Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131322e302f32342d3234203d3e20383334.roa
File:                     3138352e39312e3131322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          nCT/SQY58cfSozsTA679WyJHcn2kiXLwasv4kzYoDOc=
Subject key identifier:   70:C7:5F:54:DA:50:4A:5B:06:82:94:E0:DC:E0:26:8F:DC:73:38:77
Certificate issuer:       /CN=1498141819112b8446c2d4a3111f53038f05dbe9
Certificate serial:       3CF5D65A3A114BF5908A8F0D742F1EDBC8737C39
Authority key identifier: 14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131322e302f32342d3234203d3e20383334.roa
Signing time:             Sun 27 Jul 2025 00:01:14 +0000
ROA not before:           Sat 26 Jul 2025 23:56:14 +0000
ROA not after:            Sun 26 Jul 2026 00:01:14 +0000
asID:                     834
IP address blocks:        185.91.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f5:d6:5a:3a:11:4b:f5:90:8a:8f:0d:74:2f:1e:db:c8:73:7c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1498141819112b8446c2d4a3111f53038f05dbe9
        Validity
            Not Before: Jul 26 23:56:14 2025 GMT
            Not After : Jul 26 00:01:14 2026 GMT
        Subject: CN=70C75F54DA504A5B068294E0DCE0268FDC733877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4d:dd:88:24:34:50:01:94:db:fa:94:8f:9d:
                    97:42:e9:72:c9:ba:45:3c:fe:63:51:d3:7b:90:45:
                    d4:85:b5:80:63:e0:d6:cf:ad:4d:01:e7:4f:c7:a7:
                    25:bb:20:d9:6b:87:00:85:be:3d:88:f5:ce:4d:1a:
                    27:8d:d4:b9:37:8d:6e:82:b7:e3:68:e1:d5:52:3d:
                    96:47:27:d5:65:fa:ac:a5:23:65:82:5d:49:5b:bb:
                    9a:78:82:7a:10:5f:70:77:86:98:fd:45:9a:52:04:
                    9d:f0:58:e8:8b:c6:8c:32:5f:d8:72:37:81:99:58:
                    c4:0e:b0:51:96:48:1a:e5:59:d5:f7:6a:9e:3e:cc:
                    99:67:99:a8:90:b5:66:3b:3b:97:52:2f:66:52:49:
                    83:36:8f:f8:f3:68:69:1d:11:7a:8a:f9:58:19:bc:
                    2a:54:fb:94:dc:b7:59:22:f4:c6:84:46:52:37:2c:
                    9c:e5:ab:58:ec:a8:04:f0:e3:cf:41:ff:19:d8:9f:
                    6c:41:fa:e6:91:a2:04:59:1b:da:ec:7f:6d:2c:36:
                    88:c6:44:ce:f9:29:af:3d:db:c1:a8:72:5b:29:22:
                    60:69:e1:07:54:3f:fe:5c:24:07:03:9a:0a:00:7b:
                    e1:98:f5:95:1a:e6:a2:3a:45:2e:68:c3:3f:aa:64:
                    1c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C7:5F:54:DA:50:4A:5B:06:82:94:E0:DC:E0:26:8F:DC:73:38:77
            X509v3 Authority Key Identifier:
                keyid:14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:fd:c6:8b:2e:17:f3:a9:c8:2f:84:26:fd:a8:3f:ae:65:f8:
