Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132372e302f32342d3234203d3e2039333034.roa
File:                     3135322e38392e3132372e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          Ff76xNrgaZRXx+hv3N6+BJpRivufmGlkX0UqWJuOdnw=
Subject key identifier:   58:A6:B9:2F:39:27:D4:BE:4D:42:57:3C:84:EC:55:B8:FC:E2:15:66
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       298FC6E324E3C1022434AEBEC9FBB12F7798011F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132372e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 08:29:40 +0000
ROA not before:           Tue 03 Jun 2025 08:24:40 +0000
ROA not after:            Tue 02 Jun 2026 08:29:40 +0000
asID:                     9304
IP address blocks:        152.89.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:8f:c6:e3:24:e3:c1:02:24:34:ae:be:c9:fb:b1:2f:77:98:01:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  3 08:24:40 2025 GMT
            Not After : Jun  2 08:29:40 2026 GMT
        Subject: CN=58A6B92F3927D4BE4D42573C84EC55B8FCE21566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a8:63:fa:ec:dd:a1:ac:92:62:12:df:95:50:
                    c5:95:95:06:81:5b:27:ff:11:e1:0c:93:3a:97:27:
                    dc:36:38:f6:4d:9b:e6:8f:4e:30:e6:fb:e4:a8:31:
                    8c:4c:52:ca:aa:93:99:da:d0:eb:e2:c9:d1:94:a7:
                    6e:70:fe:df:36:f5:5f:8d:d2:df:b3:18:92:d2:d2:
                    16:6c:c4:fa:90:7f:15:be:11:ab:4f:4f:d6:df:18:
                    34:64:7e:32:43:47:0e:ec:83:c5:9b:3d:49:17:cc:
                    6f:ff:b4:4f:b5:a2:3f:1e:a6:a4:18:26:c4:c2:5f:
                    b9:7d:b7:97:8f:74:76:be:7a:6a:e1:4f:24:46:04:
                    2a:91:33:ef:4a:22:a4:78:ba:53:91:3f:ef:b1:71:
                    94:04:0d:87:c7:2d:d3:91:b7:ca:8d:ac:e0:85:24:
                    7d:d4:67:4e:76:2e:49:15:5a:d8:20:aa:19:67:a6:
                    11:3c:2c:4f:d8:1a:4d:5c:d9:15:c1:d8:59:3c:a2:
                    46:9b:b6:3a:48:25:de:eb:59:61:2a:95:88:73:a6:
                    f6:23:74:74:be:f4:fc:6e:ee:45:93:09:90:65:27:
                    fc:25:39:6e:68:06:5e:bc:d2:b1:46:1c:6b:d3:d8:
                    6d:3d:46:2f:61:c6:d9:8b:cc:c4:1e:4c:bd:b1:ff:
                    e5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A6:B9:2F:39:27:D4:BE:4D:42:57:3C:84:EC:55:B8:FC:E2:15:66
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132372e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:cc:a4:fa:24:85:a7:59:96:3a:8b:84:37:8c:88:7f:3d:54:
         e8:03:b3:47:32:84:41:52:4f:cf:99:86:5f:42:31:c7:5d:51:
         5f:b0:8d:e5:57:66:52:85:fb:a0:51:92:7e:2d:c8:ca:97:6e:
         c7:5f:54:97:27:6a:2d:05:d5:91:50:9e:ae:16:2e:60:bf:28:
         47:f4:12:e5:a2:6f:be:ec:9a:ba:ce:5c:2f:59:ad:45:3d:33:
         4c:02:ee:ae:a1:9f:23:77:5b:69:fa:37:e2:ea:36:6c:54:4c:
         88:7b:8a:13:29:8c:81:d5:5a:1b:4c:6b:ff:cb:10:22:68:94:
         17:c9:d4:7e:fc:91:a9:44:43:93:50:6c:23:5a:50:97:6b:9d:
         4b:e0:2d:73:5a:82:be:27:ba:e0:2b:e4:87:af:3e:1f:09:ed:
         96:41:8f:24:99:88:f7:11:96:fa:01:14:6e:cc:0c:4c:a6:6d:
         ac:21:09:b1:0f:f8:ab:13:92:a8:5c:c0:69:ed:69:e8:aa:8e:
         c3:11:2b:64:64:e2:91:c9:e3:7f:11:b8:65:d3:35:5c:82:80:
         5c:21:bd:a2:c2:4e:22:94:48:7e:26:d6:47:ec:74:fa:4e:41:
         91:f9:8b:93:0b:2f:f9:61:30:14:30:1d:ce:ed:14:e8:a9:bc:
         14:33:65:e2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKY/G4yTjwQIkNK6+yfuxL3eYAR8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDMwODI0NDBaFw0yNjA2MDIwODI5NDBaMDMxMTAvBgNV
BAMTKDU4QTZCOTJGMzkyN0Q0QkU0RDQyNTczQzg0RUM1NUI4RkNFMjE1NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWqGP67N2hrJJiEt+VUMWVlQaB
Wyf/EeEMkzqXJ9w2OPZNm+aPTjDm++SoMYxMUsqqk5na0OviydGUp25w/t829V+N
0t+zGJLS0hZsxPqQfxW+EatPT9bfGDRkfjJDRw7sg8WbPUkXzG//tE+1oj8epqQY
JsTCX7l9t5ePdHa+emrhTyRGBCqRM+9KIqR4ulORP++xcZQEDYfHLdORt8qNrOCF
JH3UZ052LkkVWtggqhlnphE8LE/YGk1c2RXB2Fk8okabtjpIJd7rWWEqlYhzpvYj
dHS+9Pxu7kWTCZBlJ/wlOW5oBl680rFGHGvT2G09Ri9hxtmLzMQeTL2x/+V/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWKa5Lzkn1L5NQlc8hOxVuPziFWYwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzNTMyMmUzODM5MmUzMTMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJhZ
fzANBgkqhkiG9w0BAQsFAAOCAQEArMyk+iSFp1mWOouEN4yIfz1U6AOzRzKEQVJP
z5mGX0Ixx11RX7CN5VdmUoX7oFGSfi3Iypdux19UlydqLQXVkVCerhYuYL8oR/QS
5aJvvuyaus5cL1mtRT0zTALurqGfI3dbafo34uo2bFRMiHuKEymMgdVaG0xr/8sQ
ImiUF8nUfvyRqURDk1BsI1pQl2udS+Atc1qCvie64Cvkh68+HwntlkGPJJmI9xGW
+gEUbswMTKZtrCEJsQ/4qxOSqFzAae1p6KqOwxErZGTikcnjfxG4ZdM1XIKAXCG9
osJOIpRIfibWR+x0+k5BkfmLkwsv+WEwFDAdzu0U6Km8FDNl4g==
-----END CERTIFICATE-----