Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135392e302f32342d3234203d3e20383334.roa
File:                     3138352e3132332e3135392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          m5J+zlJVFKKHd9IGbj5hbxR4Cu+5/IeGAEvLM12xDLA=
Subject key identifier:   8D:A9:7F:F0:ED:EB:CB:9A:36:B0:57:29:6F:FA:92:FA:FC:3B:EF:28
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       2536C7F5F0117B569A4099822920360355DE352A
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 23 May 2025 12:37:23 +0000
ROA not before:           Fri 23 May 2025 12:32:23 +0000
ROA not after:            Fri 22 May 2026 12:37:23 +0000
asID:                     834
IP address blocks:        185.123.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 02:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:36:c7:f5:f0:11:7b:56:9a:40:99:82:29:20:36:03:55:de:35:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: May 23 12:32:23 2025 GMT
            Not After : May 22 12:37:23 2026 GMT
        Subject: CN=8DA97FF0EDEBCB9A36B057296FFA92FAFC3BEF28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:de:5b:9e:c5:01:3a:93:b0:3c:3e:80:1a:55:
                    b8:21:f9:46:f2:f3:46:9e:fb:67:0d:db:20:26:f2:
                    84:b2:9e:88:ce:e7:a0:f2:91:bb:b8:5f:de:8b:3f:
                    65:c2:c3:b5:04:3c:13:c2:72:f6:12:c7:1c:e0:a6:
                    d6:fe:84:28:90:e3:ee:a8:0f:ad:2f:85:6e:bf:04:
                    b4:15:14:b7:c6:4e:a8:bd:5c:97:b4:97:84:0d:6f:
                    50:30:2a:5a:2f:21:48:e9:52:b1:9f:69:f1:5a:f7:
                    6a:57:82:fa:24:52:48:6b:09:95:c2:6e:9b:99:96:
                    5b:ec:be:3f:78:86:0d:87:81:bf:17:df:96:d9:4b:
                    28:84:a2:52:bd:d3:fe:4c:fa:92:d1:70:b9:2a:3c:
                    b2:fd:b8:8f:ef:85:19:76:61:55:76:4f:b8:57:e0:
                    22:38:3e:d6:a4:03:6e:d1:87:1d:60:d3:59:4b:0c:
                    f5:4d:4f:80:b1:01:f0:21:0f:1b:54:dd:36:2d:cc:
                    fa:c2:16:6f:f2:e2:88:8d:8e:40:90:4e:5f:ab:d2:
                    6e:15:76:d7:88:46:53:2a:66:b4:d1:c8:72:e9:fc:
                    b0:c8:a9:f4:b6:77:48:d2:8a:c7:c3:01:8d:22:31:
                    d2:77:26:58:6f:33:42:51:98:82:81:e9:e2:39:6a:
                    4e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A9:7F:F0:ED:EB:CB:9A:36:B0:57:29:6F:FA:92:FA:FC:3B:EF:28
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:af:63:8a:d3:82:00:b4:44:2a:23:5a:8c:9a:5e:43:57:21:
         f2:69:10:2d:f0:a1:2f:37:67:e9:c9:c1:32:37:ae:46:dd:70:
         3c:79:04:71:cc:2a:c5:58:7e:0c:0d:e1:bf:56:fb:45:7b:18:
         33:70:01:d1:fa:53:81:ed:49:1f:c7:e3:0b:c7:61:4d:96:04:
         65:17:a1:21:b0:23:36:03:5e:79:78:96:67:26:fa:19:c0:af:
         aa:e4:f3:04:d7:c3:66:04:b1:4d:73:2c:e0:d2:ba:48:9e:59:
         75:7e:6c:29:8a:a9:14:05:0c:0f:95:ef:8d:aa:1a:b7:de:5d:
         eb:f1:ad:cb:92:71:1f:92:3f:55:a7:a7:c4:02:30:17:64:48:
         3d:10:f6:f3:8e:33:a3:78:9d:ae:0e:72:a5:c2:17:2c:35:f1:
         0c:22:c4:5d:8a:17:ad:bf:5b:fb:0b:a2:b9:cc:04:d4:0a:65:
         99:d7:6c:a7:47:c1:58:46:f1:f5:aa:63:2b:97:be:7e:ac:39:
         4e:a7:cd:6e:bf:72:1d:27:77:f8:59:58:48:aa:10:cb:99:40:
         58:0d:af:e7:d5:6e:d5:57:fd:0f:9c:a9:c4:92:cb:6f:e0:b2:
         db:74:f5:75:58:5b:6e:a1:dd:3d:d5:82:6d:9e:d5:8a:61:55:
         b8:83:04:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJTbH9fARe1aaQJmCKSA2A1XeNSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA1MjMxMjMyMjNaFw0yNjA1MjIxMjM3MjNaMDMxMTAvBgNV
BAMTKDhEQTk3RkYwRURFQkNCOUEzNkIwNTcyOTZGRkE5MkZBRkMzQkVGMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb3luexQE6k7A8PoAaVbgh+Uby
80ae+2cN2yAm8oSynojO56Dykbu4X96LP2XCw7UEPBPCcvYSxxzgptb+hCiQ4+6o
D60vhW6/BLQVFLfGTqi9XJe0l4QNb1AwKlovIUjpUrGfafFa92pXgvokUkhrCZXC
bpuZllvsvj94hg2Hgb8X35bZSyiEolK90/5M+pLRcLkqPLL9uI/vhRl2YVV2T7hX
4CI4PtakA27Rhx1g01lLDPVNT4CxAfAhDxtU3TYtzPrCFm/y4oiNjkCQTl+r0m4V
dteIRlMqZrTRyHLp/LDIqfS2d0jSisfDAY0iMdJ3JlhvM0JRmIKB6eI5ak5rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjal/8O3ry5o2sFcpb/qS+vw77ygwHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzEzODM1MmUzMTMyMzMyZTMx
MzUzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl7
nzANBgkqhkiG9w0BAQsFAAOCAQEAMa9jitOCALREKiNajJpeQ1ch8mkQLfChLzdn
6cnBMjeuRt1wPHkEccwqxVh+DA3hv1b7RXsYM3AB0fpTge1JH8fjC8dhTZYEZReh
IbAjNgNeeXiWZyb6GcCvquTzBNfDZgSxTXMs4NK6SJ5ZdX5sKYqpFAUMD5Xvjaoa
t95d6/Gty5JxH5I/VaenxAIwF2RIPRD2844zo3idrg5ypcIXLDXxDCLEXYoXrb9b
+wuiucwE1Aplmddsp0fBWEbx9apjK5e+fqw5TqfNbr9yHSd3+FlYSKoQy5lAWA2v
59Vu1Vf9D5ypxJLLb+Cy23T1dVhbbqHdPdWCbZ7VimFVuIME5Q==
-----END CERTIFICATE-----