Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
File:                     38322e3131382e32342e302f32342d3234203d3e203537323338.roa (raw, json)
Hash identifier:          HvuSbyQPRAWtpR9N0geEwYGFZ7cXzWDm5WkdaOeDEoY=
Subject key identifier:   26:67:EF:57:A2:BD:97:15:45:EF:B6:B6:E7:A6:B6:98:46:E5:56:A3
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       0ADA343CCF534CB49955C24C56D2CD30C62DD2D5
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
Signing time:             Thu 06 Mar 2025 11:53:55 +0000
ROA not before:           Thu 06 Mar 2025 11:48:55 +0000
ROA not after:            Thu 05 Mar 2026 11:53:55 +0000
asID:                     57238
IP address blocks:        82.118.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:da:34:3c:cf:53:4c:b4:99:55:c2:4c:56:d2:cd:30:c6:2d:d2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:55 2025 GMT
            Not After : Mar  5 11:53:55 2026 GMT
        Subject: CN=2667EF57A2BD971545EFB6B6E7A6B69846E556A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3e:fe:01:91:7d:a2:27:02:51:45:8d:60:6a:
                    04:48:89:6a:46:e4:2d:1e:67:19:a9:69:f5:0c:12:
                    ec:a1:ff:b3:6a:01:cb:1e:05:ef:40:21:5c:cd:1c:
                    f9:e2:56:12:53:76:d7:2f:c8:df:89:ff:3c:be:4b:
                    0e:6c:cb:f2:c1:4f:34:47:0f:7b:71:25:cc:d6:5e:
                    e0:a1:a1:af:bd:68:6e:4a:69:4a:2d:55:31:64:d2:
                    9b:f7:58:db:84:a8:cf:1b:e5:8e:a7:9e:a9:36:be:
                    62:7f:36:45:b0:1d:d3:06:fd:5a:22:86:b5:9c:9f:
                    17:44:0d:cb:eb:32:31:d9:48:c8:62:ef:c8:f2:f0:
                    4b:89:a0:72:f4:5d:e8:26:4d:17:e6:c6:bc:95:e7:
                    90:b1:27:7c:4b:a9:eb:dd:35:b1:dc:3c:88:0a:c9:
                    cf:c8:27:ff:7e:a3:e1:74:91:f5:76:9a:c5:f1:87:
                    76:2f:cc:95:8d:5b:e3:ef:6f:a9:e0:47:c8:23:59:
                    a6:ae:58:ea:94:7d:7c:ea:52:8a:73:d6:90:1a:a7:
                    26:75:21:c1:3f:7c:ae:b0:3c:6f:96:61:8d:dd:3e:
                    c3:0a:1f:6d:bd:31:3d:ec:3f:49:83:15:f3:c6:22:
                    fe:cd:4b:01:3f:2d:98:01:7a:8e:27:a0:25:17:cc:
                    6d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:67:EF:57:A2:BD:97:15:45:EF:B6:B6:E7:A6:B6:98:46:E5:56:A3
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e1:42:94:bd:b3:5c:57:0b:b2:dc:c9:33:fb:83:e6:73:41:
         8d:af:82:c6:48:14:c4:c5:6e:e6:6e:a8:3b:56:df:b7:37:3e:
         3d:2f:f4:75:a5:8e:c0:23:67:e2:41:47:98:12:5d:23:3f:57:
         41:a4:4b:bf:b0:7f:7e:e9:d6:fb:5f:2b:b3:bd:97:fe:89:6f:
         15:96:30:7f:26:ce:c0:e3:31:de:3e:ae:d7:eb:6d:af:a2:c4:
         45:2f:fc:93:67:ac:69:a3:49:f2:a2:12:76:83:ac:b9:ff:8b:
         c7:0b:62:5d:9b:da:f8:78:ff:9c:d8:01:c6:af:c9:28:a8:11:
         fe:c7:bf:53:62:76:1f:f5:af:a6:9b:2c:e0:2f:ab:e4:f9:1c:
         4b:1e:47:00:4d:97:5f:e9:ff:00:c4:68:a3:4d:b9:e1:a3:31:
         59:74:51:3b:ea:64:9d:c2:44:20:af:ca:66:65:cf:87:1d:ca:
         0f:1f:8f:c9:48:d6:6e:ee:7e:b1:96:83:c1:1c:95:09:a4:e1:
         ec:83:73:59:6b:99:b3:18:2e:87:30:ec:e1:03:46:ee:fa:52:
         8a:4c:fc:5d:e1:80:96:64:fc:ee:c8:8f:40:3f:07:c1:7c:67:
         5d:d7:f1:2b:9b:55:24:3a:fa:eb:d1:4d:72:3d:48:b2:cb:92:
         8d:50:da:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCto0PM9TTLSZVcJMVtLNMMYt0tUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTVaFw0yNjAzMDUxMTUzNTVaMDMxMTAvBgNV
BAMTKDI2NjdFRjU3QTJCRDk3MTU0NUVGQjZCNkU3QTZCNjk4NDZFNTU2QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTPv4BkX2iJwJRRY1gagRIiWpG
5C0eZxmpafUMEuyh/7NqAcseBe9AIVzNHPniVhJTdtcvyN+J/zy+Sw5sy/LBTzRH
D3txJczWXuChoa+9aG5KaUotVTFk0pv3WNuEqM8b5Y6nnqk2vmJ/NkWwHdMG/Voi
hrWcnxdEDcvrMjHZSMhi78jy8EuJoHL0XegmTRfmxryV55CxJ3xLqevdNbHcPIgK
yc/IJ/9+o+F0kfV2msXxh3YvzJWNW+Pvb6ngR8gjWaauWOqUfXzqUopz1pAapyZ1
IcE/fK6wPG+WYY3dPsMKH229MT3sP0mDFfPGIv7NSwE/LZgBeo4noCUXzG1fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJmfvV6K9lxVF77a256a2mEblVqMwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
GDANBgkqhkiG9w0BAQsFAAOCAQEArOFClL2zXFcLstzJM/uD5nNBja+CxkgUxMVu
5m6oO1bftzc+PS/0daWOwCNn4kFHmBJdIz9XQaRLv7B/funW+18rs72X/olvFZYw
fybOwOMx3j6u1+ttr6LERS/8k2esaaNJ8qISdoOsuf+LxwtiXZva+Hj/nNgBxq/J
KKgR/se/U2J2H/Wvppss4C+r5PkcSx5HAE2XX+n/AMRoo0254aMxWXRRO+pkncJE
IK/KZmXPhx3KDx+PyUjWbu5+sZaDwRyVCaTh7INzWWuZsxguhzDs4QNG7vpSikz8
XeGAlmT87siPQD8HwXxnXdfxK5tVJDr669FNcj1IssuSjVDavQ==
-----END CERTIFICATE-----