Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e20383334.roa
File:                     3138352e35382e3135372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          zwS3/tHsWTYTY+nwxW90HK2IQVJclg5YhmfWzgNUB7Y=
Subject key identifier:   36:57:78:4F:B1:AA:E3:71:8A:D9:B8:ED:78:A7:95:1F:CE:23:33:8B
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       014AD380DF37105231BF10EDF4819300F4F22353
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:41 +0000
ROA not before:           Wed 29 Jan 2025 13:31:41 +0000
ROA not after:            Wed 28 Jan 2026 13:36:41 +0000
asID:                     834
IP address blocks:        185.58.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:4a:d3:80:df:37:10:52:31:bf:10:ed:f4:81:93:00:f4:f2:23:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:41 2025 GMT
            Not After : Jan 28 13:36:41 2026 GMT
        Subject: CN=3657784FB1AAE3718AD9B8ED78A7951FCE23338B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7e:3a:aa:c8:fd:3d:cc:e6:56:20:dd:6d:bc:
                    1f:fd:25:ed:27:b2:d3:d5:18:d4:e3:e9:c0:be:ab:
                    bb:1c:9c:b4:00:cb:0d:a4:c1:5a:db:55:9e:8c:ff:
                    8e:a1:88:87:8e:31:7c:c1:3a:f1:e7:c7:aa:64:3f:
                    a1:e4:97:19:9d:e9:d9:0d:5a:7b:ea:51:a4:4e:4f:
                    1e:d3:8d:93:dd:69:80:b7:d6:f2:c4:82:ed:4e:7b:
                    b0:b0:e1:3f:f7:03:c1:45:80:0e:4e:0a:46:04:7a:
                    58:b1:7c:c0:2e:c4:c0:26:28:87:ab:73:2f:18:78:
                    73:c3:a5:79:7c:62:dd:f7:2d:12:2c:d1:1d:7f:83:
                    39:f9:99:60:88:66:7e:48:f6:b5:15:56:0b:06:2d:
                    8a:85:e9:22:af:d5:06:87:bd:3b:c5:38:85:e5:38:
                    b2:bd:27:34:c9:ad:3f:3f:93:84:1b:73:61:f1:50:
                    e5:31:84:d0:17:9e:e6:f3:d5:29:a7:64:23:27:8a:
                    69:a5:04:c3:26:a1:5c:5d:8d:8c:e6:42:5a:0b:bd:
                    33:b7:47:d8:f9:82:0f:0b:01:53:01:01:51:33:e9:
                    a0:38:c3:47:37:26:72:11:43:6b:9b:ae:ff:c8:e3:
                    37:d7:6e:10:3a:e1:39:f5:b9:5c:69:e2:5c:59:c5:
                    f1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:57:78:4F:B1:AA:E3:71:8A:D9:B8:ED:78:A7:95:1F:CE:23:33:8B
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:cb:c8:f4:5d:9c:7f:aa:e8:5d:df:7e:93:d2:71:c4:bf:0e:
         14:8c:19:84:3e:4e:36:2a:7b:12:59:1c:f2:6f:39:9f:bf:52:
         9b:36:1d:95:5f:3c:63:cd:c1:b5:5f:66:44:dc:98:79:af:19:
         d0:4e:b2:16:9f:4d:2c:f0:0b:4d:51:e4:f6:1d:8d:0d:61:9c:
         98:f3:2f:6c:e4:1a:76:8c:70:e0:4f:67:d1:fd:ef:bd:08:43:
         c7:ec:00:d6:01:52:99:46:ff:f7:4b:e2:19:52:fb:68:52:86:
         a0:e2:01:ff:a3:f7:33:21:b9:c4:24:aa:80:53:93:41:12:f6:
         e5:d8:85:69:0b:d5:ad:2f:1d:12:bd:f5:7c:22:ff:3e:c2:58:
         72:17:f8:f0:b0:4e:6a:ed:9f:a0:3d:72:e7:ae:34:e3:f4:2c:
         e0:cf:dc:93:40:68:c6:e9:33:e4:62:e2:63:c8:d1:55:e3:ef:
         a6:90:ec:6a:fd:aa:98:05:13:19:97:6a:56:ab:f1:28:47:b2:
         ba:78:c5:9b:62:79:5f:98:3f:27:65:bd:cb:c9:90:f8:f4:10:
         32:dc:b2:5a:6c:ac:0a:2b:89:4d:22:39:93:01:45:97:21:b3:
         1a:a6:15:95:7e:b3:49:ee:6c:82:b8:21:cb:be:f3:ce:f9:6d:
         cf:9b:58:40
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAUrTgN83EFIxvxDt9IGTAPTyI1MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNDFaFw0yNjAxMjgxMzM2NDFaMDMxMTAvBgNV
BAMTKDM2NTc3ODRGQjFBQUUzNzE4QUQ5QjhFRDc4QTc5NTFGQ0UyMzMzOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTfjqqyP09zOZWIN1tvB/9Je0n
stPVGNTj6cC+q7scnLQAyw2kwVrbVZ6M/46hiIeOMXzBOvHnx6pkP6Hklxmd6dkN
WnvqUaROTx7TjZPdaYC31vLEgu1Oe7Cw4T/3A8FFgA5OCkYEelixfMAuxMAmKIer
cy8YeHPDpXl8Yt33LRIs0R1/gzn5mWCIZn5I9rUVVgsGLYqF6SKv1QaHvTvFOIXl
OLK9JzTJrT8/k4Qbc2HxUOUxhNAXnubz1SmnZCMnimmlBMMmoVxdjYzmQloLvTO3
R9j5gg8LAVMBAVEz6aA4w0c3JnIRQ2ubrv/I4zfXbhA64Tn1uVxp4lxZxfEpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNld4T7Gq43GK2bjteKeVH84jM4swHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzEzODM1MmUzNTM4MmUzMTM1
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5Op0w
DQYJKoZIhvcNAQELBQADggEBAGrLyPRdnH+q6F3ffpPSccS/DhSMGYQ+TjYqexJZ
HPJvOZ+/Ups2HZVfPGPNwbVfZkTcmHmvGdBOshafTSzwC01R5PYdjQ1hnJjzL2zk
GnaMcOBPZ9H9770IQ8fsANYBUplG//dL4hlS+2hShqDiAf+j9zMhucQkqoBTk0ES
9uXYhWkL1a0vHRK99Xwi/z7CWHIX+PCwTmrtn6A9cueuNOP0LODP3JNAaMbpM+Ri
4mPI0VXj76aQ7Gr9qpgFExmXalar8ShHsrp4xZtieV+YPydlvcvJkPj0EDLcslps
rAoriU0iOZMBRZchsxqmFZV+s0nubIK4Icu+8875bc+bWEA=
-----END CERTIFICATE-----