Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa
File:                     AS25098.roa (raw, json)
Hash identifier:          2ck2aTaSLUIT5Lnh7ab6JJq/5tik3X5I0ABBsnXc6qA=
Subject key identifier:   38:4B:02:DA:D1:49:09:6D:68:6B:AD:73:05:E6:6A:94:DA:49:D0:5F
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7F38E225358C652605BBDDA3A50F6DB0A67B5310
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa
Signing time:             Tue 08 Apr 2025 20:22:38 +0000
ROA not before:           Tue 08 Apr 2025 20:17:38 +0000
ROA not after:            Tue 07 Apr 2026 20:22:38 +0000
asID:                     25098
IP address blocks:        85.8.144.0/22 maxlen: 22
                          212.107.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:38:e2:25:35:8c:65:26:05:bb:dd:a3:a5:0f:6d:b0:a6:7b:53:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Apr  8 20:17:38 2025 GMT
            Not After : Apr  7 20:22:38 2026 GMT
        Subject: CN=384B02DAD149096D686BAD7305E66A94DA49D05F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:42:7c:45:db:e3:19:99:ff:cb:29:60:cc:6c:
                    41:d1:35:82:4a:e4:39:23:eb:61:27:d3:a5:7f:d5:
                    ea:9c:2a:2e:df:c1:b2:56:6e:63:a6:7b:22:a5:84:
                    43:79:3b:69:94:de:ef:03:d5:37:cf:06:47:13:cc:
                    de:19:f7:83:0f:fa:c9:70:4c:25:12:ce:4f:bc:3b:
                    1b:05:de:c7:81:d0:58:40:43:ef:36:88:b1:1d:42:
                    16:b3:bc:0e:5a:c9:ad:38:c5:44:7f:53:34:e8:1f:
                    fd:4c:29:b9:13:e2:85:90:3b:d7:48:37:72:cd:8a:
                    17:a6:bc:e7:ed:7f:92:b4:78:1c:c0:10:03:0b:d2:
                    08:65:e8:d0:09:9f:20:1c:73:6f:17:81:2d:9c:ec:
                    72:a8:9a:d5:b5:b0:c7:1e:dd:91:c9:96:94:46:3b:
                    b6:dd:c4:b2:b5:92:bf:ad:3a:df:07:c2:a8:a3:f9:
                    d5:d8:ae:f3:f7:75:a1:38:2c:e9:51:fb:80:01:47:
                    36:43:fb:75:67:47:d6:c3:e0:33:9d:9a:c7:88:b6:
                    45:26:df:ea:2c:58:3b:20:e0:67:e9:5f:8d:bc:95:
                    2e:41:e3:0b:c2:9a:e6:5d:8c:f4:f1:e6:cb:83:8b:
                    22:01:9d:f4:f2:d9:24:e9:1c:96:44:ed:61:e6:e3:
                    72:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:4B:02:DA:D1:49:09:6D:68:6B:AD:73:05:E6:6A:94:DA:49:D0:5F
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.144.0/22
                  212.107.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:87:74:63:dd:7d:a0:a9:6d:c2:ef:01:0c:da:e8:ec:e4:3f:
         db:3c:c4:19:50:a4:f4:db:e5:1b:9c:96:71:e0:ca:4c:f5:19:
         81:69:c7:35:6b:40:be:18:a5:c2:f9:b5:20:6d:9d:c9:ee:90:
         92:e6:6c:cb:1d:9e:45:bd:94:5d:3f:df:a9:41:ae:85:4f:ca:
         2a:d2:1b:c3:df:87:3a:50:59:2b:74:f2:7a:4f:20:33:ce:3a:
         ed:75:9d:8e:97:56:fb:dc:4b:86:34:f9:32:d4:f4:08:47:21:
         c9:43:83:5c:50:11:a5:6d:cf:32:41:58:49:81:a0:6a:be:93:
         dd:43:6d:79:5f:1b:04:0d:7c:f9:02:b1:6f:10:3f:a8:d3:9f:
         03:25:9c:1b:67:f0:21:22:95:b7:0e:57:c0:6b:bf:8d:83:44:
         df:c7:49:ec:a8:23:34:74:4a:9d:78:ca:7e:e6:cf:34:ed:ee:
         e6:b0:46:9d:c6:8d:de:c3:5f:b7:da:3c:23:7a:2d:4f:5a:83:
         e3:d3:3d:33:7b:e8:5b:e6:9e:6a:ea:92:66:9f:ea:c9:f4:56:
         21:b7:73:dd:4c:d9:73:f6:4c:98:0b:30:ac:77:8a:06:3c:19:
         1f:b5:e7:8d:15:0e:f9:f8:65:d1:62:99:c4:cd:73:43:b4:84:
         40:06:5e:07
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfzjiJTWMZSYFu92jpQ9tsKZ7UxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA0MDgyMDE3MzhaFw0yNjA0MDcyMDIyMzhaMDMxMTAvBgNV
BAMTKDM4NEIwMkRBRDE0OTA5NkQ2ODZCQUQ3MzA1RTY2QTk0REE0OUQwNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQQnxF2+MZmf/LKWDMbEHRNYJK
5Dkj62En06V/1eqcKi7fwbJWbmOmeyKlhEN5O2mU3u8D1TfPBkcTzN4Z94MP+slw
TCUSzk+8OxsF3seB0FhAQ+82iLEdQhazvA5aya04xUR/UzToH/1MKbkT4oWQO9dI
N3LNihemvOftf5K0eBzAEAML0ghl6NAJnyAcc28XgS2c7HKomtW1sMce3ZHJlpRG
O7bdxLK1kr+tOt8Hwqij+dXYrvP3daE4LOlR+4ABRzZD+3VnR9bD4DOdmseItkUm
3+osWDsg4GfpX428lS5B4wvCmuZdjPTx5suDiyIBnfTy2STpHJZE7WHm43LtAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUOEsC2tFJCW1oa61zBeZqlNpJ0F8wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjUwOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAJVCJAD
BALUawQwDQYJKoZIhvcNAQELBQADggEBAG2HdGPdfaCpbcLvAQza6OzkP9s8xBlQ
pPTb5RuclnHgykz1GYFpxzVrQL4YpcL5tSBtncnukJLmbMsdnkW9lF0/36lBroVP
yirSG8PfhzpQWSt08npPIDPOOu11nY6XVvvcS4Y0+TLU9AhHIclDg1xQEaVtzzJB
WEmBoGq+k91DbXlfGwQNfPkCsW8QP6jTnwMlnBtn8CEilbcOV8Brv42DRN/HSeyo
IzR0Sp14yn7mzzTt7uawRp3Gjd7DX7faPCN6LU9ag+PTPTN76Fvmnmrqkmaf6sn0
ViG3c91M2XP2TJgLMKx3igY8GR+1540VDvn4ZdFimcTNc0O0hEAGXgc=
-----END CERTIFICATE-----