Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130362e302f32342d3234203d3e20383334.roa
File:                     33312e3138352e3130362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          WfL2+hCKOhYMb7/6DRm6zSAUkjcuIDXQxEbfQp3k4yk=
Subject key identifier:   6B:27:6B:B6:E1:3E:EE:EB:6C:5C:D1:EB:E1:72:36:E5:B5:0D:F5:93
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       5F135F1AEB80000B2E1683FD3DEE6AA79AC87FBD
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130362e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:44 +0000
ROA not before:           Wed 29 Jan 2025 13:31:44 +0000
ROA not after:            Wed 28 Jan 2026 13:36:44 +0000
asID:                     834
IP address blocks:        31.185.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:13:5f:1a:eb:80:00:0b:2e:16:83:fd:3d:ee:6a:a7:9a:c8:7f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:44 2025 GMT
            Not After : Jan 28 13:36:44 2026 GMT
        Subject: CN=6B276BB6E13EEEEB6C5CD1EBE17236E5B50DF593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:af:08:e6:24:6e:36:cd:c8:43:64:e7:91:15:
                    8f:70:09:39:68:02:da:ce:8f:b0:e9:f4:34:9a:1c:
                    60:6f:07:1d:f1:20:da:46:b6:b6:70:4a:09:26:47:
                    a1:b0:be:50:1a:0e:f7:7e:0c:f5:1f:94:6d:af:3f:
                    9c:54:14:c1:1b:21:1f:6c:28:a3:7b:ac:71:79:b6:
                    69:fa:52:da:17:21:27:78:d1:f0:02:3d:f0:33:2f:
                    84:81:2a:3a:ae:19:8a:34:50:ec:e7:29:ac:61:f5:
                    95:d2:ad:84:20:67:0c:db:e7:e3:6c:51:5e:db:94:
                    a2:14:80:41:1b:4a:56:ba:5b:f1:0f:07:ba:90:60:
                    53:e4:8f:dd:11:5e:e0:a8:a8:0d:af:3f:b1:11:a4:
                    ac:13:20:99:df:1d:40:fd:a2:d0:2a:47:3c:d4:0c:
                    f9:ff:de:c3:54:6d:2b:47:68:5b:79:5d:20:27:c8:
                    12:88:e7:ee:97:fe:ad:b9:ef:4e:ee:62:27:60:bc:
                    c1:5c:97:3e:48:5e:06:b4:d3:e6:0e:c3:0d:59:24:
                    25:cc:03:83:14:4f:ed:77:d5:5d:15:6d:53:09:d5:
                    d3:01:d5:1b:d7:6d:50:f6:eb:f9:48:ce:7d:d7:b9:
                    ff:bd:a1:58:8e:0d:74:4d:84:48:63:2b:f7:c8:88:
                    b7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:27:6B:B6:E1:3E:EE:EB:6C:5C:D1:EB:E1:72:36:E5:B5:0D:F5:93
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:e1:65:12:0b:1b:1e:27:ff:2b:63:1b:a4:86:88:ab:cb:8c:
         2c:56:6d:87:ef:16:38:9a:6c:a8:50:81:68:8f:57:ab:37:76:
         8c:cd:02:29:fd:c0:e4:ab:f2:aa:8d:12:6a:a1:68:bb:c3:df:
         ff:d5:c2:f4:8a:cf:26:f9:37:d5:2e:78:bd:05:1e:b1:16:e7:
         35:f6:b9:b2:4d:f3:b9:47:a2:90:0c:cb:68:77:c5:ab:f4:fc:
         77:d6:2a:c8:55:40:75:aa:8a:8a:35:31:26:8b:36:c9:9d:76:
         be:9f:8e:e4:02:f3:44:9e:36:d7:f7:ae:50:00:40:0b:bf:72:
         7a:5b:78:3b:28:4a:cd:63:fc:97:6e:08:97:d7:6d:8c:78:da:
         d1:04:1d:a3:d5:a6:4c:68:cd:e2:a0:7a:bb:2e:bf:79:43:ea:
         ca:26:5e:49:4e:32:7d:d1:c3:92:fc:7d:39:46:4a:b1:b6:7c:
         42:6d:2e:e4:6c:77:63:90:0a:bb:5c:96:25:c9:46:3c:29:99:
         51:7e:8d:15:3e:22:e9:8f:b9:5e:f5:d3:cc:6d:b4:40:90:fd:
         ba:59:7e:03:2b:d4:08:c4:3e:6f:81:82:56:80:58:6f:29:0b:
         37:1d:e2:68:e4:74:b9:7f:ca:2d:4f:a9:fc:70:51:40:27:a9:
         d8:cd:5a:cd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXxNfGuuAAAsuFoP9Pe5qp5rIf70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNDRaFw0yNjAxMjgxMzM2NDRaMDMxMTAvBgNV
BAMTKDZCMjc2QkI2RTEzRUVFRUI2QzVDRDFFQkUxNzIzNkU1QjUwREY1OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWrwjmJG42zchDZOeRFY9wCTlo
AtrOj7Dp9DSaHGBvBx3xINpGtrZwSgkmR6GwvlAaDvd+DPUflG2vP5xUFMEbIR9s
KKN7rHF5tmn6UtoXISd40fACPfAzL4SBKjquGYo0UOznKaxh9ZXSrYQgZwzb5+Ns
UV7blKIUgEEbSla6W/EPB7qQYFPkj90RXuCoqA2vP7ERpKwTIJnfHUD9otAqRzzU
DPn/3sNUbStHaFt5XSAnyBKI5+6X/q25707uYidgvMFclz5IXga00+YOww1ZJCXM
A4MUT+131V0VbVMJ1dMB1RvXbVD26/lIzn3Xuf+9oViODXRNhEhjK/fIiLcHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUaydrtuE+7utsXNHr4XI25bUN9ZMwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzMzMTJlMzEzODM1MmUzMTMw
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfuWow
DQYJKoZIhvcNAQELBQADggEBALDhZRILGx4n/ytjG6SGiKvLjCxWbYfvFjiabKhQ
gWiPV6s3dozNAin9wOSr8qqNEmqhaLvD3//VwvSKzyb5N9UueL0FHrEW5zX2ubJN
87lHopAMy2h3xav0/HfWKshVQHWqioo1MSaLNsmddr6fjuQC80SeNtf3rlAAQAu/
cnpbeDsoSs1j/JduCJfXbYx42tEEHaPVpkxozeKgersuv3lD6somXklOMn3Rw5L8
fTlGSrG2fEJtLuRsd2OQCrtcliXJRjwpmVF+jRU+IumPuV7108xttECQ/bpZfgMr
1AjEPm+BglaAWG8pCzcd4mjkdLl/yi1PqfxwUUAnqdjNWs0=
-----END CERTIFICATE-----