Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa
File:                     38322e3131382e33312e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          wvDzUoP7CPq9aLULkOQpWdOz0A0iOdA1o16i2vJZZa4=
Subject key identifier:   EB:10:82:90:B8:33:D7:8C:08:C2:33:28:4A:39:BA:CB:2D:66:47:20
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       08B074372B1862B42D84869040E24BE3406DA320
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa
Signing time:             Thu 06 Mar 2025 11:53:56 +0000
ROA not before:           Thu 06 Mar 2025 11:48:56 +0000
ROA not after:            Thu 05 Mar 2026 11:53:56 +0000
asID:                     14618
IP address blocks:        82.118.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:b0:74:37:2b:18:62:b4:2d:84:86:90:40:e2:4b:e3:40:6d:a3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:56 2025 GMT
            Not After : Mar  5 11:53:56 2026 GMT
        Subject: CN=EB108290B833D78C08C233284A39BACB2D664720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1d:56:03:70:1a:53:83:10:92:af:17:4e:98:
                    ac:dc:f4:7a:b6:63:6e:76:1f:43:74:20:3b:db:90:
                    92:44:1e:40:e1:ce:fa:50:b0:c4:6b:11:c9:12:57:
                    d1:50:69:56:d2:88:29:b0:c2:99:4e:3d:f8:e2:bb:
                    41:73:7d:9f:da:f9:79:7c:26:cf:23:f8:7b:65:66:
                    92:13:50:38:49:fc:78:f9:eb:ed:a4:93:80:1f:46:
                    a6:38:7d:fe:63:96:c6:9f:fd:37:18:57:f1:ac:e7:
                    50:db:63:9b:39:3d:f2:f1:1c:94:c5:15:c1:ee:57:
                    c4:74:d6:fd:e5:8b:fa:38:82:5f:22:e6:f9:a4:92:
                    a0:40:28:8c:7e:b6:ea:19:f2:e0:7c:8e:51:c4:b4:
                    e1:2a:fb:ad:d1:9d:75:44:a5:a9:d9:59:60:d9:c8:
                    85:31:5b:bf:33:f6:e0:be:eb:cb:e3:23:6a:91:b7:
                    cd:df:2f:fa:d9:1c:4a:54:14:48:3e:f7:08:07:a9:
                    20:26:7e:aa:02:9b:01:fc:44:f3:f1:fb:99:58:c7:
                    f6:e3:ef:9e:c2:d6:e6:9f:7c:a0:70:71:4e:b6:e5:
                    8a:68:7f:b1:2e:cd:10:c1:51:48:2e:be:2f:03:86:
                    a2:fa:d3:ad:9f:2f:2f:a2:93:9b:46:2e:47:cd:0f:
                    64:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:10:82:90:B8:33:D7:8C:08:C2:33:28:4A:39:BA:CB:2D:66:47:20
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:83:b3:d5:fc:e7:c9:5c:8a:d4:0c:f7:c2:44:62:c9:ed:23:
         9a:e0:2c:48:9a:25:5d:89:12:56:93:55:d9:59:a4:76:45:af:
         2e:4e:36:22:ef:90:d4:81:55:ad:eb:66:9f:4c:36:95:20:69:
         d6:4c:26:59:83:c9:00:bd:f1:62:6b:b0:23:82:00:2a:22:13:
         5c:34:29:44:b3:88:2e:30:48:6d:76:65:de:ce:70:58:d4:f9:
         18:34:84:88:20:f4:a4:40:ff:7e:4d:c3:b0:51:f5:1f:9a:1f:
         19:04:a7:d3:fb:a8:11:40:2a:89:63:a9:9b:ff:9a:c2:71:19:
         4c:8c:50:da:05:29:44:af:24:8f:86:6f:e8:60:6b:e2:63:fe:
         bf:e7:96:ff:74:5b:a1:f2:35:b9:87:e8:e9:e8:c7:64:b9:fb:
         7b:11:9b:a4:5e:12:94:0c:21:cc:91:34:45:0a:b2:a8:e2:70:
         bf:a3:24:41:bc:15:03:a2:c4:a5:89:0b:12:90:46:10:3b:b6:
         55:1c:b6:51:0f:c0:a2:d5:33:08:71:cc:44:61:6a:10:3b:67:
         67:3a:42:e3:29:c2:f2:d4:34:2e:85:7a:70:40:f2:80:ec:49:
         d9:4e:13:eb:e3:0a:91:6d:20:8d:1b:39:35:d6:64:d8:e9:e9:
         40:ad:3f:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCLB0NysYYrQthIaQQOJL40BtoyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTZaFw0yNjAzMDUxMTUzNTZaMDMxMTAvBgNV
BAMTKEVCMTA4MjkwQjgzM0Q3OEMwOEMyMzMyODRBMzlCQUNCMkQ2NjQ3MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEHVYDcBpTgxCSrxdOmKzc9Hq2
Y252H0N0IDvbkJJEHkDhzvpQsMRrEckSV9FQaVbSiCmwwplOPfjiu0FzfZ/a+Xl8
Js8j+HtlZpITUDhJ/Hj56+2kk4AfRqY4ff5jlsaf/TcYV/Gs51DbY5s5PfLxHJTF
FcHuV8R01v3li/o4gl8i5vmkkqBAKIx+tuoZ8uB8jlHEtOEq+63RnXVEpanZWWDZ
yIUxW78z9uC+68vjI2qRt83fL/rZHEpUFEg+9wgHqSAmfqoCmwH8RPPx+5lYx/bj
757C1uaffKBwcU625Ypof7EuzRDBUUguvi8DhqL6062fLy+ik5tGLkfND2QNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6xCCkLgz14wIwjMoSjm6yy1mRyAwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
HzANBgkqhkiG9w0BAQsFAAOCAQEAtYOz1fznyVyK1Az3wkRiye0jmuAsSJolXYkS
VpNV2VmkdkWvLk42Iu+Q1IFVretmn0w2lSBp1kwmWYPJAL3xYmuwI4IAKiITXDQp
RLOILjBIbXZl3s5wWNT5GDSEiCD0pED/fk3DsFH1H5ofGQSn0/uoEUAqiWOpm/+a
wnEZTIxQ2gUpRK8kj4Zv6GBr4mP+v+eW/3RbofI1uYfo6ejHZLn7exGbpF4SlAwh
zJE0RQqyqOJwv6MkQbwVA6LEpYkLEpBGEDu2VRy2UQ/AotUzCHHMRGFqEDtnZzpC
4ynC8tQ0LoV6cEDygOxJ2U4T6+MKkW0gjRs5NdZk2OnpQK0/3g==
-----END CERTIFICATE-----