Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa
File:                     3138352e3138372e3233322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rtaPM2wwq8QTc1ICMDFNQ2pglYDV/M7ZTGkBU45ZozI=
Subject key identifier:   97:41:60:2C:F4:83:FD:F0:1E:B1:04:7E:0D:0D:F7:2A:09:D1:C0:29
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4E263F1F6B57371F83A59D06FFB70ABB7F527CC3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 01 Sep 2025 07:41:56 +0000
ROA not before:           Mon 01 Sep 2025 07:36:56 +0000
ROA not after:            Mon 31 Aug 2026 07:41:56 +0000
asID:                     834
IP address blocks:        185.187.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:26:3f:1f:6b:57:37:1f:83:a5:9d:06:ff:b7:0a:bb:7f:52:7c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep  1 07:36:56 2025 GMT
            Not After : Aug 31 07:41:56 2026 GMT
        Subject: CN=9741602CF483FDF01EB1047E0D0DF72A09D1C029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:83:ee:8b:05:c9:41:90:59:49:18:d8:2d:68:
                    86:1b:f9:b5:71:9e:fd:0b:35:9d:ba:fb:06:6c:53:
                    b9:b7:19:db:8e:5f:8f:2f:d4:57:79:5d:5f:7c:e4:
                    1d:25:db:ab:7a:27:72:de:df:31:e8:71:d8:44:21:
                    83:3f:b5:0d:05:aa:b1:5e:59:da:04:4a:19:c2:c7:
                    23:2a:bc:e5:e0:75:80:3d:64:bc:76:31:c8:d0:81:
                    56:6d:12:19:5a:51:90:11:98:e7:9d:00:27:aa:b0:
                    68:79:0c:85:3e:f0:3c:56:6a:e5:f4:31:ed:f1:3b:
                    df:83:29:62:10:35:5a:a8:75:1f:7e:24:5d:99:d3:
                    be:92:2b:5d:4e:8a:9f:c1:78:d7:e0:32:82:c9:cf:
                    e1:53:5a:76:8b:a5:06:aa:34:97:40:0b:fe:df:d4:
                    74:f3:c3:d5:f4:e9:a4:93:47:14:4f:74:79:bc:cf:
                    f8:d9:cf:0c:d9:de:49:3b:28:be:c9:0b:0f:28:b5:
                    04:f6:3d:6c:9f:56:2f:e6:67:00:a8:53:66:59:16:
                    68:2c:9a:1d:73:c1:4e:aa:a6:06:c2:0f:14:81:c9:
                    7f:0a:74:58:49:58:08:6a:52:ea:44:9b:7f:e8:d3:
                    69:cc:7a:5b:b1:df:56:82:50:04:14:b4:b9:33:cf:
                    28:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:41:60:2C:F4:83:FD:F0:1E:B1:04:7E:0D:0D:F7:2A:09:D1:C0:29
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:2b:9a:3d:6e:30:55:89:9e:f6:89:6d:f4:fe:e0:80:0d:16:
         41:c0:aa:d1:fe:2a:d7:ad:2a:5f:87:c7:07:0e:f1:d8:05:44:
         bb:12:54:c4:9b:00:6e:2a:9c:f1:b7:ed:89:0b:29:71:01:97:
         ce:d2:7d:da:93:4e:43:c4:9f:1e:ec:1d:d0:98:17:7c:65:9a:
         29:b8:5b:01:3a:15:a8:71:34:dd:3d:d3:e1:0e:be:8c:fa:e6:
         5c:4e:07:c8:b6:50:e0:a3:95:eb:08:f5:37:19:24:cb:71:a3:
         aa:ea:0a:a5:9a:5e:8a:07:6b:62:fa:b4:3a:18:27:08:54:7f:
         d2:d2:f2:d1:83:14:f1:d7:48:49:6a:44:28:46:a9:1b:6e:e7:
         50:a1:d5:d1:fc:88:7d:e8:93:b9:a8:c5:28:58:2e:d0:9f:94:
         ac:97:fa:b7:5f:27:e9:99:bc:ce:61:f7:63:a2:7c:6f:da:99:
         a9:7f:f5:22:63:b5:2e:a7:a6:84:c1:b1:58:06:ba:71:0f:37:
         07:31:16:9a:96:68:58:ca:15:8f:dd:45:55:7e:d2:af:94:75:
         20:2a:c8:6c:7c:b5:97:bb:1d:d5:b7:24:79:e9:30:b4:2d:80:
         e7:0f:eb:fc:91:7b:aa:18:7d:59:f0:e7:d1:f5:14:a5:ae:f8:
         95:f9:94:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTiY/H2tXNx+DpZ0G/7cKu39SfMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MDEwNzM2NTZaFw0yNjA4MzEwNzQxNTZaMDMxMTAvBgNV
BAMTKDk3NDE2MDJDRjQ4M0ZERjAxRUIxMDQ3RTBEMERGNzJBMDlEMUMwMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0g+6LBclBkFlJGNgtaIYb+bVx
nv0LNZ26+wZsU7m3GduOX48v1Fd5XV985B0l26t6J3Le3zHocdhEIYM/tQ0FqrFe
WdoEShnCxyMqvOXgdYA9ZLx2McjQgVZtEhlaUZARmOedACeqsGh5DIU+8DxWauX0
Me3xO9+DKWIQNVqodR9+JF2Z076SK11Oip/BeNfgMoLJz+FTWnaLpQaqNJdAC/7f
1HTzw9X06aSTRxRPdHm8z/jZzwzZ3kk7KL7JCw8otQT2PWyfVi/mZwCoU2ZZFmgs
mh1zwU6qpgbCDxSByX8KdFhJWAhqUupEm3/o02nMelux31aCUAQUtLkzzyjbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUl0FgLPSD/fAesQR+DQ33KgnRwCkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzcyZTMy
MzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm7
6DANBgkqhkiG9w0BAQsFAAOCAQEAJCuaPW4wVYme9olt9P7ggA0WQcCq0f4q160q
X4fHBw7x2AVEuxJUxJsAbiqc8bftiQspcQGXztJ92pNOQ8SfHuwd0JgXfGWaKbhb
AToVqHE03T3T4Q6+jPrmXE4HyLZQ4KOV6wj1Nxkky3GjquoKpZpeigdrYvq0Ohgn
CFR/0tLy0YMU8ddISWpEKEapG27nUKHV0fyIfeiTuajFKFgu0J+UrJf6t18n6Zm8
zmH3Y6J8b9qZqX/1ImO1LqemhMGxWAa6cQ83BzEWmpZoWMoVj91FVX7Sr5R1ICrI
bHy1l7sd1bckeekwtC2A5w/r/JF7qhh9WfDn0fUUpa74lfmUcg==
-----END CERTIFICATE-----