Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa
File:                     3138352e3230352e3139342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          HDzNn44BdfvI4dtyRlK2jkppuA/QWhAFLwzt480d1bY=
Subject key identifier:   E1:B7:32:4D:EC:59:16:E5:17:BD:CD:D1:EA:13:C2:85:93:C1:B2:E9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4B262CD775D6307CC3092DF27C9FFCACF805F99C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 03 Jun 2025 19:58:14 +0000
ROA not before:           Tue 03 Jun 2025 19:53:14 +0000
ROA not after:            Tue 02 Jun 2026 19:58:14 +0000
asID:                     834
IP address blocks:        185.205.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 17:19:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:26:2c:d7:75:d6:30:7c:c3:09:2d:f2:7c:9f:fc:ac:f8:05:f9:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  3 19:53:14 2025 GMT
            Not After : Jun  2 19:58:14 2026 GMT
        Subject: CN=E1B7324DEC5916E517BDCDD1EA13C28593C1B2E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:58:3e:e6:53:93:ce:42:e9:71:24:7c:d2:7c:
                    97:27:46:8b:90:1b:34:97:27:51:5d:0b:f5:b9:d2:
                    5e:f4:e5:97:92:22:38:e4:cb:41:41:8c:60:0b:fe:
                    89:dc:7a:6d:07:44:41:04:f0:30:a2:35:3d:94:b8:
                    df:90:e2:f0:96:b9:55:da:3d:99:83:c9:e1:e0:c2:
                    c1:f2:07:fd:7c:01:f3:35:51:7c:96:55:d8:cf:f7:
                    d8:11:8f:b2:e9:69:c9:6c:ed:f0:71:9c:ff:0e:6b:
                    5f:a4:b5:f0:fd:f6:65:55:6d:2e:74:67:29:c5:62:
                    cf:a7:2a:fd:4f:c9:7e:4b:55:12:1b:fc:fa:4f:c3:
                    10:44:d4:56:c0:8e:ea:e8:4f:1a:67:55:36:3b:3d:
                    15:75:cb:61:57:95:79:ae:26:69:ce:01:84:6b:6c:
                    e7:de:9c:42:3f:b6:9e:b9:fa:34:dc:91:a8:fc:b2:
                    12:66:3c:bb:1b:e9:86:b8:22:bd:0c:ba:db:cd:12:
                    6c:72:76:43:22:e2:94:bf:85:d9:4f:c2:ea:11:4b:
                    ba:10:6e:c1:7b:70:77:85:91:63:2b:03:2e:d1:3d:
                    cb:2a:8e:a4:94:a5:ad:a3:21:39:f4:bd:c9:72:3a:
                    26:e2:13:cf:fa:82:64:3a:2e:7f:ad:43:ee:0b:99:
                    7f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B7:32:4D:EC:59:16:E5:17:BD:CD:D1:EA:13:C2:85:93:C1:B2:E9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:bf:68:dc:7f:f8:ac:ee:62:ed:ec:03:34:84:ca:3d:5e:50:
         09:30:38:b9:b3:b9:33:c3:c1:0f:aa:72:48:01:a2:07:be:da:
         0d:dd:98:88:d2:4f:31:1e:ed:b9:35:24:ef:6a:74:c5:bf:24:
         15:09:a0:81:63:9c:27:8f:f2:70:9c:65:41:bb:57:ca:65:3d:
         9c:be:78:a9:97:80:c2:3d:7a:7a:73:f6:ed:95:39:6f:fd:96:
         87:06:f6:e1:cb:76:ed:c8:cd:ab:c8:a2:be:ef:d4:b7:eb:a1:
         81:25:07:f8:ff:0b:7a:7b:c8:dc:74:db:74:81:5b:f6:dc:66:
         af:82:fd:a7:5c:0a:65:2c:61:f9:57:67:51:b9:fd:6d:22:0a:
         cd:19:f3:a6:f3:6c:43:2c:37:0f:d9:d9:ae:11:8f:3e:13:f2:
         ef:27:98:f3:07:22:47:15:c1:ac:2b:66:7b:b6:1d:bc:ee:fd:
         48:1f:d9:64:65:9b:76:fd:d3:2a:f2:77:1a:20:e9:92:5d:0e:
         0b:f2:3b:15:11:fe:d8:8f:73:0e:95:72:42:19:42:1a:38:22:
         19:f8:ba:dd:75:26:2e:54:8b:01:6e:b6:e5:dd:44:b0:bc:ea:
         72:17:fd:55:2c:b1:ee:ea:6e:cd:12:cd:0e:6d:76:26:7a:8a:
         29:e0:71:32
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSyYs13XWMHzDCS3yfJ/8rPgF+ZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MDMxOTUzMTRaFw0yNjA2MDIxOTU4MTRaMDMxMTAvBgNV
BAMTKEUxQjczMjRERUM1OTE2RTUxN0JEQ0REMUVBMTNDMjg1OTNDMUIyRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWD7mU5POQulxJHzSfJcnRouQ
GzSXJ1FdC/W50l705ZeSIjjky0FBjGAL/oncem0HREEE8DCiNT2UuN+Q4vCWuVXa
PZmDyeHgwsHyB/18AfM1UXyWVdjP99gRj7Lpacls7fBxnP8Oa1+ktfD99mVVbS50
ZynFYs+nKv1PyX5LVRIb/PpPwxBE1FbAjuroTxpnVTY7PRV1y2FXlXmuJmnOAYRr
bOfenEI/tp65+jTckaj8shJmPLsb6Ya4Ir0MutvNEmxydkMi4pS/hdlPwuoRS7oQ
bsF7cHeFkWMrAy7RPcsqjqSUpa2jITn0vclyOibiE8/6gmQ6Ln+tQ+4LmX+NAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4bcyTexZFuUXvc3R6hPChZPBsukwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzUyZTMx
MzkzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnN
wjANBgkqhkiG9w0BAQsFAAOCAQEAUr9o3H/4rO5i7ewDNITKPV5QCTA4ubO5M8PB
D6pySAGiB77aDd2YiNJPMR7tuTUk72p0xb8kFQmggWOcJ4/ycJxlQbtXymU9nL54
qZeAwj16enP27ZU5b/2Whwb24ct27cjNq8iivu/Ut+uhgSUH+P8LenvI3HTbdIFb
9txmr4L9p1wKZSxh+VdnUbn9bSIKzRnzpvNsQyw3D9nZrhGPPhPy7yeY8wciRxXB
rCtme7YdvO79SB/ZZGWbdv3TKvJ3GiDpkl0OC/I7FRH+2I9zDpVyQhlCGjgiGfi6
3XUmLlSLAW625d1EsLzqchf9VSyx7upuzRLNDm12JnqKKeBxMg==
-----END CERTIFICATE-----