Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa
File:                     3138352e302e33322e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          Bgig5l99Ezi9DLpOcohgj3eVzaZ4PGpUU4nIseSfjvo=
Subject key identifier:   7D:D0:FE:EA:50:60:0E:CE:B3:B5:DF:67:5C:63:C6:81:B0:8F:FF:22
Certificate issuer:       /CN=600579021287ea6495d7f934a6ded30ee2a5bb38
Certificate serial:       037C5C883897E19F5310F5DFA4889A2BC185827A
Authority key identifier: 60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa
Signing time:             Thu 30 Oct 2025 23:26:16 +0000
ROA not before:           Thu 30 Oct 2025 23:21:16 +0000
ROA not after:            Thu 29 Oct 2026 23:26:16 +0000
asID:                     0
IP address blocks:        185.0.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7c:5c:88:38:97:e1:9f:53:10:f5:df:a4:88:9a:2b:c1:85:82:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=600579021287ea6495d7f934a6ded30ee2a5bb38
        Validity
            Not Before: Oct 30 23:21:16 2025 GMT
            Not After : Oct 29 23:26:16 2026 GMT
        Subject: CN=7DD0FEEA50600ECEB3B5DF675C63C681B08FFF22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ed:73:c5:88:2f:26:b7:90:fe:3a:b4:08:57:
                    d4:b0:21:ef:ed:92:60:9a:c0:25:73:f8:73:ab:26:
                    8e:7e:61:05:7f:6c:4d:a8:88:0f:5f:f2:a0:d4:c7:
                    33:0a:87:db:8c:93:91:d9:84:b9:5c:f2:82:ed:3d:
                    6c:38:a8:7e:ff:3c:d1:d9:39:87:90:13:5e:41:23:
                    21:be:f4:7a:0e:91:c9:d5:d7:68:8b:9b:a1:2f:71:
                    ef:37:06:a9:a2:1c:6d:b4:ae:50:37:2e:02:f7:d4:
                    a6:91:9c:12:e5:0e:d5:95:83:11:38:be:af:69:10:
                    99:60:ec:65:93:19:5a:99:67:70:5a:bc:b3:56:a7:
                    4b:35:3d:88:3a:da:7d:5e:3a:ca:00:c2:41:60:6d:
                    fa:f5:b8:58:f3:a6:96:85:f4:6e:4d:21:0e:30:cc:
                    32:95:6d:dd:4c:2b:17:16:b9:91:ed:e8:fe:e8:75:
                    df:9a:30:d0:50:21:45:2f:41:79:b1:99:f7:0a:01:
                    b1:1e:97:31:8a:74:56:58:62:4b:23:88:24:ac:93:
                    a8:04:2c:36:3d:1d:c0:c5:26:8c:2c:88:b1:cf:fd:
                    3c:6b:98:ba:fc:1e:c2:b2:31:bc:99:64:ba:33:a3:
                    9e:28:aa:c5:9e:5b:fb:17:dd:df:01:94:8a:52:56:
                    02:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D0:FE:EA:50:60:0E:CE:B3:B5:DF:67:5C:63:C6:81:B0:8F:FF:22
            X509v3 Authority Key Identifier:
                keyid:60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:d6:3e:86:0b:fe:f3:7d:b0:da:61:b5:5f:e5:d8:03:15:43:
