Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230352e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230352e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          8NpNc3+Dg1dsLsrdjPPVYWcTafBhsK5m2leiu7R5m5o=
Subject key identifier:   22:39:0C:DC:7B:59:3E:48:EC:8D:79:91:3E:BC:49:D8:DA:9F:B1:BD
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       352C00BE5D25655A6FA4781126E7E3768DACE4A3
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230352e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 09 Sep 2025 10:51:11 +0000
ROA not before:           Tue 09 Sep 2025 10:46:11 +0000
ROA not after:            Tue 08 Sep 2026 10:51:11 +0000
asID:                     51059
IP address blocks:        185.2.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 10:41:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2c:00:be:5d:25:65:5a:6f:a4:78:11:26:e7:e3:76:8d:ac:e4:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Sep  9 10:46:11 2025 GMT
            Not After : Sep  8 10:51:11 2026 GMT
        Subject: CN=22390CDC7B593E48EC8D79913EBC49D8DA9FB1BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:02:e3:77:dd:38:fb:53:76:da:59:51:87:31:
                    b9:35:6a:97:20:b6:f0:12:2b:d0:44:b2:d4:d1:3c:
                    1a:13:8b:1d:a8:6d:a5:1a:67:78:34:91:cc:f5:39:
                    13:5a:60:ef:0a:a5:f7:79:8f:c0:7e:c4:c3:ab:27:
                    7f:e2:0c:e7:bf:24:d1:db:b8:db:c4:9a:cb:94:3e:
                    6a:b9:5f:9f:7a:63:df:be:f7:13:18:65:e5:47:5c:
                    08:ea:f6:79:81:7d:30:35:62:24:de:47:08:37:3c:
                    9e:38:35:9f:bf:30:7e:f8:7a:eb:c0:e8:28:77:dc:
                    6c:35:d8:24:b7:4a:3d:5e:a9:3c:da:57:e8:6f:47:
                    6f:06:df:06:2f:ef:7b:46:6e:14:b8:61:85:f9:7f:
                    1b:9f:cb:6c:be:90:ac:66:76:b3:57:85:db:dd:d1:
                    05:c2:6f:36:15:29:6e:a0:8a:0c:72:93:3a:ca:ba:
                    2e:2f:58:c0:21:03:47:c3:0b:6b:0a:db:4f:0a:a9:
                    8d:58:85:01:72:75:ab:97:68:ba:d4:7c:17:5d:33:
                    2c:65:d7:c4:d1:f0:a7:e6:cc:c4:eb:9e:86:3a:1e:
                    50:b2:52:92:7e:91:d5:a3:3a:64:cf:ab:5e:a4:20:
                    dc:9e:b5:51:f5:a9:1c:7a:b2:a3:b4:7c:ee:1a:70:
                    71:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:39:0C:DC:7B:59:3E:48:EC:8D:79:91:3E:BC:49:D8:DA:9F:B1:BD
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230352e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:61:1a:bf:5c:05:fe:23:5e:2f:ba:88:ae:6d:50:e9:fc:03:
         c4:3e:c6:97:b7:ba:59:66:b2:db:dc:39:59:dd:91:53:a2:91:
         40:58:7b:7c:50:27:50:80:55:a4:9b:92:e7:45:a2:ca:97:d6:
         ed:a1:41:00:54:61:df:5a:a2:8e:a7:d4:a8:5d:31:c0:13:9a:
         04:d3:45:f0:e6:a0:5d:7e:80:cd:85:ad:c9:c2:a6:9c:ce:c6:
         03:37:83:f9:03:d4:06:9e:49:c3:75:da:72:84:37:7f:ff:17:
         3f:0d:da:21:1b:81:8f:56:d0:2a:00:e7:d7:e7:cf:92:ea:b2:
         f0:ce:0b:94:71:00:3b:4c:7e:a9:c1:6d:91:2c:02:fb:e5:82:
         a1:a6:fc:6b:39:27:77:7f:1c:a8:ff:6e:4e:cb:8d:1e:89:9e:
         d9:29:bd:1a:27:c7:bb:9e:60:8b:4c:e8:f0:ca:f7:7d:d7:cd:
         a7:4e:b7:b1:8d:60:62:e6:c0:b7:ba:cc:a7:12:fc:4b:ca:73:
         14:c7:b9:6a:81:ff:dd:cc:cb:73:37:03:3e:89:23:05:94:0b:
         50:d7:cd:eb:71:67:35:31:17:67:f4:d4:f2:0c:00:93:e8:0b:
         09:07:60:e0:77:b5:ce:f3:cc:7e:e9:6a:85:1a:7d:67:6d:6c:
         4b:d7:1f:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNSwAvl0lZVpvpHgRJufjdo2s5KMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yNTA5MDkxMDQ2MTFaFw0yNjA5MDgxMDUxMTFaMDMxMTAvBgNV
BAMTKDIyMzkwQ0RDN0I1OTNFNDhFQzhENzk5MTNFQkM0OUQ4REE5RkIxQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNAuN33Tj7U3baWVGHMbk1apcg
tvASK9BEstTRPBoTix2obaUaZ3g0kcz1ORNaYO8Kpfd5j8B+xMOrJ3/iDOe/JNHb
uNvEmsuUPmq5X596Y9++9xMYZeVHXAjq9nmBfTA1YiTeRwg3PJ44NZ+/MH74euvA
6Ch33Gw12CS3Sj1eqTzaV+hvR28G3wYv73tGbhS4YYX5fxufy2y+kKxmdrNXhdvd
0QXCbzYVKW6gigxykzrKui4vWMAhA0fDC2sK208KqY1YhQFydauXaLrUfBddMyxl
18TR8KfmzMTrnoY6HlCyUpJ+kdWjOmTPq16kINyetVH1qRx6sqO0fO4acHElAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIjkM3HtZPkjsjXmRPrxJ2Nqfsb0wHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zTANBgkqhkiG9w0BAQsFAAOCAQEAOmEav1wF/iNeL7qIrm1Q6fwDxD7Gl7e6WWay
29w5Wd2RU6KRQFh7fFAnUIBVpJuS50WiypfW7aFBAFRh31qijqfUqF0xwBOaBNNF
8OagXX6AzYWtycKmnM7GAzeD+QPUBp5Jw3XacoQ3f/8XPw3aIRuBj1bQKgDn1+fP
kuqy8M4LlHEAO0x+qcFtkSwC++WCoab8azknd38cqP9uTsuNHome2Sm9GifHu55g
i0zo8Mr3fdfNp063sY1gYubAt7rMpxL8S8pzFMe5aoH/3czLczcDPokjBZQLUNfN
63FnNTEXZ/TU8gwAk+gLCQdg4He1zvPMfulqhRp9Z21sS9cfbQ==
-----END CERTIFICATE-----