Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3234342e39352e302f32342d3234203d3e2039333034.roa
File:                     3138352e3234342e39352e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          sFAOUSD7hd0lBBY5HPUN0ymlfkvwOAzzt94UPfXefWU=
Subject key identifier:   88:1F:F3:4A:29:66:7F:26:D6:9E:25:B3:B1:E5:F2:58:9E:0F:40:60
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       1E1E83869406AAFECD570DA413312E3735A20442
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3234342e39352e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 25 May 2026 12:16:16 +0000
ROA not before:           Mon 25 May 2026 12:11:16 +0000
ROA not after:            Mon 24 May 2027 12:16:16 +0000
asID:                     9304
IP address blocks:        185.244.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:06:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:1e:83:86:94:06:aa:fe:cd:57:0d:a4:13:31:2e:37:35:a2:04:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: May 25 12:11:16 2026 GMT
            Not After : May 24 12:16:16 2027 GMT
        Subject: CN=881FF34A29667F26D69E25B3B1E5F2589E0F4060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:50:bd:50:35:70:bf:06:a6:fc:8f:88:d9:40:
                    bb:aa:8f:87:54:78:de:0c:bc:e5:87:87:9e:8f:06:
                    bc:aa:64:93:07:46:d6:0c:5e:d2:de:d2:46:73:08:
                    02:8e:c2:0f:59:a7:30:8b:cd:2c:78:76:1e:17:29:
                    7e:0a:29:3c:46:58:00:ea:4c:54:65:72:9b:18:23:
                    8d:94:51:cc:59:f7:c1:47:ce:35:f2:61:1b:1e:2c:
                    a9:3a:0d:6d:43:cd:a4:31:d3:b9:c9:07:c2:ba:ff:
                    f5:e4:91:f7:07:be:b4:bb:50:10:4f:84:d0:f6:5f:
                    75:7a:48:5f:10:c5:59:48:0b:43:78:70:c0:18:0e:
                    f7:51:a3:c3:ce:da:07:1f:2d:a0:c7:ee:cd:f7:09:
                    48:a0:bb:2f:0f:90:9f:a1:a2:81:0a:1c:7b:11:d6:
                    c2:cf:2e:6c:99:5b:8e:19:7d:f1:da:86:50:7f:38:
                    86:ba:b1:69:85:0e:a3:14:9b:77:90:87:c4:ec:92:
                    27:8c:7f:03:5c:34:a0:81:27:ae:b4:19:8f:c5:30:
                    e2:1a:c2:19:61:0b:eb:0e:b0:88:4f:fd:91:88:ce:
                    9b:85:45:dd:9d:05:c9:1f:9f:a7:97:6a:bf:3f:17:
                    61:bb:d3:83:66:a2:6a:e9:d5:9d:0f:3d:62:e0:93:
                    cd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1F:F3:4A:29:66:7F:26:D6:9E:25:B3:B1:E5:F2:58:9E:0F:40:60
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3234342e39352e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:bd:70:eb:ef:31:aa:a0:e1:fe:a5:c7:34:a2:46:25:7c:04:
         99:88:b2:1c:cc:df:2b:c6:05:1b:02:8d:3e:19:bd:eb:26:72:
         d9:95:04:73:20:33:6c:e3:52:fe:b8:6b:8c:7a:91:7a:c3:2f:
         7f:37:39:8f:6e:28:2f:53:d1:8c:17:c8:7c:bd:1f:94:12:2a:
         23:7b:86:13:82:a8:2a:96:14:de:1a:07:4e:66:9f:a0:2e:bb:
         dc:ea:70:4b:6b:86:d7:8a:98:e0:72:7e:f2:f7:51:da:e7:95:
         6f:9a:8c:e7:b3:87:7d:dd:1b:d1:58:4d:5e:97:52:12:9c:3a:
         4f:0f:6f:b3:41:2f:8e:6b:3f:5c:c8:df:e7:dc:ba:7b:e7:25:
         db:04:48:f1:d1:bb:00:1c:e2:94:ef:79:1e:04:1b:c3:0e:72:
         80:29:68:08:e2:77:82:cd:6b:01:e0:66:5d:76:91:fd:17:f0:
         60:bc:e5:0a:51:32:e8:79:ff:e5:08:84:ef:3a:66:9d:62:23:
         63:c2:3b:0b:a7:a4:01:69:7f:bd:eb:39:ba:bf:f7:33:31:3c:
         1b:e8:9b:f0:da:0b:0d:84:a8:f9:69:14:35:07:c6:2c:c3:e8:
         6a:6d:17:c5:e7:f6:d0:bc:40:aa:ae:be:9a:82:16:ff:d1:b0:
         29:47:9c:7b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHh6DhpQGqv7NVw2kEzEuNzWiBEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNjA1MjUxMjExMTZaFw0yNzA1MjQxMjE2MTZaMDMxMTAvBgNV
BAMTKDg4MUZGMzRBMjk2NjdGMjZENjlFMjVCM0IxRTVGMjU4OUUwRjQwNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8UL1QNXC/Bqb8j4jZQLuqj4dU
eN4MvOWHh56PBryqZJMHRtYMXtLe0kZzCAKOwg9ZpzCLzSx4dh4XKX4KKTxGWADq
TFRlcpsYI42UUcxZ98FHzjXyYRseLKk6DW1DzaQx07nJB8K6//XkkfcHvrS7UBBP
hND2X3V6SF8QxVlIC0N4cMAYDvdRo8PO2gcfLaDH7s33CUiguy8PkJ+hooEKHHsR
1sLPLmyZW44ZffHahlB/OIa6sWmFDqMUm3eQh8TskieMfwNcNKCBJ660GY/FMOIa
whlhC+sOsIhP/ZGIzpuFRd2dBckfn6eXar8/F2G704Nmomrp1Z0PPWLgk81LAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiB/zSilmfybWniWzseXyWJ4PQGAwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjM0MzQyZTM5
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn0
XzANBgkqhkiG9w0BAQsFAAOCAQEAor1w6+8xqqDh/qXHNKJGJXwEmYiyHMzfK8YF
GwKNPhm96yZy2ZUEcyAzbONS/rhrjHqResMvfzc5j24oL1PRjBfIfL0flBIqI3uG
E4KoKpYU3hoHTmafoC673OpwS2uG14qY4HJ+8vdR2ueVb5qM57OHfd0b0VhNXpdS
Epw6Tw9vs0Evjms/XMjf59y6e+cl2wRI8dG7ABzilO95HgQbww5ygCloCOJ3gs1r
AeBmXXaR/RfwYLzlClEy6Hn/5QiE7zpmnWIjY8I7C6ekAWl/ves5ur/3MzE8G+ib
8NoLDYSo+WkUNQfGLMPoam0Xxef20LxAqq6+moIW/9GwKUecew==
-----END CERTIFICATE-----