Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135382e302f32342d3234203d3e20383334.roa
File:                     3138352e35382e3135382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          bliXgaWf2uWYGwNXwh3QUz02TAlvVUKQVtUywEK2Zhg=
Subject key identifier:   68:3F:02:81:35:B0:1E:E2:49:07:AD:F7:76:B7:E0:2A:EC:87:D7:02
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       652B8821395A7AB4FE78D880E8898AEAA7B7101B
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:52 +0000
ROA not before:           Wed 29 Jan 2025 13:31:52 +0000
ROA not after:            Wed 28 Jan 2026 13:36:52 +0000
asID:                     834
IP address blocks:        185.58.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:2b:88:21:39:5a:7a:b4:fe:78:d8:80:e8:89:8a:ea:a7:b7:10:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:52 2025 GMT
            Not After : Jan 28 13:36:52 2026 GMT
        Subject: CN=683F028135B01EE24907ADF776B7E02AEC87D702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f6:23:b3:43:9f:65:db:dc:39:b7:84:a9:79:
                    fc:0a:d4:18:a7:b2:2f:5d:39:e2:0f:a5:12:1b:51:
                    b1:cd:48:92:a3:5b:a4:d8:37:cb:a4:9a:4f:ae:93:
                    1d:dd:d8:3c:65:c6:6d:2c:ef:b3:4a:73:16:cb:f9:
                    cb:a9:f4:f3:be:0a:a7:e7:35:77:05:61:26:57:a7:
                    94:9b:3c:f5:3c:f4:f5:97:a1:9a:7f:25:9b:37:ca:
                    54:16:18:2d:e5:d8:52:c6:f7:e9:0a:d0:15:e1:70:
                    da:c4:d4:0a:22:47:7b:63:fd:2a:82:14:fb:a6:b7:
                    c8:a5:d4:9a:1a:59:4b:df:e8:cd:59:74:b8:ba:1f:
                    c5:d8:37:d1:d8:48:25:11:aa:9c:a2:b0:52:a2:2b:
                    97:25:74:3c:0c:4e:6e:06:e0:42:76:d0:0d:24:fb:
                    77:2a:a4:d6:35:59:ca:ed:1b:db:ea:7f:08:cf:11:
                    1a:c8:0d:7f:be:53:83:39:28:25:05:3c:6c:40:50:
                    c8:4e:a1:d9:0b:72:1a:68:fb:f2:8a:27:62:77:73:
                    51:e1:3a:b5:dd:fa:ca:e5:6f:b5:28:b2:bb:1f:8d:
                    9b:bb:51:d0:25:05:6e:55:0f:94:ff:85:97:80:9a:
                    f9:70:7b:b3:25:b1:a4:6e:ad:a2:96:da:2e:8c:63:
                    35:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3F:02:81:35:B0:1E:E2:49:07:AD:F7:76:B7:E0:2A:EC:87:D7:02
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:5d:29:63:f1:f7:df:94:cb:1d:f1:21:62:14:47:95:53:d9:
         be:59:49:4b:22:c5:6c:32:c5:de:f5:3d:ad:68:0e:d5:d1:bd:
         b1:5f:de:8a:8d:97:25:ec:67:e5:29:90:c1:c0:2b:bc:63:97:
         5d:95:c6:9b:10:53:38:10:ac:13:e5:77:03:57:c3:29:8e:6d:
         4f:fd:a0:14:d2:8a:93:4d:8b:91:9a:19:6d:39:7e:54:b8:a2:
         44:a9:2e:07:3d:20:3a:10:97:83:e2:7c:e3:3d:12:5e:1e:41:
         80:9e:a5:22:71:3b:a3:44:a5:a2:a2:f1:bd:1b:2f:63:b1:b6:
         9f:f4:61:01:b8:0b:63:46:ba:95:6a:18:14:9b:7a:1b:2f:5c:
         e0:4e:1a:5f:d3:19:d3:ea:c1:1d:9c:20:e3:fe:cb:47:24:08:
         ed:55:ad:7c:28:02:1d:fd:90:5f:30:1c:06:92:1f:43:1b:ce:
         c0:0b:ae:f0:9f:0d:14:34:09:10:42:2a:b6:e1:cd:74:6a:9a:
         88:24:0b:07:f5:f0:0c:cb:be:3c:d2:66:17:a4:3e:9f:fd:72:
         2d:bb:6f:0f:fd:cb:2c:14:b9:0b:f8:ed:c4:cc:6c:11:aa:96:
         f7:c1:8a:ab:b9:27:73:13:7b:91:ad:71:6c:e8:12:89:9b:1d:
         bb:b1:e4:40
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZSuIITlaerT+eNiA6ImK6qe3EBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNTJaFw0yNjAxMjgxMzM2NTJaMDMxMTAvBgNV
BAMTKDY4M0YwMjgxMzVCMDFFRTI0OTA3QURGNzc2QjdFMDJBRUM4N0Q3MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv9iOzQ59l29w5t4SpefwK1Bin
si9dOeIPpRIbUbHNSJKjW6TYN8ukmk+ukx3d2Dxlxm0s77NKcxbL+cup9PO+Cqfn
NXcFYSZXp5SbPPU89PWXoZp/JZs3ylQWGC3l2FLG9+kK0BXhcNrE1AoiR3tj/SqC
FPumt8il1JoaWUvf6M1ZdLi6H8XYN9HYSCURqpyisFKiK5cldDwMTm4G4EJ20A0k
+3cqpNY1WcrtG9vqfwjPERrIDX++U4M5KCUFPGxAUMhOodkLchpo+/KKJ2J3c1Hh
OrXd+srlb7UosrsfjZu7UdAlBW5VD5T/hZeAmvlwe7MlsaRuraKW2i6MYzU/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUaD8CgTWwHuJJB633drfgKuyH1wIwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzEzODM1MmUzNTM4MmUzMTM1
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5Op4w
DQYJKoZIhvcNAQELBQADggEBACVdKWPx99+Uyx3xIWIUR5VT2b5ZSUsixWwyxd71
Pa1oDtXRvbFf3oqNlyXsZ+UpkMHAK7xjl12VxpsQUzgQrBPldwNXwymObU/9oBTS
ipNNi5GaGW05flS4okSpLgc9IDoQl4PifOM9El4eQYCepSJxO6NEpaKi8b0bL2Ox
tp/0YQG4C2NGupVqGBSbehsvXOBOGl/TGdPqwR2cIOP+y0ckCO1VrXwoAh39kF8w
HAaSH0MbzsALrvCfDRQ0CRBCKrbhzXRqmogkCwf18AzLvjzSZhekPp/9ci27bw/9
yywUuQv47cTMbBGqlvfBiqu5J3MTe5GtcWzoEombHbux5EA=
-----END CERTIFICATE-----