Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230342e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          WY6DP7ISPckKutj05yXj19aC18jEUDqW+vlyBEDzYR4=
Subject key identifier:   EB:6A:83:98:60:B7:DE:85:0D:80:D6:53:C3:78:48:8B:78:AE:78:8F
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       6FCD9F4E9DFD9678C1D5643FB59AF6D275DB002C
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 09 Sep 2025 10:51:11 +0000
ROA not before:           Tue 09 Sep 2025 10:46:11 +0000
ROA not after:            Tue 08 Sep 2026 10:51:11 +0000
asID:                     51059
IP address blocks:        185.2.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:cd:9f:4e:9d:fd:96:78:c1:d5:64:3f:b5:9a:f6:d2:75:db:00:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Sep  9 10:46:11 2025 GMT
            Not After : Sep  8 10:51:11 2026 GMT
        Subject: CN=EB6A839860B7DE850D80D653C378488B78AE788F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ad:e4:38:ff:51:3f:fb:c7:3a:4f:62:45:ad:
                    ef:b6:6c:00:96:b4:91:a7:c3:19:89:e1:16:b7:43:
                    6a:76:a2:1d:dd:63:0e:2d:85:95:c4:97:c4:39:62:
                    8e:31:5f:de:f8:0f:71:4c:e3:9d:02:3c:17:c6:6c:
                    d5:f0:04:16:40:5b:7f:6e:42:b2:7f:3c:4c:39:09:
                    e9:1f:4b:9b:68:65:55:6d:16:43:d7:21:96:6f:9c:
                    52:5f:27:08:26:4b:4e:cb:49:f2:bf:07:36:80:e4:
                    d7:bd:a7:07:dc:36:84:e9:e0:8d:d3:93:71:36:c2:
                    b4:43:de:45:ed:77:ce:14:6b:25:02:3f:d2:be:e2:
                    96:78:75:e6:ff:31:58:ab:4b:f7:f0:72:82:14:4a:
                    ac:5f:7a:f2:56:17:31:84:d5:96:5c:24:32:03:c7:
                    3c:a9:b8:7c:c5:3d:be:ca:68:73:e7:e3:85:d2:4a:
                    ea:68:fb:de:2d:76:a5:eb:43:50:db:99:54:7f:48:
                    02:90:19:43:84:1c:33:00:5a:88:90:9e:e5:4e:3d:
                    c2:cf:fa:e5:93:b0:13:98:cc:3e:53:47:54:cc:42:
                    16:6f:aa:3d:0c:a8:7a:f7:82:4c:6a:2d:9b:92:cc:
                    01:e3:d8:1f:82:3c:37:18:7c:31:3a:66:d8:a8:ee:
                    d7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:6A:83:98:60:B7:DE:85:0D:80:D6:53:C3:78:48:8B:78:AE:78:8F
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:43:72:c3:1e:ec:f1:a2:37:7a:55:46:b6:e1:fa:08:87:a5:
         af:ce:83:08:fb:a9:48:82:db:60:08:cb:5d:ad:08:53:84:d7:
         ab:83:cc:91:78:a1:b2:fa:69:df:7a:59:d6:b1:09:0d:4e:f0:
         6b:a9:fb:d9:90:af:c7:b7:f7:0d:b6:7d:b4:e1:0c:ea:67:89:
         30:c9:31:ae:4c:26:62:5a:cd:b8:71:8f:83:b5:f3:9f:f9:31:
         a0:69:7c:90:68:4b:fc:90:2e:63:a5:14:84:76:21:e6:81:e7:
         db:06:ee:9a:ec:dd:f8:3c:cc:b8:b4:18:f4:82:37:38:45:c6:
         96:fb:57:9d:53:0e:60:c9:ea:30:21:37:ee:7a:35:e6:a5:47:
         b2:f7:72:48:b9:3c:c2:56:ad:d7:a8:ab:2d:d9:67:88:32:e9:
         37:13:7e:14:ab:82:dc:66:74:78:9f:8b:2d:7a:a1:e4:78:13:
         17:43:73:4b:a0:3b:e8:0d:21:b8:69:07:7f:af:d5:3c:bd:27:
         66:9c:12:a7:52:ef:05:2f:17:76:3a:1f:51:52:13:36:24:d1:
         08:dc:f3:76:f1:6d:38:d6:84:9c:76:c4:65:23:e0:55:7b:35:
         60:54:1c:8b:22:3e:3d:8d:29:80:98:e7:64:f5:fc:7a:0a:92:
         54:4a:13:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb82fTp39lnjB1WQ/tZr20nXbACwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yNTA5MDkxMDQ2MTFaFw0yNjA5MDgxMDUxMTFaMDMxMTAvBgNV
BAMTKEVCNkE4Mzk4NjBCN0RFODUwRDgwRDY1M0MzNzg0ODhCNzhBRTc4OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWreQ4/1E/+8c6T2JFre+2bACW
tJGnwxmJ4Ra3Q2p2oh3dYw4thZXEl8Q5Yo4xX974D3FM450CPBfGbNXwBBZAW39u
QrJ/PEw5CekfS5toZVVtFkPXIZZvnFJfJwgmS07LSfK/BzaA5Ne9pwfcNoTp4I3T
k3E2wrRD3kXtd84UayUCP9K+4pZ4deb/MVirS/fwcoIUSqxfevJWFzGE1ZZcJDID
xzypuHzFPb7KaHPn44XSSupo+94tdqXrQ1DbmVR/SAKQGUOEHDMAWoiQnuVOPcLP
+uWTsBOYzD5TR1TMQhZvqj0MqHr3gkxqLZuSzAHj2B+CPDcYfDE6Ztio7tfhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU62qDmGC33oUNgNZTw3hIi3iueI8wHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zDANBgkqhkiG9w0BAQsFAAOCAQEAX0Nywx7s8aI3elVGtuH6CIelr86DCPupSILb
YAjLXa0IU4TXq4PMkXihsvpp33pZ1rEJDU7wa6n72ZCvx7f3DbZ9tOEM6meJMMkx
rkwmYlrNuHGPg7Xzn/kxoGl8kGhL/JAuY6UUhHYh5oHn2wbumuzd+DzMuLQY9II3
OEXGlvtXnVMOYMnqMCE37no15qVHsvdySLk8wlat16irLdlniDLpNxN+FKuC3GZ0
eJ+LLXqh5HgTF0NzS6A76A0huGkHf6/VPL0nZpwSp1LvBS8XdjofUVITNiTRCNzz
dvFtONaEnHbEZSPgVXs1YFQciyI+PY0pgJjnZPX8egqSVEoTbA==
-----END CERTIFICATE-----