Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
File:                     38322e3131382e33312e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          dZw70y9MdcV4j1toR8ga+BOcGz6A4O9fJ5Btq1Os/bs=
Subject key identifier:   2C:7D:C2:03:F9:80:7D:FF:70:77:FA:3A:6B:39:A1:D2:92:AD:CA:20
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       7AC6B314B98C0E38E3D045F1ED0DCD05B66237BF
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
Signing time:             Thu 06 Mar 2025 11:53:55 +0000
ROA not before:           Thu 06 Mar 2025 11:48:55 +0000
ROA not after:            Thu 05 Mar 2026 11:53:55 +0000
asID:                     16509
IP address blocks:        82.118.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:c6:b3:14:b9:8c:0e:38:e3:d0:45:f1:ed:0d:cd:05:b6:62:37:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:55 2025 GMT
            Not After : Mar  5 11:53:55 2026 GMT
        Subject: CN=2C7DC203F9807DFF7077FA3A6B39A1D292ADCA20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:59:af:8d:1b:09:8b:1d:57:28:f3:97:74:ed:
                    53:7a:78:b1:f1:9a:ca:b2:30:ad:fa:d0:1e:e1:97:
                    e2:6c:52:b9:2c:48:7b:ee:2b:ee:9b:f6:0e:01:06:
                    57:a0:74:55:2d:ee:81:3f:8c:51:96:ae:e0:ef:10:
                    3e:e1:77:b8:c4:19:02:10:16:27:a7:29:e2:c6:c7:
                    e6:09:84:19:2e:05:66:ec:ad:cc:ce:fb:cb:27:53:
                    66:c0:0f:66:96:5c:f7:e6:04:5c:b4:5a:a5:23:70:
                    8e:b7:6e:69:49:5c:86:c7:3a:37:4a:a6:d0:c5:0d:
                    aa:6c:47:e4:5f:c6:88:19:eb:48:d4:f2:f2:89:a8:
                    e4:b1:06:dc:8e:df:00:9a:04:11:51:53:d2:fd:1d:
                    6a:48:e0:1b:3d:ba:1b:66:a0:c5:8a:c5:a1:25:12:
                    e1:a3:d0:57:65:60:0b:7c:c4:70:24:5e:3d:0c:ed:
                    5b:b7:db:a6:7f:79:2b:6f:59:14:05:5a:ae:53:f4:
                    76:a3:25:2a:ce:5f:04:8b:34:de:7b:66:b1:4f:06:
                    2f:85:43:3c:7b:74:cb:4d:f9:59:14:8d:79:b6:f1:
                    1f:60:f0:67:88:44:5d:06:81:36:ad:f0:17:ee:40:
                    3f:99:40:e5:55:e2:cb:88:8a:df:d4:ef:a6:c9:39:
                    3c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:7D:C2:03:F9:80:7D:FF:70:77:FA:3A:6B:39:A1:D2:92:AD:CA:20
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:66:a2:df:e1:dc:a2:09:b9:f9:76:90:86:8b:a2:83:99:a2:
         0d:29:16:63:75:82:89:10:b7:4e:54:13:c5:25:a6:34:bc:37:
         4a:5e:d2:5a:4a:5e:5f:8f:2f:fd:62:b7:5d:96:45:34:b8:a9:
         07:a5:5b:3d:22:3b:46:98:40:4f:07:39:2c:74:dc:28:99:2e:
         ec:3f:b9:cd:a5:24:ef:bd:62:98:c9:c5:90:96:79:36:a7:34:
         d6:e2:84:6f:0c:15:f2:ee:9b:53:92:db:a9:93:d6:3c:df:2f:
         bc:85:b8:42:2f:1f:8c:91:cb:21:5e:c3:5c:64:5e:57:f7:bf:
         bd:fb:08:c8:37:76:70:9e:c3:01:8d:11:6b:28:17:b3:45:29:
         02:61:5b:5b:5d:3a:0d:74:f6:26:e3:4d:d8:f0:26:9f:b5:bb:
         0a:bb:be:4b:49:6a:25:57:87:e7:30:db:c9:88:24:1e:1d:d4:
         32:26:2f:20:00:19:e8:29:75:9e:44:14:b0:5f:e6:c5:15:c9:
         34:d6:1f:df:3e:fa:dc:f5:54:3c:ed:08:76:81:4a:8c:ae:a6:
         02:39:78:1e:34:52:5a:fe:d4:22:bb:45:39:d7:92:aa:15:1d:
         3e:da:19:1a:b1:bf:a9:4b:e8:1d:25:a3:86:d5:2f:a5:4e:d0:
         23:09:04:11
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUesazFLmMDjjj0EXx7Q3NBbZiN78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTVaFw0yNjAzMDUxMTUzNTVaMDMxMTAvBgNV
BAMTKDJDN0RDMjAzRjk4MDdERkY3MDc3RkEzQTZCMzlBMUQyOTJBRENBMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFWa+NGwmLHVco85d07VN6eLHx
msqyMK360B7hl+JsUrksSHvuK+6b9g4BBlegdFUt7oE/jFGWruDvED7hd7jEGQIQ
FienKeLGx+YJhBkuBWbsrczO+8snU2bAD2aWXPfmBFy0WqUjcI63bmlJXIbHOjdK
ptDFDapsR+RfxogZ60jU8vKJqOSxBtyO3wCaBBFRU9L9HWpI4Bs9uhtmoMWKxaEl
EuGj0FdlYAt8xHAkXj0M7Vu326Z/eStvWRQFWq5T9HajJSrOXwSLNN57ZrFPBi+F
Qzx7dMtN+VkUjXm28R9g8GeIRF0GgTat8BfuQD+ZQOVV4suIit/U76bJOTzTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULH3CA/mAff9wd/o6azmh0pKtyiAwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
HzANBgkqhkiG9w0BAQsFAAOCAQEABmai3+Hcogm5+XaQhouig5miDSkWY3WCiRC3
TlQTxSWmNLw3Sl7SWkpeX48v/WK3XZZFNLipB6VbPSI7RphATwc5LHTcKJku7D+5
zaUk771imMnFkJZ5Nqc01uKEbwwV8u6bU5LbqZPWPN8vvIW4Qi8fjJHLIV7DXGRe
V/e/vfsIyDd2cJ7DAY0RaygXs0UpAmFbW106DXT2JuNN2PAmn7W7Cru+S0lqJVeH
5zDbyYgkHh3UMiYvIAAZ6Cl1nkQUsF/mxRXJNNYf3z763PVUPO0IdoFKjK6mAjl4
HjRSWv7UIrtFOdeSqhUdPtoZGrG/qUvoHSWjhtUvpU7QIwkEEQ==
-----END CERTIFICATE-----