         ee:38:cc:ea:94:3a:af:9d:fb:cd:40:dc:bd:5a:be:22:97:04:
         77:b2:cd:ab:c2:71:a1:21:7a:78:34:73:bf:2c:d3:3b:20:8a:
         bc:88:3b:ec:fc:da:ea:9b:96:3d:9d:a7:ca:b8:1f:98:90:a9:
         83:8d:79:a7:09:da:d3:34:c1:a8:6d:79:93:e6:36:21:0f:45:
         bf:26:73:67:63:14:19:29:79:30:e0:2d:e9:2a:d4:25:bb:ef:
         d6:37:7c:22:4c:b3:28:9f:22:d2:b8:c6:26:a9:81:9e:ba:6d:
         45:ef:37:3c:8a:68:a6:d8:6a:a9:16:53:dc:b8:44:bf:41:99:
         02:db:8d:c2:61:71:58:dd:59:25:53:ef:c9:1e:5e:be:8a:f8:
         47:a1:8a:8d:2d:c4:d2:7e:32:37:52:47:1d:c4:52:40:66:39:
         30:52:ed:0d:2f:17:92:c4:17:79:4c:b4:a2:8d:eb:26:9f:4f:
         5f:e9:16:aa:3e:02:cb:f3:60:1c:81:ad:b8:fd:17:93:1b:98:
         b1:6a:b8:83:50:70:b5:51:bd:3a:a4:c6:32:f2:d8:5f:02:0b:
         f3:2b:15:20:9d:31:16:6c:ee:30:70:1f:a0:2a:b0:ba:a6:76:
         55:09:24:40
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPPXWWjoRS/WQio8NdC8e28hzfDkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTQ5ODE0MTgxOTExMmI4NDQ2YzJkNGEzMTExZjUzMDM4
ZjA1ZGJlOTAeFw0yNTA3MjYyMzU2MTRaFw0yNjA3MjYwMDAxMTRaMDMxMTAvBgNV
BAMTKDcwQzc1RjU0REE1MDRBNUIwNjgyOTRFMERDRTAyNjhGREM3MzM4NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYTd2IJDRQAZTb+pSPnZdC6XLJ
ukU8/mNR03uQRdSFtYBj4NbPrU0B50/HpyW7INlrhwCFvj2I9c5NGieN1Lk3jW6C
t+No4dVSPZZHJ9Vl+qylI2WCXUlbu5p4gnoQX3B3hpj9RZpSBJ3wWOiLxowyX9hy
N4GZWMQOsFGWSBrlWdX3ap4+zJlnmaiQtWY7O5dSL2ZSSYM2j/jzaGkdEXqK+VgZ
vCpU+5Tct1ki9MaERlI3LJzlq1jsqATw489B/xnYn2xB+uaRogRZG9rsf20sNojG
RM75Ka8928GoclspImBp4QdUP/5cJAcDmgoAe+GY9ZUa5qI6RS5owz+qZBzzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUcMdfVNpQSlsGgpTg3OAmj9xzOHcwHwYDVR0j
BBgwFoAUFJgUGBkRK4RGwtSjER9TA48F2+kwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQtZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5
ODk3LzAvMTQ5ODE0MTgxOTExMkI4NDQ2QzJENEEzMTExRjUzMDM4RjA1REJFOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ZKZ1VHQmtSSzRSR3d0U2pFUjlUQTQ4
RjItay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQt
ZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5ODk3LzAvMzEzODM1MmUzOTMxMmUzMTMx
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5W3Aw
DQYJKoZIhvcNAQELBQADggEBAGD9xosuF/OpyC+EJv2oP65l+O44zOqUOq+d+81A
3L1aviKXBHeyzavCcaEheng0c78s0zsgiryIO+z82uqblj2dp8q4H5iQqYONeacJ
2tM0wahteZPmNiEPRb8mc2djFBkpeTDgLekq1CW779Y3fCJMsyifItK4xiapgZ66
bUXvNzyKaKbYaqkWU9y4RL9BmQLbjcJhcVjdWSVT78keXr6K+Eehio0txNJ+MjdS
Rx3EUkBmOTBS7Q0vF5LEF3lMtKKN6yafT1/pFqo+AsvzYByBrbj9F5MbmLFquINQ
cLVRvTqkxjLy2F8CC/MrFSCdMRZs7jBwH6AqsLqmdlUJJEA=
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:03:38 2025 by rpki-client