Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e20383334.roa
File:                     3138352e3235302e34312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rQiS0koFv97blD/0G2LfoOZv354UCOGsf7BP0wGeTWM=
Subject key identifier:   D6:F6:75:13:99:B8:DA:AD:13:0A:2E:91:A8:FE:91:B0:E7:9D:F1:93
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       77EDDF3D58B7284BD0A5EC629D284272122CBEC8
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e20383334.roa
Signing time:             Sat 17 May 2025 00:04:03 +0000
ROA not before:           Fri 16 May 2025 23:59:03 +0000
ROA not after:            Sat 16 May 2026 00:04:03 +0000
asID:                     834
IP address blocks:        185.250.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ed:df:3d:58:b7:28:4b:d0:a5:ec:62:9d:28:42:72:12:2c:be:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: May 16 23:59:03 2025 GMT
            Not After : May 16 00:04:03 2026 GMT
        Subject: CN=D6F6751399B8DAAD130A2E91A8FE91B0E79DF193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:4d:4b:a4:41:69:fc:09:ad:ab:75:b2:ed:
                    bf:a4:e9:8f:88:3c:d7:ad:ca:f0:06:50:7f:eb:3f:
                    3e:b5:e2:cd:08:2b:f1:3f:be:02:30:49:30:45:1b:
                    2a:af:4b:49:13:da:51:f8:86:8e:c9:a3:a0:c1:0c:
                    86:77:2b:89:ab:f8:45:a2:19:09:09:07:de:1a:2a:
                    2f:23:3d:7b:7e:b7:ab:aa:e8:24:e9:4b:cb:95:b6:
                    9b:c4:6b:5f:32:22:90:dd:94:f1:49:84:e1:3f:81:
                    2d:c1:9e:4a:a5:e8:27:bb:4d:60:01:a0:88:32:e3:
                    b2:f6:15:27:32:85:74:e8:c0:ee:9b:9c:0c:aa:0b:
                    02:6a:72:fa:97:df:7a:65:ff:7b:7a:e6:a0:7c:8b:
                    09:1a:96:27:e4:16:91:13:54:b8:c6:aa:8c:af:e6:
                    13:71:45:55:ed:e4:39:71:c6:fd:95:33:e9:46:f9:
                    94:e6:21:dd:27:a7:ab:fd:f7:7e:40:b6:15:f4:7a:
                    ee:98:de:3b:bd:cd:a0:f6:ed:e7:fe:ff:9b:e5:61:
                    e0:cd:60:a8:42:86:f7:88:a3:3a:02:42:71:81:fc:
                    cd:c4:e1:eb:65:c5:18:15:ea:c4:00:ed:ab:64:f0:
                    eb:d0:d6:13:62:1d:f7:7f:fa:fb:60:d6:88:81:3d:
                    f2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:F6:75:13:99:B8:DA:AD:13:0A:2E:91:A8:FE:91:B0:E7:9D:F1:93
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:2c:c8:71:66:0d:05:9c:7c:dd:ff:ba:11:54:cd:39:0b:ef:
         d5:a7:61:d2:fc:5d:fc:c8:6c:8d:05:3c:35:5f:13:d4:44:97:
         b4:eb:f9:28:27:b5:26:a4:e7:38:1c:5b:9e:f9:b7:7d:02:24:
         e0:15:c7:d4:8a:cd:f5:a1:0e:d9:5b:d6:31:59:37:ef:95:fc:
         4c:7d:79:d4:bd:75:d1:ce:d0:f5:b9:a8:72:ae:9f:81:d2:4f:
         fb:e7:fe:7e:cb:cb:cd:b1:2d:f6:57:16:9b:17:76:1b:ee:4c:
         34:ec:e0:5a:a2:ca:09:93:d2:ee:e7:81:07:b2:b3:a6:e1:32:
         3a:16:62:e7:85:47:e1:c1:44:80:13:a3:91:ea:86:1b:b1:cb:
         7f:f7:d7:2e:5e:d9:e4:f7:9b:4b:5d:6f:66:2f:a9:c4:72:43:
         d2:29:75:28:9b:68:73:cb:2a:96:f7:d4:ed:ff:5e:cf:82:70:
         1d:f7:b9:5d:37:2d:dd:04:ec:2f:d0:6c:6b:f7:63:7b:80:df:
         1f:d6:63:1c:d7:11:bc:40:08:00:2b:28:2c:e1:33:76:ae:56:
         91:9d:49:1f:aa:d4:46:a3:f9:2f:1f:ae:02:6b:6f:f7:fa:5e:
         c5:3c:16:5a:bd:57:7f:14:6a:c8:5a:9b:7f:2d:b3:52:e5:51:
         e3:1f:16:45
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd+3fPVi3KEvQpexinShCchIsvsgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA1MTYyMzU5MDNaFw0yNjA1MTYwMDA0MDNaMDMxMTAvBgNV
BAMTKEQ2RjY3NTEzOTlCOERBQUQxMzBBMkU5MUE4RkU5MUIwRTc5REYxOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCie01LpEFp/Amtq3Wy7b+k6Y+I
PNetyvAGUH/rPz614s0IK/E/vgIwSTBFGyqvS0kT2lH4ho7Jo6DBDIZ3K4mr+EWi
GQkJB94aKi8jPXt+t6uq6CTpS8uVtpvEa18yIpDdlPFJhOE/gS3Bnkql6Ce7TWAB
oIgy47L2FScyhXTowO6bnAyqCwJqcvqX33pl/3t65qB8iwkalifkFpETVLjGqoyv
5hNxRVXt5Dlxxv2VM+lG+ZTmId0np6v9935AthX0eu6Y3ju9zaD27ef+/5vlYeDN
YKhChveIozoCQnGB/M3E4etlxRgV6sQA7atk8OvQ1hNiHfd/+vtg1oiBPfJxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1vZ1E5m42q0TCi6RqP6RsOed8ZMwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzEzODM1MmUzMjM1MzAyZTM0
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5+ikw
DQYJKoZIhvcNAQELBQADggEBAJosyHFmDQWcfN3/uhFUzTkL79WnYdL8XfzIbI0F
PDVfE9REl7Tr+SgntSak5zgcW575t30CJOAVx9SKzfWhDtlb1jFZN++V/Ex9edS9
ddHO0PW5qHKun4HST/vn/n7Ly82xLfZXFpsXdhvuTDTs4FqiygmT0u7ngQeys6bh
MjoWYueFR+HBRIATo5Hqhhuxy3/31y5e2eT3m0tdb2YvqcRyQ9IpdSibaHPLKpb3
1O3/Xs+CcB33uV03Ld0E7C/QbGv3Y3uA3x/WYxzXEbxACAArKCzhM3auVpGdSR+q
1Eaj+S8frgJrb/f6XsU8Flq9V38Uasham38ts1LlUeMfFkU=
-----END CERTIFICATE-----