmztv31GQAhGU3kMV4dKozTtzKZpgBBEOTdlcuM7IAALTGLsDXTAd0
CuJ2kfwdj34Qa9Uf91W/R2ecaNhA9rgjIDPezIkQUGsDhMmHCIqHXuU72UdKsvZ1
Zm3/Rt3/29ha1mK86ndd7e6jK2H3fJ/nfAraSeJPjH96Z1Ql8iQ3a8s9FiSYsRD+
i/4YZ6YNZY8+ZDRZlpJMyWWQs9meOt/KXQ9aZGCBfkYMOPMhKouy8fEptPfVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgYPqcGIPsBHsZR6sMiltXzoTUGEwHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzgzMDJlMzgzMzJlMzEzOTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMyMzUzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBT
vzANBgkqhkiG9w0BAQsFAAOCAQEA0jZ++HB3HoWlPF7iGECPGekN/xmUG1DXNVas
CB9rqwHoqofEZY5xtgE6CrLZklFHsKc4zvkKB0wLoWn8T7hpwMmNOWNSjhB9BEgU
CEkzdkaOSMUdsMyzM64wonzhVbxweGcut3Tb4S4LrKN+RGgKWD0O3SkVMGu3NOlx
qiaP+cHBs2blFcBpenKuOrYMnm9aj+TOVXc0vliGU2ZeV2HkKbnVwgI4DtxPH7F/
6eGY3xhAGz0IUIEp16gL2kXd0r9KC7jzBCtWjwj7AQPj3FAdj6jE7U7+zWhfN797
IqSYy1w7encVbuHMF/Z1ZoYlCKy98fEPkHOAguu0Sx0n5cS/aA==
-----END CERTIFICATE-----