Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3235302e33392e302f32342d3234203d3e20383334.roa
File:                     3138352e3235302e33392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          TxpkBIx+UpyL6+PTUFYORDaa/0bN723NIVyl3S0FJFM=
Subject key identifier:   9A:DB:11:AE:B3:83:EF:C9:0F:3E:65:B9:D8:2B:DE:63:FA:08:67:38
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4ADF9D1EECEBB668842B1326492E8C8B7E7F7368
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3235302e33392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 11 Feb 2025 08:17:40 +0000
ROA not before:           Tue 11 Feb 2025 08:12:40 +0000
ROA not after:            Tue 10 Feb 2026 08:17:40 +0000
asID:                     834
IP address blocks:        185.250.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:df:9d:1e:ec:eb:b6:68:84:2b:13:26:49:2e:8c:8b:7e:7f:73:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 11 08:12:40 2025 GMT
            Not After : Feb 10 08:17:40 2026 GMT
        Subject: CN=9ADB11AEB383EFC90F3E65B9D82BDE63FA086738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4d:b1:70:86:52:46:6a:c2:48:c0:22:02:7e:
                    24:ad:ff:08:7e:c4:78:b1:48:64:ae:3e:9b:b9:25:
                    53:a5:b8:84:3a:b4:d3:47:60:16:e7:7a:09:f8:2a:
                    22:bf:7a:be:81:ee:2a:85:41:88:3c:25:b7:0e:15:
                    12:62:14:db:b3:b8:02:80:cb:27:c0:73:7a:fa:ab:
                    5e:fe:e2:89:fd:e9:7c:cd:f4:f9:84:2a:b2:41:56:
                    4c:a2:1e:6e:a6:2c:19:2f:5b:8c:67:0c:ff:d9:8c:
                    45:54:fa:11:3d:9e:39:ac:0f:91:f5:6f:6a:49:7d:
                    32:9f:14:18:63:4a:23:0a:73:60:e9:17:34:09:1b:
                    59:1a:d1:81:e7:f8:88:86:04:a2:20:d1:62:a8:8a:
                    75:e3:57:40:83:9e:ec:a1:25:e0:e1:42:26:32:97:
                    45:47:60:6e:6b:d2:c2:c2:42:79:64:97:20:98:0c:
                    6d:70:9a:7d:fb:e0:91:fc:10:0e:67:c2:d5:c1:ed:
                    dc:ce:dd:d8:ee:37:da:73:46:cb:5e:3f:a9:5b:7d:
                    10:1f:54:5e:9d:f8:13:07:a0:28:63:bd:5f:a9:26:
                    db:9a:46:8d:6b:89:c8:c5:ff:fd:01:8a:7a:5f:a4:
                    fa:6c:7b:02:a6:52:2f:a4:11:f7:ec:9b:b9:37:39:
                    e4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DB:11:AE:B3:83:EF:C9:0F:3E:65:B9:D8:2B:DE:63:FA:08:67:38
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3235302e33392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:06:d7:71:d7:32:4a:d0:a9:25:a3:2a:80:be:b0:cf:6b:f4:
         f4:65:c2:c8:a7:cc:9f:ff:d9:4e:48:c2:50:86:ec:d4:e3:d3:
         95:ca:d1:40:36:2b:8b:5e:f7:ec:7d:84:c8:4e:90:d7:b4:b5:
         f1:45:74:b3:4d:d8:f3:4f:e4:6d:03:6c:18:ff:eb:2b:99:5f:
         b7:2f:38:40:02:aa:01:c2:a6:d9:76:26:d8:15:d9:99:c5:3d:
         4b:32:3b:33:a7:1a:64:99:d1:61:37:92:de:cd:0f:0f:21:f7:
         e8:99:2b:e8:87:89:25:01:78:a3:e8:16:b8:69:ed:ba:f0:c2:
         81:3b:22:dc:e2:fe:25:03:0a:ea:20:33:97:87:e8:ef:39:1c:
         a9:15:19:28:5b:0e:a8:06:c7:b5:58:35:e0:ab:11:20:60:7d:
         76:f6:e9:56:91:af:22:9b:db:93:03:9c:9e:8a:b9:7c:97:3f:
         4d:f9:18:eb:20:5a:cf:02:3b:49:8e:49:0d:bf:48:96:8d:17:
         53:32:ac:e7:ea:b7:e5:23:ac:3c:38:88:39:bb:df:6d:79:eb:
         d6:80:b2:53:ce:53:6a:c8:d5:93:4b:66:f5:f6:fd:84:47:8d:
         c9:ce:48:4e:ea:5a:e7:78:3f:17:0f:3d:9f:57:da:6c:78:ba:
         83:33:ab:ec
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSt+dHuzrtmiEKxMmSS6Mi35/c2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAyMTEwODEyNDBaFw0yNjAyMTAwODE3NDBaMDMxMTAvBgNV
BAMTKDlBREIxMUFFQjM4M0VGQzkwRjNFNjVCOUQ4MkJERTYzRkEwODY3MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrTbFwhlJGasJIwCICfiSt/wh+
xHixSGSuPpu5JVOluIQ6tNNHYBbnegn4KiK/er6B7iqFQYg8JbcOFRJiFNuzuAKA
yyfAc3r6q17+4on96XzN9PmEKrJBVkyiHm6mLBkvW4xnDP/ZjEVU+hE9njmsD5H1
b2pJfTKfFBhjSiMKc2DpFzQJG1ka0YHn+IiGBKIg0WKoinXjV0CDnuyhJeDhQiYy
l0VHYG5r0sLCQnlklyCYDG1wmn374JH8EA5nwtXB7dzO3djuN9pzRsteP6lbfRAf
VF6d+BMHoChjvV+pJtuaRo1ricjF//0BinpfpPpsewKmUi+kEffsm7k3OeRdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmtsRrrOD78kPPmW52CveY/oIZzgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjM1MzAyZTMz
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5+icw
DQYJKoZIhvcNAQELBQADggEBAAsG13HXMkrQqSWjKoC+sM9r9PRlwsinzJ//2U5I
wlCG7NTj05XK0UA2K4te9+x9hMhOkNe0tfFFdLNN2PNP5G0DbBj/6yuZX7cvOEAC
qgHCptl2JtgV2ZnFPUsyOzOnGmSZ0WE3kt7NDw8h9+iZK+iHiSUBeKPoFrhp7brw
woE7Itzi/iUDCuogM5eH6O85HKkVGShbDqgGx7VYNeCrESBgfXb26VaRryKb25MD
nJ6KuXyXP035GOsgWs8CO0mOSQ2/SJaNF1MyrOfqt+UjrDw4iDm7321569aAslPO
U2rI1ZNLZvX2/YRHjcnOSE7qWud4PxcPPZ9X2mx4uoMzq+w=
-----END CERTIFICATE-----