Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa
File:                     3138352e3138312e312e302f32342d3234203d3e203232313638.roa (raw, json)
Hash identifier:          j6aiC8hmqjNX8bvUvtzfL/WZD+CbfD2TNLTq4Vkaxb8=
Subject key identifier:   7E:FB:E2:A5:B0:61:0A:90:97:BD:29:27:CF:04:0D:44:20:E8:CE:05
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       63B022154D2C43EF11F3B1DC14BECD228BB96B59
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa
Signing time:             Thu 27 Mar 2025 12:53:59 +0000
ROA not before:           Thu 27 Mar 2025 12:48:59 +0000
ROA not after:            Thu 26 Mar 2026 12:53:59 +0000
asID:                     22168
IP address blocks:        185.181.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 05:18:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b0:22:15:4d:2c:43:ef:11:f3:b1:dc:14:be:cd:22:8b:b9:6b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Mar 27 12:48:59 2025 GMT
            Not After : Mar 26 12:53:59 2026 GMT
        Subject: CN=7EFBE2A5B0610A9097BD2927CF040D4420E8CE05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4c:2f:44:9e:47:02:51:32:83:62:1f:3f:73:
                    aa:3d:49:68:51:f6:28:d8:b3:ed:32:86:b4:bd:d4:
                    00:42:c8:08:8b:3c:76:ed:99:08:e3:24:cd:88:b8:
                    55:37:bb:ec:7f:61:ca:bb:fc:5a:19:73:41:91:38:
                    a5:76:cc:f8:cc:77:06:88:5b:f5:1c:e5:d9:2b:a9:
                    e6:31:12:09:3d:03:d7:ec:33:5e:25:4e:18:b6:f3:
                    61:24:d7:2f:5c:d7:1b:05:b8:87:5d:b3:b8:6d:35:
                    68:9d:21:a8:5c:ee:a8:63:2b:59:6c:83:cb:ad:25:
                    5d:d0:8c:f2:4d:90:bb:f6:c9:a2:96:ec:c2:20:65:
                    24:c9:42:a7:0a:6a:2d:95:5c:ff:ec:8b:5d:45:d2:
                    76:99:4b:b3:5a:ff:e2:25:ef:df:3f:22:ca:73:16:
                    03:e7:af:cf:98:46:6b:08:68:ac:fd:bf:2b:39:5e:
                    0e:ed:a9:ef:35:23:30:ab:ca:e3:a9:3d:00:7a:38:
                    4b:c8:6a:51:30:46:95:8b:92:38:5c:df:71:7c:c4:
                    fc:00:79:56:3e:c0:dd:21:77:fc:1a:11:d3:29:fc:
                    21:ac:2a:9a:1d:6a:95:9f:65:c4:b5:30:e1:ba:1f:
                    49:58:77:8d:77:31:9b:44:63:5f:8b:83:61:4b:0b:
                    1f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FB:E2:A5:B0:61:0A:90:97:BD:29:27:CF:04:0D:44:20:E8:CE:05
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:b9:7d:0b:bb:9b:bc:e6:3a:dc:5e:23:d5:89:34:09:cb:f3:
         87:f5:d7:0f:75:4a:0b:06:76:3c:98:ad:07:d4:6a:9f:17:57:
         ad:46:90:3c:d4:f5:80:b9:4f:7e:46:8c:a8:c4:50:67:d2:d6:
         c4:48:1e:a2:8d:77:5a:35:43:8b:a8:3f:18:7c:ee:d7:fb:83:
         9b:a2:c8:a5:57:a7:7d:c9:ff:97:0f:2e:38:ff:c4:2d:55:8f:
         a8:53:3d:40:a6:d8:80:fe:fa:eb:3c:8f:d8:3e:0c:7a:84:62:
         de:0f:39:18:3a:5e:50:5f:e9:5e:8b:6c:73:e2:8b:50:8e:96:
         cc:3f:f2:f7:b4:d8:e7:5a:46:ab:79:38:9e:75:e6:94:32:11:
         23:39:12:c6:98:0f:f7:ac:68:33:3a:ac:1c:ce:3d:4d:1a:58:
         8b:1e:c1:81:a7:b6:e9:42:d6:df:5a:b2:45:25:b6:90:f4:54:
         1c:5e:5f:07:eb:85:bd:47:12:c9:03:65:ea:cf:cd:16:6b:e9:
         82:02:c1:12:3a:88:0c:3c:cb:a7:e0:37:3b:44:44:04:20:5e:
         3a:07:e5:6e:c9:fa:22:44:b1:f5:b5:47:52:b9:d3:09:75:74:
         75:74:7a:76:28:69:98:1b:7f:06:9a:31:3d:2e:7e:9b:ec:33:
         4e:ab:96:c0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUY7AiFU0sQ+8R87HcFL7NIou5a1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTAzMjcxMjQ4NTlaFw0yNjAzMjYxMjUzNTlaMDMxMTAvBgNV
BAMTKDdFRkJFMkE1QjA2MTBBOTA5N0JEMjkyN0NGMDQwRDQ0MjBFOENFMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbTC9EnkcCUTKDYh8/c6o9SWhR
9ijYs+0yhrS91ABCyAiLPHbtmQjjJM2IuFU3u+x/Ycq7/FoZc0GROKV2zPjMdwaI
W/Uc5dkrqeYxEgk9A9fsM14lThi282Ek1y9c1xsFuIdds7htNWidIahc7qhjK1ls
g8utJV3QjPJNkLv2yaKW7MIgZSTJQqcKai2VXP/si11F0naZS7Na/+Il798/Ispz
FgPnr8+YRmsIaKz9vys5Xg7tqe81IzCryuOpPQB6OEvIalEwRpWLkjhc33F8xPwA
eVY+wN0hd/waEdMp/CGsKpodapWfZcS1MOG6H0lYd413MZtEY1+Lg2FLCx/LAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfvvipbBhCpCXvSknzwQNRCDozgUwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMxMzYzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm1
ATANBgkqhkiG9w0BAQsFAAOCAQEAH7l9C7ubvOY63F4j1Yk0Ccvzh/XXD3VKCwZ2
PJitB9RqnxdXrUaQPNT1gLlPfkaMqMRQZ9LWxEgeoo13WjVDi6g/GHzu1/uDm6LI
pVenfcn/lw8uOP/ELVWPqFM9QKbYgP766zyP2D4MeoRi3g85GDpeUF/pXotsc+KL
UI6WzD/y97TY51pGq3k4nnXmlDIRIzkSxpgP96xoMzqsHM49TRpYix7Bgae26ULW
31qyRSW2kPRUHF5fB+uFvUcSyQNl6s/NFmvpggLBEjqIDDzLp+A3O0REBCBeOgfl
bsn6IkSx9bVHUrnTCXV0dXR6dihpmBt/BpoxPS5+m+wzTquWwA==
-----END CERTIFICATE-----