Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230362e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230362e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          9tY5GTEVxta0324BfaE/zE6amu11uNt5gF70q3lDcAc=
Subject key identifier:   6C:39:40:52:C7:EB:61:4F:05:CB:B7:B6:CD:E3:E0:FB:7E:53:0F:45
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       777DA3F960D750C41221AD242D78EBC6EEDAF0DC
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230362e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 09 Sep 2025 10:51:11 +0000
ROA not before:           Tue 09 Sep 2025 10:46:11 +0000
ROA not after:            Tue 08 Sep 2026 10:51:11 +0000
asID:                     51059
IP address blocks:        185.2.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 10:41:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:7d:a3:f9:60:d7:50:c4:12:21:ad:24:2d:78:eb:c6:ee:da:f0:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Sep  9 10:46:11 2025 GMT
            Not After : Sep  8 10:51:11 2026 GMT
        Subject: CN=6C394052C7EB614F05CBB7B6CDE3E0FB7E530F45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:e8:0d:fa:b7:09:5d:b4:b7:b0:cf:b1:d5:17:
                    90:09:4d:f0:95:5f:b0:fa:cb:01:17:28:e0:e3:77:
                    3d:20:45:74:2d:5a:de:18:e0:d5:b6:6b:f0:31:1c:
                    5a:d5:5a:32:ea:fb:66:0e:fb:7d:2e:e9:c2:f3:ec:
                    54:e7:bc:d8:61:86:30:7a:e9:2a:47:f1:20:b4:54:
                    3e:e8:d3:e2:df:f1:50:55:33:86:87:78:22:e3:7a:
                    ae:43:0e:12:14:46:3e:5d:50:ff:bf:00:f7:53:71:
                    73:02:e7:fb:00:77:2f:d5:f4:19:dd:b5:56:ed:b2:
                    1f:fa:3c:3f:4d:ad:b5:9c:c5:54:68:4e:54:b4:66:
                    bf:bb:1e:23:b9:79:4e:87:23:26:12:3b:f7:8d:c7:
                    c6:5e:44:ab:37:05:8f:91:78:0b:9d:f6:f8:50:89:
                    47:a5:af:18:1b:ea:16:15:bc:52:0c:54:12:cf:9d:
                    81:84:e6:52:9e:ce:00:bd:3b:02:c9:a9:eb:2d:61:
                    32:8e:54:9a:24:0d:3e:4f:89:5e:29:a1:4d:63:d8:
                    b8:df:61:a5:20:b5:5d:62:9e:cd:1a:4b:65:d6:e4:
                    d1:8a:95:56:e3:eb:dd:fc:c4:1d:4f:05:d0:8b:b8:
                    a9:6d:f8:8b:01:5f:34:9c:6b:0e:0c:3f:33:a3:c7:
                    50:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:39:40:52:C7:EB:61:4F:05:CB:B7:B6:CD:E3:E0:FB:7E:53:0F:45
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230362e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:c0:4b:14:e3:b0:98:c8:c0:75:20:42:52:14:d8:bb:46:aa:
         da:ff:e2:11:b2:e1:03:39:9f:d5:10:26:42:22:8b:77:ad:5a:
         c2:6d:2f:95:e2:46:ef:86:27:12:e4:be:e1:96:9c:fa:a9:df:
         97:da:06:2c:15:db:07:3c:00:13:b9:cb:67:cf:ce:16:a3:33:
         dd:74:68:c0:59:af:d0:88:3b:a3:86:8c:23:84:c9:fb:44:a6:
         a6:66:ac:90:93:4d:6d:7b:68:f9:f2:26:20:ef:4a:1f:93:1c:
         24:5b:14:38:13:84:e8:86:18:68:d0:13:87:15:5a:3c:b4:f4:
         49:ea:52:42:19:4c:ff:29:c3:90:f0:bb:e7:19:be:d3:86:e2:
         e4:b8:fc:b6:0f:d3:6e:bb:45:57:a4:41:49:5d:6b:5a:ff:e2:
         25:6c:93:14:a5:ea:09:9f:9e:98:5b:d5:08:ac:34:19:c7:ca:
         37:54:34:11:bc:93:96:86:1f:05:e9:bc:48:43:7f:dd:1f:ea:
         47:44:ec:ed:fe:b2:53:c1:70:69:ca:13:02:1c:2e:e1:c6:fc:
         cc:c7:94:40:46:7f:24:77:68:d7:0b:d3:a7:15:b6:16:55:30:
         3b:9a:08:a4:ba:6e:fa:aa:89:f4:d0:d1:3a:d9:33:7a:11:79:
         bc:da:1f:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUd32j+WDXUMQSIa0kLXjrxu7a8NwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yNTA5MDkxMDQ2MTFaFw0yNjA5MDgxMDUxMTFaMDMxMTAvBgNV
BAMTKDZDMzk0MDUyQzdFQjYxNEYwNUNCQjdCNkNERTNFMEZCN0U1MzBGNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDy6A36twldtLewz7HVF5AJTfCV
X7D6ywEXKODjdz0gRXQtWt4Y4NW2a/AxHFrVWjLq+2YO+30u6cLz7FTnvNhhhjB6
6SpH8SC0VD7o0+Lf8VBVM4aHeCLjeq5DDhIURj5dUP+/APdTcXMC5/sAdy/V9Bnd
tVbtsh/6PD9NrbWcxVRoTlS0Zr+7HiO5eU6HIyYSO/eNx8ZeRKs3BY+ReAud9vhQ
iUelrxgb6hYVvFIMVBLPnYGE5lKezgC9OwLJqestYTKOVJokDT5PiV4poU1j2Ljf
YaUgtV1ins0aS2XW5NGKlVbj6938xB1PBdCLuKlt+IsBXzScaw4MPzOjx1A/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbDlAUsfrYU8Fy7e2zePg+35TD0UwHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zjANBgkqhkiG9w0BAQsFAAOCAQEADMBLFOOwmMjAdSBCUhTYu0aq2v/iEbLhAzmf
1RAmQiKLd61awm0vleJG74YnEuS+4Zac+qnfl9oGLBXbBzwAE7nLZ8/OFqMz3XRo
wFmv0Ig7o4aMI4TJ+0SmpmaskJNNbXto+fImIO9KH5McJFsUOBOE6IYYaNAThxVa
PLT0SepSQhlM/ynDkPC75xm+04bi5Lj8tg/TbrtFV6RBSV1rWv/iJWyTFKXqCZ+e
mFvVCKw0GcfKN1Q0EbyTloYfBem8SEN/3R/qR0Ts7f6yU8FwacoTAhwu4cb8zMeU
QEZ/JHdo1wvTpxW2FlUwO5oIpLpu+qqJ9NDROtkzehF5vNof8Q==
-----END CERTIFICATE-----