Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132342e302f32342d3234203d3e2039333034.roa
File:                     3135322e38392e3132342e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          P1WWd2GQ0Icrr2riPtcTowC0eF6h/lkG8pMyIlQBQRs=
Subject key identifier:   EC:72:97:7E:16:B0:0B:8E:7D:B8:D5:DA:0D:62:EC:A9:7A:F1:2A:A9
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1E9CF3D8B9CB839C207B1079C66A7E6D926E8633
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132342e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 08:29:41 +0000
ROA not before:           Tue 03 Jun 2025 08:24:41 +0000
ROA not after:            Tue 02 Jun 2026 08:29:41 +0000
asID:                     9304
IP address blocks:        152.89.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:9c:f3:d8:b9:cb:83:9c:20:7b:10:79:c6:6a:7e:6d:92:6e:86:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  3 08:24:41 2025 GMT
            Not After : Jun  2 08:29:41 2026 GMT
        Subject: CN=EC72977E16B00B8E7DB8D5DA0D62ECA97AF12AA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:66:35:a9:6c:07:81:46:80:e7:b7:a8:b4:3d:
                    eb:09:bf:5d:3e:5f:35:71:0c:f9:b2:11:74:d8:39:
                    80:a5:21:71:8e:ee:04:0d:85:6a:f5:89:d7:53:fa:
                    4d:e5:72:0a:8c:65:c4:ff:6b:17:49:4e:e7:0f:20:
                    91:b4:ca:8d:f5:e4:f5:d8:7e:3e:5e:82:74:0d:30:
                    77:af:5e:4e:ce:b1:37:05:ad:1f:0c:4a:dd:12:49:
                    cc:d6:7b:36:a1:ef:f9:65:bf:d8:88:11:e2:14:08:
                    c3:fe:53:ee:dc:91:14:a2:58:a0:b8:ae:f7:c4:e8:
                    f1:c3:f0:6c:2e:49:21:ef:c3:e2:26:8b:77:78:75:
                    8b:05:5e:99:86:27:b5:0c:28:7c:19:84:44:1f:66:
                    fc:8b:33:07:11:78:3e:82:fc:d5:9a:bc:7c:dc:43:
                    db:c4:51:38:86:27:c3:20:b1:00:f8:40:50:70:2c:
                    83:f0:50:9b:06:f0:f0:a2:6b:a3:9f:ec:a8:63:72:
                    f6:49:45:ab:8e:aa:3f:2f:ab:99:e2:ad:32:5b:6d:
                    a9:c8:88:0f:d5:28:e1:3c:65:32:f0:7d:e2:c7:f2:
                    3d:8e:2d:38:5d:b6:ca:1f:c5:0c:68:5b:6e:0a:51:
                    c8:d8:08:ac:c2:67:3d:59:3e:d9:e3:97:6c:89:88:
                    06:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:72:97:7E:16:B0:0B:8E:7D:B8:D5:DA:0D:62:EC:A9:7A:F1:2A:A9
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132342e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:10:5c:f7:89:5d:6a:5c:ef:39:d8:46:93:81:46:34:89:8b:
         ed:42:f0:53:c3:65:fc:68:c0:09:c9:f9:32:1e:ca:67:6f:89:
         ba:5c:9a:7c:be:14:99:0c:9b:48:bb:a9:15:5c:bc:aa:80:d8:
         5c:cb:6c:34:d5:a2:e4:29:6e:0c:8c:b7:41:61:e2:5c:78:c3:
         ae:f4:56:03:11:26:20:bc:92:90:60:43:93:a4:73:e4:bc:ba:
         25:24:e6:65:d9:ef:f6:1f:b3:62:9f:5e:76:6c:9b:82:8e:f3:
         bf:be:da:a6:57:e3:ea:c5:30:07:64:c3:45:04:26:4e:3e:3b:
         ca:9c:ca:9b:53:a1:42:8e:29:07:6b:a3:c6:89:64:04:48:62:
         84:51:fe:16:4e:9e:93:67:79:97:8b:69:6c:7b:7e:e9:f9:4d:
         54:c6:c1:d7:54:ce:e8:ff:7d:78:d5:b4:5e:51:21:f1:a4:7b:
         da:ca:39:f9:b4:e2:0f:8b:e8:e2:a7:09:6c:e4:e4:a7:0e:5f:
         f1:eb:2f:89:e5:94:50:8c:ac:21:b7:72:ed:15:60:35:bd:5b:
         6d:d5:63:66:8d:0c:a6:cc:57:7c:4f:25:fb:ba:20:db:f9:7e:
         00:04:ad:0d:ee:61:9d:ad:fd:33:8f:d5:8c:e6:e8:19:01:b4:
         72:f6:ec:ec
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHpzz2LnLg5wgexB5xmp+bZJuhjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDMwODI0NDFaFw0yNjA2MDIwODI5NDFaMDMxMTAvBgNV
BAMTKEVDNzI5NzdFMTZCMDBCOEU3REI4RDVEQTBENjJFQ0E5N0FGMTJBQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwZjWpbAeBRoDnt6i0PesJv10+
XzVxDPmyEXTYOYClIXGO7gQNhWr1iddT+k3lcgqMZcT/axdJTucPIJG0yo315PXY
fj5egnQNMHevXk7OsTcFrR8MSt0SSczWezah7/llv9iIEeIUCMP+U+7ckRSiWKC4
rvfE6PHD8GwuSSHvw+Imi3d4dYsFXpmGJ7UMKHwZhEQfZvyLMwcReD6C/NWavHzc
Q9vEUTiGJ8MgsQD4QFBwLIPwUJsG8PCia6Of7KhjcvZJRauOqj8vq5nirTJbbanI
iA/VKOE8ZTLwfeLH8j2OLThdtsofxQxoW24KUcjYCKzCZz1ZPtnjl2yJiAa3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7HKXfhawC459uNXaDWLsqXrxKqkwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzNTMyMmUzODM5MmUzMTMy
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJhZ
fDANBgkqhkiG9w0BAQsFAAOCAQEAlBBc94ldalzvOdhGk4FGNImL7ULwU8Nl/GjA
Ccn5Mh7KZ2+JulyafL4UmQybSLupFVy8qoDYXMtsNNWi5CluDIy3QWHiXHjDrvRW
AxEmILySkGBDk6Rz5Ly6JSTmZdnv9h+zYp9edmybgo7zv77aplfj6sUwB2TDRQQm
Tj47ypzKm1OhQo4pB2ujxolkBEhihFH+Fk6ek2d5l4tpbHt+6flNVMbB11TO6P99
eNW0XlEh8aR72so5+bTiD4vo4qcJbOTkpw5f8esvieWUUIysIbdy7RVgNb1bbdVj
Zo0MpsxXfE8l+7og2/l+AAStDe5hna39M4/VjOboGQG0cvbs7A==
-----END CERTIFICATE-----