         85:cd:c6:55:ac:df:1c:2d:38:2b:4e:b7:a3:0b:b3:48:f8:a3:
         7d:f7:89:92:58:ed:fc:76:68:63:0c:db:63:2a:d8:e7:0c:32:
         6e:cf:20:6a:b3:18:24:a0:28:b2:5d:f7:5c:bd:bd:54:b2:9c:
         a7:de:3c:6b:d8:dd:17:f9:52:8d:c7:05:09:3e:a2:bb:94:dd:
         87:bf:2b:df:0e:2f:70:d8:1c:37:8e:f8:c8:12:be:11:66:ff:
         8a:25:8b:4f:e4:d8:d4:0d:03:9a:37:15:20:d8:a3:01:6f:36:
         b5:d1:92:9c:a4:10:4b:7a:a9:75:c9:76:ec:14:41:d9:f7:6c:
         71:04:78:26:bc:85:e5:3c:91:d0:e6:32:7e:8b:fb:f0:de:f3:
         32:c1:1c:06:3b:c7:59:51:aa:b4:70:e6:38:73:ff:8f:c8:c6:
         05:f7:38:8f:80:03:60:a7:55:5b:76:ce:5d:75:75:c2:06:8e:
         4e:f5:6f:b9:56:05:6a:4b:39:84:36:44:17:f0:4d:91:e2:78:
         83:d3:50:e8:9c:d5:cb:23:95:bf:73:14:70:5d:cb:e9:98:b0:
         68:08:27:fc:b7:03:a4:8c:90:2b:a0:48:c7:84:84:9e:f0:c2:
         d4:62:f3:99
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUA3xciDiX4Z9TEPXfpIiaK8GFgnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAwNTc5MDIxMjg3ZWE2NDk1ZDdmOTM0YTZkZWQzMGVl
MmE1YmIzODAeFw0yNTEwMzAyMzIxMTZaFw0yNjEwMjkyMzI2MTZaMDMxMTAvBgNV
BAMTKDdERDBGRUVBNTA2MDBFQ0VCM0I1REY2NzVDNjNDNjgxQjA4RkZGMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj7XPFiC8mt5D+OrQIV9SwIe/t
kmCawCVz+HOrJo5+YQV/bE2oiA9f8qDUxzMKh9uMk5HZhLlc8oLtPWw4qH7/PNHZ
OYeQE15BIyG+9HoOkcnV12iLm6Evce83BqmiHG20rlA3LgL31KaRnBLlDtWVgxE4
vq9pEJlg7GWTGVqZZ3BavLNWp0s1PYg62n1eOsoAwkFgbfr1uFjzppaF9G5NIQ4w
zDKVbd1MKxcWuZHt6P7odd+aMNBQIUUvQXmxmfcKAbEelzGKdFZYYksjiCSsk6gE
LDY9HcDFJowsiLHP/TxrmLr8HsKyMbyZZLozo54oqsWeW/sX3d8BlIpSVgILAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUfdD+6lBgDs6ztd9nXGPGgbCP/yIwHwYDVR0j
BBgwFoAUYAV5AhKH6mSV1/k0pt7TDuKluzgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUtMmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0
OGZhLzAvNjAwNTc5MDIxMjg3RUE2NDk1RDdGOTM0QTZERUQzMEVFMkE1QkIzOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lBVjVBaEtINm1TVjFfazBwdDdURHVL
bHV6Zy5jZXIwgaEGCCsGAQUFBwELBIGUMIGRMIGOBggrBgEFBQcwC4aBgXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUt
MmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0OGZhLzAvMzEzODM1MmUzMDJlMzMzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQAgMA0GCSqGSIb3
DQEBCwUAA4IBAQDN1j6GC/7zfbDaYbVf5dgDFUOFzcZVrN8cLTgrTrejC7NI+KN9
94mSWO38dmhjDNtjKtjnDDJuzyBqsxgkoCiyXfdcvb1Uspyn3jxr2N0X+VKNxwUJ
PqK7lN2HvyvfDi9w2Bw3jvjIEr4RZv+KJYtP5NjUDQOaNxUg2KMBbza10ZKcpBBL
eql1yXbsFEHZ92xxBHgmvIXlPJHQ5jJ+i/vw3vMywRwGO8dZUaq0cOY4c/+PyMYF
9ziPgANgp1Vbds5ddXXCBo5O9W+5VgVqSzmENkQX8E2R4niD01DonNXLI5W/cxRw
XcvpmLBoCCf8twOkjJAroEjHhISe8MLUYvOZ
-----END CERTIFICATE-----