Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130392e302f32342d3234203d3e20383334.roa
File:                     33312e3138352e3130392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          QXzFWgNwEep5PjpXPyjCqyJF0gehLwFianTmQmjSKnE=
Subject key identifier:   64:86:00:CA:15:0D:9D:3C:D7:B4:94:1E:7B:9C:B7:CC:3C:11:26:C8
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       710C7F63EB10769C28A835D32CEA7789EFD42133
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130392e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:46 +0000
ROA not before:           Wed 29 Jan 2025 13:31:46 +0000
ROA not after:            Wed 28 Jan 2026 13:36:46 +0000
asID:                     834
IP address blocks:        31.185.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0c:7f:63:eb:10:76:9c:28:a8:35:d3:2c:ea:77:89:ef:d4:21:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:46 2025 GMT
            Not After : Jan 28 13:36:46 2026 GMT
        Subject: CN=648600CA150D9D3CD7B4941E7B9CB7CC3C1126C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:57:8b:34:5b:a1:70:92:09:45:88:7d:c5:d8:
                    39:77:c3:a8:b4:e9:38:c9:9a:d0:ee:b7:1f:19:c6:
                    b3:af:df:c4:c5:38:eb:9b:d9:e0:df:16:2c:58:f9:
                    a8:2e:00:31:9c:06:bf:5b:d6:96:8c:38:74:65:7b:
                    b7:08:9c:e1:a8:c1:2f:89:3d:70:50:73:43:2b:03:
                    ce:e4:d4:aa:68:c3:37:78:16:65:e0:31:db:d8:22:
                    a3:8b:45:9d:88:f5:71:d0:6d:80:5c:34:aa:b8:1a:
                    db:0e:a5:5b:36:a6:84:ff:23:36:42:cc:8f:8a:96:
                    68:db:5e:c8:cf:21:0f:93:a6:a2:87:63:88:8d:eb:
                    13:62:1f:f1:d0:f7:6d:8b:37:b5:22:06:df:85:1a:
                    67:20:a2:9f:b7:82:c3:9b:7d:5d:e3:4a:8d:1f:3b:
                    20:e0:11:07:78:53:10:1b:6a:0b:dd:35:f1:db:50:
                    0b:b2:ea:d1:78:d5:6a:c9:39:56:96:b8:0a:5c:51:
                    28:0e:4c:ed:c8:21:92:1b:a9:6a:be:2b:60:03:0e:
                    57:0d:2e:f5:1b:8f:da:92:53:f7:29:ab:68:b2:6b:
                    f6:87:ca:bd:a1:e0:83:57:c2:39:34:87:45:9d:3d:
                    32:13:66:dc:3a:49:8f:da:fc:ca:30:6b:2f:2f:1f:
                    8e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:86:00:CA:15:0D:9D:3C:D7:B4:94:1E:7B:9C:B7:CC:3C:11:26:C8
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/33312e3138352e3130392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:d2:ea:a0:67:99:5c:22:4c:e6:d5:54:e6:9a:b6:30:28:b3:
         6e:52:4a:98:a0:7d:2e:9e:fc:75:69:c4:44:13:43:e4:16:e8:
         11:9a:2c:05:d7:c8:b9:20:4b:0a:cc:d1:b8:6e:5c:32:fc:f0:
         97:e8:e1:40:1f:fa:37:fb:73:88:e5:a1:c6:2f:4e:5e:48:d7:
         83:46:e6:d9:5a:ac:74:49:c0:84:c8:0f:fa:07:7c:83:a1:48:
         0c:b5:c8:44:32:1e:2d:c5:d0:75:a2:ff:71:15:b0:c4:be:67:
         e1:8c:a9:ca:8e:bf:33:17:be:a7:a8:d2:30:db:42:0c:9b:89:
         25:c7:b0:07:51:41:c7:57:86:47:eb:c0:df:86:c7:76:25:cc:
         78:53:fa:2f:05:1e:e3:be:ef:25:ec:01:61:8d:2d:70:c3:19:
         15:58:ed:d3:16:55:3d:20:70:81:50:bf:3a:1e:6a:42:45:b8:
         f5:56:5c:a5:28:7f:e6:56:dd:9b:81:48:75:67:17:39:41:7b:
         49:92:e2:c9:48:11:f8:39:2a:e8:d0:67:18:11:d8:90:2d:98:
         23:f9:f1:bc:dc:0e:91:3c:73:e4:a9:8a:43:b6:67:2d:dc:4b:
         fe:f3:55:8e:cc:c8:64:ed:74:58:29:22:e8:ce:ea:62:07:22:
         d4:b1:d1:57
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcQx/Y+sQdpwoqDXTLOp3ie/UITMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNDZaFw0yNjAxMjgxMzM2NDZaMDMxMTAvBgNV
BAMTKDY0ODYwMENBMTUwRDlEM0NEN0I0OTQxRTdCOUNCN0NDM0MxMTI2QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSV4s0W6FwkglFiH3F2Dl3w6i0
6TjJmtDutx8ZxrOv38TFOOub2eDfFixY+aguADGcBr9b1paMOHRle7cInOGowS+J
PXBQc0MrA87k1Kpowzd4FmXgMdvYIqOLRZ2I9XHQbYBcNKq4GtsOpVs2poT/IzZC
zI+KlmjbXsjPIQ+TpqKHY4iN6xNiH/HQ922LN7UiBt+FGmcgop+3gsObfV3jSo0f
OyDgEQd4UxAbagvdNfHbUAuy6tF41WrJOVaWuApcUSgOTO3IIZIbqWq+K2ADDlcN
LvUbj9qSU/cpq2iya/aHyr2h4INXwjk0h0WdPTITZtw6SY/a/Moway8vH451AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZIYAyhUNnTzXtJQee5y3zDwRJsgwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzMzMTJlMzEzODM1MmUzMTMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfuW0w
DQYJKoZIhvcNAQELBQADggEBABLS6qBnmVwiTObVVOaatjAos25SSpigfS6e/HVp
xEQTQ+QW6BGaLAXXyLkgSwrM0bhuXDL88Jfo4UAf+jf7c4jlocYvTl5I14NG5tla
rHRJwITID/oHfIOhSAy1yEQyHi3F0HWi/3EVsMS+Z+GMqcqOvzMXvqeo0jDbQgyb
iSXHsAdRQcdXhkfrwN+Gx3YlzHhT+i8FHuO+7yXsAWGNLXDDGRVY7dMWVT0gcIFQ
vzoeakJFuPVWXKUof+ZW3ZuBSHVnFzlBe0mS4slIEfg5KujQZxgR2JAtmCP58bzc
DpE8c+SpikO2Zy3cS/7zVY7MyGTtdFgpIujO6mIHItSx0Vc=
-----END CERTIFICATE-----