Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/38392e3135302e34392e302f32342d3234203d3e2039333034.roa
File:                     38392e3135302e34392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          q57iXdWw+7j5OH0xE9rwzduA1TqFwwM2jVhXvaojFW4=
Subject key identifier:   10:2A:AF:AB:6E:BD:27:F6:A9:08:2A:FB:5B:6D:63:2F:9C:36:9D:F3
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       3D286B680363E360499E1FC471FE6E168C972699
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/38392e3135302e34392e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 02 Jun 2025 16:10:24 +0000
ROA not before:           Mon 02 Jun 2025 16:05:24 +0000
ROA not after:            Mon 01 Jun 2026 16:10:24 +0000
asID:                     9304
IP address blocks:        89.150.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 02:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:28:6b:68:03:63:e3:60:49:9e:1f:c4:71:fe:6e:16:8c:97:26:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Jun  2 16:05:24 2025 GMT
            Not After : Jun  1 16:10:24 2026 GMT
        Subject: CN=102AAFAB6EBD27F6A9082AFB5B6D632F9C369DF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:fd:4e:7b:57:3a:0c:47:ef:a1:d5:1e:7b:
                    de:0e:14:ce:27:85:6c:26:09:ee:56:2a:7b:6b:e9:
                    ac:67:d5:83:d7:82:93:50:87:2d:17:f1:1b:33:0e:
                    f4:df:da:cd:99:fb:63:f3:8b:b3:e8:20:84:bf:eb:
                    40:9d:46:f0:60:21:9f:33:8d:d4:95:4b:2d:35:89:
                    73:62:13:89:3b:81:a8:cb:68:b0:b2:7f:b5:24:39:
                    93:16:5c:7c:73:e1:84:a5:d2:43:10:54:f5:75:48:
                    b4:8d:d9:4e:19:a3:25:90:9f:28:d7:d9:ac:bb:dd:
                    9b:15:a8:fa:f6:e0:c1:5f:0b:f8:77:9d:45:9a:fc:
                    cd:08:e1:be:dd:81:34:72:e6:ee:f6:f7:0a:dc:ef:
                    86:b6:5c:0e:b6:e0:ed:a1:bc:64:4c:4b:f8:5d:04:
                    cc:59:8d:b3:f7:3b:04:f3:18:a1:68:f0:24:9c:53:
                    5c:9b:fb:ba:15:48:73:d9:70:ed:39:da:85:91:8d:
                    4f:1b:67:ea:a4:5f:55:3c:e8:81:11:66:32:d4:a6:
                    30:5d:84:22:a4:99:aa:bb:da:47:c4:95:43:e5:aa:
                    f1:73:8a:fc:28:f5:6f:9c:f4:61:da:32:1b:62:25:
                    3b:c5:d8:62:17:9d:a2:9e:96:82:51:59:7e:f4:f6:
                    d0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:2A:AF:AB:6E:BD:27:F6:A9:08:2A:FB:5B:6D:63:2F:9C:36:9D:F3
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/38392e3135302e34392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:56:62:43:7f:58:c1:86:8e:ed:ed:2c:1e:b7:5c:9b:60:21:
         79:0d:52:8e:ed:d8:3c:20:be:b5:09:7d:16:22:b8:78:cf:52:
         77:0d:cf:64:29:c1:e9:38:78:b8:4e:39:99:bc:4f:ec:52:ab:
         58:18:2c:e8:dd:26:f4:54:51:6d:40:a6:52:2c:67:30:dc:ca:
         f7:21:0f:44:4b:b7:f5:03:49:bb:cc:fe:b3:6f:f3:f0:01:57:
         7d:82:e2:82:31:6d:ab:e2:21:87:5c:db:af:ac:3d:4f:82:b7:
         5f:a4:8d:8c:d3:6f:ee:07:e1:6d:2f:b5:5a:be:5e:0c:3f:85:
         07:dc:fd:10:55:6a:99:71:1e:7e:fa:d6:af:65:6b:8e:dd:e2:
         f0:07:f9:41:55:56:fb:0f:62:43:30:37:c6:69:ad:13:83:be:
         d3:cb:50:ec:4e:cb:0b:25:2d:77:f7:38:54:8d:17:91:44:52:
         3d:ae:ad:c0:91:34:09:30:0d:37:9e:cb:b8:27:49:b8:b8:07:
         7f:c3:70:b0:0b:b6:2c:de:1b:68:05:c9:b6:be:b6:c9:d0:12:
         18:ff:e7:65:55:52:b2:2f:fc:14:12:57:69:4d:48:e8:ff:33:
         0d:99:d1:35:95:61:87:57:c4:84:41:09:4f:30:7c:bd:02:e5:
         65:13:f9:4b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPShraANj42BJnh/Ecf5uFoyXJpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA2MDIxNjA1MjRaFw0yNjA2MDExNjEwMjRaMDMxMTAvBgNV
BAMTKDEwMkFBRkFCNkVCRDI3RjZBOTA4MkFGQjVCNkQ2MzJGOUMzNjlERjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz5P1Oe1c6DEfvodUee94OFM4n
hWwmCe5WKntr6axn1YPXgpNQhy0X8RszDvTf2s2Z+2Pzi7PoIIS/60CdRvBgIZ8z
jdSVSy01iXNiE4k7gajLaLCyf7UkOZMWXHxz4YSl0kMQVPV1SLSN2U4ZoyWQnyjX
2ay73ZsVqPr24MFfC/h3nUWa/M0I4b7dgTRy5u729wrc74a2XA624O2hvGRMS/hd
BMxZjbP3OwTzGKFo8CScU1yb+7oVSHPZcO052oWRjU8bZ+qkX1U86IERZjLUpjBd
hCKkmaq72kfElUPlqvFzivwo9W+c9GHaMhtiJTvF2GIXnaKeloJRWX709tAXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUECqvq269J/apCCr7W21jL5w2nfMwHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzgzOTJlMzEzNTMwMmUzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZljEw
DQYJKoZIhvcNAQELBQADggEBAFJWYkN/WMGGju3tLB63XJtgIXkNUo7t2DwgvrUJ
fRYiuHjPUncNz2Qpwek4eLhOOZm8T+xSq1gYLOjdJvRUUW1AplIsZzDcyvchD0RL
t/UDSbvM/rNv8/ABV32C4oIxbaviIYdc26+sPU+Ct1+kjYzTb+4H4W0vtVq+Xgw/
hQfc/RBVaplxHn761q9la47d4vAH+UFVVvsPYkMwN8ZprRODvtPLUOxOywslLXf3
OFSNF5FEUj2urcCRNAkwDTeey7gnSbi4B3/DcLALtizeG2gFyba+tsnQEhj/52VV
UrIv/BQSV2lNSOj/Mw2Z0TWVYYdXxIRBCU8wfL0C5WUT+Us=
-----END CERTIFICATE-----