Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa
File:                     3138352e3136322e3137362e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          UE7hHrezuiqCmPpiHCvuoLQmh4ccQf3P0rxMYpehyHY=
Subject key identifier:   28:47:3C:7F:6E:75:A1:E8:5B:A8:DF:7F:78:2D:63:36:33:EF:9C:D4
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       645BF80993BF74EAA087237A9BC8A8C5AD1161C6
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa
Signing time:             Mon 15 Jun 2026 11:20:07 +0000
ROA not before:           Mon 15 Jun 2026 11:15:07 +0000
ROA not after:            Mon 14 Jun 2027 11:20:07 +0000
asID:                     0
IP address blocks:        185.162.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Jun 2026 09:33:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:5b:f8:09:93:bf:74:ea:a0:87:23:7a:9b:c8:a8:c5:ad:11:61:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Jun 15 11:15:07 2026 GMT
            Not After : Jun 14 11:20:07 2027 GMT
        Subject: CN=28473C7F6E75A1E85BA8DF7F782D633633EF9CD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7f:7c:44:46:7d:0f:9c:81:e6:f1:15:48:da:
                    18:59:b0:2b:85:32:5f:10:56:df:97:21:90:01:4c:
                    c9:77:67:67:8f:35:5d:50:61:2f:46:f7:c6:4c:0a:
                    7d:57:9c:a2:5a:a7:d7:b3:b6:58:5a:ad:74:32:08:
                    d3:4e:bd:7a:74:ce:a3:51:44:aa:e1:9e:36:cf:6d:
                    bd:84:bd:ac:e0:56:de:75:ca:5b:7b:ac:6d:4a:11:
                    bb:52:b7:e0:1a:39:4d:60:db:ec:e7:08:f0:6b:d4:
                    8c:7c:35:7a:86:68:f9:94:35:c0:f1:a8:c6:20:08:
                    08:6c:de:d3:ee:de:02:b2:46:84:c2:52:f1:f4:70:
                    68:4f:05:2c:da:13:07:98:06:61:27:a4:21:48:52:
                    f4:95:22:dd:c3:0c:c4:c2:2e:ff:c1:23:39:50:61:
                    7f:d2:8a:08:ca:31:a2:d6:88:a4:48:36:9d:5d:80:
                    bd:d0:72:ef:74:04:00:15:e9:c8:e1:58:98:a0:29:
                    f4:f1:0f:45:2c:17:a7:12:c3:7e:bc:1a:7f:3a:db:
                    4b:cd:43:30:77:2d:ed:d1:14:e1:31:a9:4a:79:f7:
                    e9:22:6f:05:d8:39:8b:14:a2:9d:d7:a0:c8:3d:0c:
                    33:cb:7a:8e:29:ca:45:9f:25:65:ae:ae:b4:1e:89:
                    e5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:47:3C:7F:6E:75:A1:E8:5B:A8:DF:7F:78:2D:63:36:33:EF:9C:D4
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:99:ad:a3:04:a7:a8:f0:3f:71:30:67:57:dc:ba:16:16:cb:
         97:1d:d5:a9:d7:57:34:2c:a9:66:62:e0:73:e6:3a:15:bf:61:
         22:32:92:29:cb:91:ca:7c:8c:cf:72:69:b5:a7:c0:33:8e:b8:
         bb:d4:6a:7a:e8:ec:9b:33:27:42:f6:06:a9:4c:ca:91:6c:e0:
         e1:4c:a4:72:ae:4b:65:5b:32:6d:e4:33:5a:36:11:8d:f8:fc:
         e1:e0:45:39:67:90:ee:ea:e1:f1:08:df:49:c7:49:43:3a:da:
         c0:cb:65:44:e0:f9:b2:9e:1b:53:78:b6:91:2c:1b:fa:5e:12:
         aa:b7:df:d4:f8:5b:0a:fa:1f:c0:f2:eb:13:2f:13:46:4d:00:
         8e:79:3b:84:55:bf:8b:9c:b4:30:e4:24:d9:3c:1d:62:7c:6f:
         d1:c5:50:5f:e1:2e:4d:ae:86:af:15:f6:6a:f1:35:67:80:25:
         9d:e9:dc:9a:5c:6e:52:d2:2e:a8:7c:40:db:37:c7:99:a5:76:
         7d:ba:49:a2:69:35:27:98:89:9b:e1:7a:f0:a6:a4:45:35:c6:
         d9:30:09:aa:63:3f:12:10:16:dc:53:fd:d4:ca:66:1d:51:fc:
         18:3e:32:c3:86:e2:91:1e:d5:10:97:4f:1b:64:e0:7b:f1:5c:
         c1:52:5b:b6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZFv4CZO/dOqghyN6m8ioxa0RYcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNjA2MTUxMTE1MDdaFw0yNzA2MTQxMTIwMDdaMDMxMTAvBgNV
BAMTKDI4NDczQzdGNkU3NUExRTg1QkE4REY3Rjc4MkQ2MzM2MzNFRjlDRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgf3xERn0PnIHm8RVI2hhZsCuF
Ml8QVt+XIZABTMl3Z2ePNV1QYS9G98ZMCn1XnKJap9eztlharXQyCNNOvXp0zqNR
RKrhnjbPbb2EvazgVt51ylt7rG1KEbtSt+AaOU1g2+znCPBr1Ix8NXqGaPmUNcDx
qMYgCAhs3tPu3gKyRoTCUvH0cGhPBSzaEweYBmEnpCFIUvSVIt3DDMTCLv/BIzlQ
YX/SigjKMaLWiKRINp1dgL3Qcu90BAAV6cjhWJigKfTxD0UsF6cSw368Gn8620vN
QzB3Le3RFOExqUp59+kibwXYOYsUop3XoMg9DDPLeo4pykWfJWWurrQeieWJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUKEc8f251oehbqN9/eC1jNjPvnNQwHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzEzODM1MmUzMTM2MzIyZTMx
MzczNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaKwMA0G
CSqGSIb3DQEBCwUAA4IBAQCLma2jBKeo8D9xMGdX3LoWFsuXHdWp11c0LKlmYuBz
5joVv2EiMpIpy5HKfIzPcmm1p8Azjri71Gp66OybMydC9gapTMqRbODhTKRyrktl
WzJt5DNaNhGN+Pzh4EU5Z5Du6uHxCN9Jx0lDOtrAy2VE4PmynhtTeLaRLBv6XhKq
t9/U+FsK+h/A8usTLxNGTQCOeTuEVb+LnLQw5CTZPB1ifG/RxVBf4S5NroavFfZq
8TVngCWd6dyaXG5S0i6ofEDbN8eZpXZ9ukmiaTUnmImb4XrwpqRFNcbZMAmqYz8S
EBbcU/3UymYdUfwYPjLDhuKRHtUQl08bZOB78VzBUlu2
-----END CERTIFICATE-----