Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130382e302f32342d3234203d3e20383334.roa
File:                     33312e3138352e3130382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          mW7F0DMC5vrj+4BpP5Zlca/BR5oTaoohs/JidNSwP7A=
Subject key identifier:   9A:00:A5:1E:E2:7A:92:1B:EC:69:B8:82:5F:A2:BC:13:7F:4C:D1:0A
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       0A825CA17DCA152A07C16887CCBFA9E01BE8FF84
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:42 +0000
ROA not before:           Wed 29 Jan 2025 13:31:42 +0000
ROA not after:            Wed 28 Jan 2026 13:36:42 +0000
asID:                     834
IP address blocks:        31.185.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:82:5c:a1:7d:ca:15:2a:07:c1:68:87:cc:bf:a9:e0:1b:e8:ff:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:42 2025 GMT
            Not After : Jan 28 13:36:42 2026 GMT
        Subject: CN=9A00A51EE27A921BEC69B8825FA2BC137F4CD10A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1f:ed:05:8d:13:6e:1b:cb:a0:c8:77:2f:cb:
                    b9:5b:84:47:f1:67:31:3b:40:b2:61:29:64:33:b4:
                    2b:4f:8e:b5:29:ff:af:92:2c:6b:64:e6:0d:d0:c6:
                    56:24:bc:ff:ff:84:1a:21:fc:d3:c7:78:a8:63:cb:
                    38:4d:13:81:e0:4f:24:33:78:5c:6c:61:fd:ad:52:
                    d8:f5:f7:e5:eb:c0:a5:4a:f3:b1:d2:0f:24:c2:03:
                    54:82:58:7b:48:2a:62:ea:d5:fa:ad:59:1a:7b:6f:
                    b8:b3:e5:75:8b:f0:be:b2:ec:24:a0:29:fe:9f:ab:
                    7a:b9:42:42:32:96:7d:b7:5b:16:33:ee:62:60:c7:
                    83:f9:76:2c:fc:4e:73:5a:19:8b:f8:9c:59:3b:4b:
                    13:a5:c1:44:e9:c9:08:78:7f:00:10:56:2a:fd:96:
                    3e:7a:32:6c:74:17:bf:87:02:4a:16:25:d0:c2:ea:
                    41:c5:ad:94:3f:38:3d:87:b0:61:79:c8:57:f1:d2:
                    71:09:e9:36:a0:03:06:05:e7:d2:fb:8a:3f:d8:a2:
                    8c:a2:95:db:64:77:cb:41:9b:4d:0c:12:4f:9b:fa:
                    57:43:9b:ca:03:dd:40:af:fd:eb:cc:27:73:3a:18:
                    d7:3f:89:43:e0:1d:44:d0:53:5b:53:df:14:70:5f:
                    b6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:00:A5:1E:E2:7A:92:1B:EC:69:B8:82:5F:A2:BC:13:7F:4C:D1:0A
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:5d:d7:e4:1d:63:38:d9:16:d0:58:6b:8c:bc:88:74:7e:5e:
         0d:b0:bb:72:1d:4e:b4:bf:84:8f:32:7b:14:60:31:d0:25:98:
         d1:18:a8:2e:be:e1:9b:6c:b6:26:18:81:79:e9:ec:c3:4c:df:
         38:f5:99:1a:aa:5b:42:74:64:ab:c8:04:ee:e7:0c:5e:aa:e3:
         5c:67:b0:7b:f5:5c:46:60:34:3c:ba:63:6f:eb:e5:7f:e0:23:
         e3:ae:69:16:0d:7e:a3:da:14:92:00:14:a1:dd:d7:48:8b:e3:
         e6:51:53:5b:b5:77:d1:e0:5b:8a:a9:9d:15:57:73:e9:db:b9:
         d0:87:6d:9b:ea:35:7e:1e:ba:7f:07:a5:4e:3e:06:6e:bd:f3:
         21:13:94:2f:21:14:be:60:5b:43:8a:a7:c1:fb:04:68:8b:ff:
         de:94:b4:92:aa:91:7f:2b:a6:c6:1f:00:8e:99:1c:72:71:ea:
         9e:e4:5e:55:5d:f8:64:e3:de:e9:13:26:2e:c6:90:d7:f5:b3:
         82:e6:e7:7f:c1:c5:90:65:ea:d0:65:5f:25:bf:aa:56:48:6d:
         7d:45:72:70:3e:64:15:cd:33:71:ef:49:54:86:12:0c:f1:22:
         28:5a:2b:d7:da:26:63:03:21:da:69:9b:e3:8e:a9:ca:32:e1:
         d0:7d:3c:f3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCoJcoX3KFSoHwWiHzL+p4Bvo/4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNDJaFw0yNjAxMjgxMzM2NDJaMDMxMTAvBgNV
BAMTKDlBMDBBNTFFRTI3QTkyMUJFQzY5Qjg4MjVGQTJCQzEzN0Y0Q0QxMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGH+0FjRNuG8ugyHcvy7lbhEfx
ZzE7QLJhKWQztCtPjrUp/6+SLGtk5g3QxlYkvP//hBoh/NPHeKhjyzhNE4HgTyQz
eFxsYf2tUtj19+XrwKVK87HSDyTCA1SCWHtIKmLq1fqtWRp7b7iz5XWL8L6y7CSg
Kf6fq3q5QkIyln23WxYz7mJgx4P5diz8TnNaGYv4nFk7SxOlwUTpyQh4fwAQVir9
lj56Mmx0F7+HAkoWJdDC6kHFrZQ/OD2HsGF5yFfx0nEJ6TagAwYF59L7ij/Yooyi
ldtkd8tBm00MEk+b+ldDm8oD3UCv/evMJ3M6GNc/iUPgHUTQU1tT3xRwX7bDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmgClHuJ6khvsabiCX6K8E39M0QowHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzMzMTJlMzEzODM1MmUzMTMw
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfuWww
DQYJKoZIhvcNAQELBQADggEBAFJd1+QdYzjZFtBYa4y8iHR+Xg2wu3IdTrS/hI8y
exRgMdAlmNEYqC6+4ZtstiYYgXnp7MNM3zj1mRqqW0J0ZKvIBO7nDF6q41xnsHv1
XEZgNDy6Y2/r5X/gI+OuaRYNfqPaFJIAFKHd10iL4+ZRU1u1d9HgW4qpnRVXc+nb
udCHbZvqNX4eun8HpU4+Bm698yETlC8hFL5gW0OKp8H7BGiL/96UtJKqkX8rpsYf
AI6ZHHJx6p7kXlVd+GTj3ukTJi7GkNf1s4Lm53/BxZBl6tBlXyW/qlZIbX1FcnA+
ZBXNM3HvSVSGEgzxIihaK9faJmMDIdppm+OOqcoy4dB9PPM=
-----END CERTIFICATE-----