Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135392e302f32342d3234203d3e20383334.roa
File:                     3138352e35382e3135392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +aSso6cTPxp9XCuFJM3wjlgBYQ25FF5PCpBqkQfQKz4=
Subject key identifier:   1E:4A:50:00:42:A5:B7:87:0A:60:82:30:B3:59:DC:9C:C5:3C:3E:36
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       7590B355036101513E1A10EDFD973BF851CC9369
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135392e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:39 +0000
ROA not before:           Wed 29 Jan 2025 13:31:39 +0000
ROA not after:            Wed 28 Jan 2026 13:36:39 +0000
asID:                     834
IP address blocks:        185.58.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:90:b3:55:03:61:01:51:3e:1a:10:ed:fd:97:3b:f8:51:cc:93:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:39 2025 GMT
            Not After : Jan 28 13:36:39 2026 GMT
        Subject: CN=1E4A500042A5B7870A608230B359DC9CC53C3E36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:36:c6:34:d6:26:92:df:19:d2:67:72:98:e5:
                    dd:cf:fa:ee:59:ac:76:22:e0:7f:95:6b:c6:24:6b:
                    9b:80:73:70:5d:5f:5e:d9:66:6a:a1:32:0d:75:1d:
                    78:1a:cf:97:df:6f:41:9c:c2:2a:36:97:bc:fe:aa:
                    96:31:c0:24:4c:b1:37:2e:5b:3b:1a:fd:07:68:fa:
                    99:8f:23:1d:2c:a8:6f:5d:e5:50:4f:65:db:25:c2:
                    80:ae:16:1d:f4:35:3f:5e:b8:d8:0e:ae:03:2d:fc:
                    ba:8c:5e:11:61:1d:3f:0f:7d:f6:b9:9e:b0:a1:17:
                    a9:45:b4:e4:93:cb:89:55:ac:3d:14:24:71:4a:2a:
                    b5:e4:a5:2f:1c:67:45:6e:7d:c3:73:2d:d8:5a:e6:
                    ec:36:1a:8a:a5:74:30:fa:1f:42:e8:71:19:68:61:
                    d8:ac:fc:52:70:4f:5c:70:66:9a:ae:d5:53:79:af:
                    0d:94:83:48:84:e6:3f:0a:3d:b6:a1:46:7a:25:43:
                    09:e0:a9:42:cb:ff:7d:74:dd:3b:c3:f8:32:5b:2f:
                    2b:97:ba:13:96:51:34:9e:f9:36:28:31:37:10:82:
                    28:58:bc:35:d0:78:c2:23:a0:35:a9:c7:2d:b1:ad:
                    fa:65:66:6d:0b:dc:8f:a8:d6:18:45:22:98:6a:e3:
                    90:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4A:50:00:42:A5:B7:87:0A:60:82:30:B3:59:DC:9C:C5:3C:3E:36
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ad:49:50:87:3c:b9:4f:90:6f:10:34:be:c3:6b:46:f3:a9:
         32:3c:fa:d8:e6:5c:95:82:d9:d1:e0:86:22:46:09:60:b4:67:
         5f:8b:f2:f7:c7:50:ce:96:aa:89:b2:38:e7:a6:e6:9e:0b:f1:
         31:ac:b7:a2:e1:27:25:0c:af:eb:b0:70:08:24:42:ec:80:1a:
         00:4b:b5:35:ae:5d:ee:58:62:39:6e:ae:b9:cd:45:b2:d5:c1:
         6f:51:51:6a:c0:f5:71:e9:05:89:0e:82:af:f6:54:20:35:cb:
         f0:73:5f:68:bb:fa:5c:d5:37:aa:6a:15:b0:e0:43:c3:fd:4d:
         f8:fe:9e:73:d8:4d:d6:71:9c:74:d3:8a:18:cf:e9:85:93:9e:
         45:cf:4e:08:cd:9d:1d:61:45:47:c5:93:92:4b:d8:0f:09:11:
         6f:6f:47:dc:6a:3a:55:03:ca:80:48:17:19:6a:0b:a1:2c:ae:
         ce:83:c0:20:0a:9c:4b:ee:c4:18:50:ca:9b:11:69:23:d3:99:
         95:e7:e2:4d:2c:29:6f:99:df:ce:6f:c9:df:f1:e0:11:ca:b1:
         4d:10:bc:af:e8:fb:51:7d:d6:ab:4f:88:6b:49:56:9b:f0:dc:
         da:fe:3b:51:b8:b3:c6:c8:4e:53:a0:0c:b4:a1:4e:6a:73:48:
         11:06:4c:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdZCzVQNhAVE+GhDt/Zc7+FHMk2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxMzlaFw0yNjAxMjgxMzM2MzlaMDMxMTAvBgNV
BAMTKDFFNEE1MDAwNDJBNUI3ODcwQTYwODIzMEIzNTlEQzlDQzUzQzNFMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmNsY01iaS3xnSZ3KY5d3P+u5Z
rHYi4H+Va8Yka5uAc3BdX17ZZmqhMg11HXgaz5ffb0Gcwio2l7z+qpYxwCRMsTcu
Wzsa/Qdo+pmPIx0sqG9d5VBPZdslwoCuFh30NT9euNgOrgMt/LqMXhFhHT8Pffa5
nrChF6lFtOSTy4lVrD0UJHFKKrXkpS8cZ0VufcNzLdha5uw2GoqldDD6H0LocRlo
Ydis/FJwT1xwZpqu1VN5rw2Ug0iE5j8KPbahRnolQwngqULL/3103TvD+DJbLyuX
uhOWUTSe+TYoMTcQgihYvDXQeMIjoDWpxy2xrfplZm0L3I+o1hhFIphq45C9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUHkpQAEKlt4cKYIIws1ncnMU8PjYwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzEzODM1MmUzNTM4MmUzMTM1
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5Op8w
DQYJKoZIhvcNAQELBQADggEBAGitSVCHPLlPkG8QNL7Da0bzqTI8+tjmXJWC2dHg
hiJGCWC0Z1+L8vfHUM6WqomyOOem5p4L8TGst6LhJyUMr+uwcAgkQuyAGgBLtTWu
Xe5YYjlurrnNRbLVwW9RUWrA9XHpBYkOgq/2VCA1y/BzX2i7+lzVN6pqFbDgQ8P9
Tfj+nnPYTdZxnHTTihjP6YWTnkXPTgjNnR1hRUfFk5JL2A8JEW9vR9xqOlUDyoBI
FxlqC6Esrs6DwCAKnEvuxBhQypsRaSPTmZXn4k0sKW+Z385vyd/x4BHKsU0QvK/o
+1F91qtPiGtJVpvw3Nr+O1G4s8bITlOgDLShTmpzSBEGTJk=
-----END CERTIFICATE-----