Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131352e302f32342d3234203d3e2034363337.roa
File:                     3138352e39312e3131352e302f32342d3234203d3e2034363337.roa (raw, json)
Hash identifier:          ck91ILJJRhGrU5dcx7s2t1suhnGyLbRTekoZlADPXPE=
Subject key identifier:   6C:81:18:6E:12:23:BA:C6:7E:C2:BB:D8:74:2F:13:E8:14:46:E3:AD
Certificate issuer:       /CN=1498141819112b8446c2d4a3111f53038f05dbe9
Certificate serial:       4553400E2F73809F6FD56EA4773042189D0B08C5
Authority key identifier: 14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131352e302f32342d3234203d3e2034363337.roa
Signing time:             Fri 01 Aug 2025 18:02:03 +0000
ROA not before:           Fri 01 Aug 2025 17:57:03 +0000
ROA not after:            Fri 31 Jul 2026 18:02:03 +0000
asID:                     4637
IP address blocks:        185.91.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 21:47:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:53:40:0e:2f:73:80:9f:6f:d5:6e:a4:77:30:42:18:9d:0b:08:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1498141819112b8446c2d4a3111f53038f05dbe9
        Validity
            Not Before: Aug  1 17:57:03 2025 GMT
            Not After : Jul 31 18:02:03 2026 GMT
        Subject: CN=6C81186E1223BAC67EC2BBD8742F13E81446E3AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4e:ba:25:af:7d:cb:4f:01:e3:ec:81:c8:94:
                    de:5b:1a:ce:08:b7:6c:34:d1:0b:02:be:8a:cb:a3:
                    ea:58:f4:53:c0:73:5a:4b:e3:67:7d:01:90:ee:57:
                    25:f1:36:81:09:1d:b7:47:ee:29:93:ac:fc:b3:28:
                    20:20:87:5b:a8:52:33:21:20:25:0d:40:c2:e7:11:
                    54:cf:26:bf:8b:23:f4:a5:41:97:8d:0a:31:82:39:
                    c6:61:81:36:59:44:0e:09:4a:41:27:1d:0e:15:ee:
                    f5:44:73:f4:87:53:27:ec:d5:13:7c:a3:9d:1a:c2:
                    a3:c1:f7:49:d0:6f:bc:90:0e:90:fa:a9:bb:fb:d5:
                    e1:d6:34:ef:82:d7:9a:0e:f8:fc:39:14:74:29:3b:
                    69:4c:82:d5:ad:40:f2:ed:19:4a:3f:ed:17:e4:e2:
                    ab:6e:d0:f8:5a:7e:9b:7e:0b:2b:43:cf:49:69:a3:
                    55:e1:db:1c:63:a4:dc:30:d2:3c:73:d4:d3:4a:08:
                    b7:4b:3d:df:a6:22:00:be:aa:48:22:eb:fe:f8:a8:
                    2c:fc:71:58:b0:e2:aa:b2:bd:1b:77:c8:bf:2a:1f:
                    63:9e:b6:aa:68:b6:ae:40:f8:0e:2b:19:81:b5:87:
                    da:35:d4:a5:63:65:ff:7e:51:a6:92:be:48:77:98:
                    d8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:81:18:6E:12:23:BA:C6:7E:C2:BB:D8:74:2F:13:E8:14:46:E3:AD
            X509v3 Authority Key Identifier:
                keyid:14:98:14:18:19:11:2B:84:46:C2:D4:A3:11:1F:53:03:8F:05:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/1498141819112B8446C2D4A3111F53038F05DBE9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJgUGBkRK4RGwtSjER9TA48F2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/29066f5d-ecc1-4927-95c1-e1a8df8f9897/0/3138352e39312e3131352e302f32342d3234203d3e2034363337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b3:f7:9e:ae:f2:83:50:73:dd:6c:15:a7:d6:b6:6f:04:23:
         1e:bd:56:c0:1d:2f:2c:b3:ff:41:a2:2c:b4:d9:fa:dd:e7:6a:
         72:6d:82:19:5e:cc:30:ae:e3:5f:9b:1e:72:5e:ee:bf:11:e3:
         43:1d:48:88:9d:33:5d:a8:60:7c:66:3d:09:52:74:34:97:a8:
         29:b4:2d:2c:bd:47:7a:10:be:c0:0a:65:78:28:36:6b:a7:e7:
         11:b6:c2:42:0a:27:c0:5d:09:2d:8d:2d:33:32:c4:be:fd:41:
         7f:4f:84:b2:3b:c3:31:b0:ca:75:4a:d5:a9:e1:ff:fd:8f:f3:
         63:bc:2e:fe:f1:44:00:1d:dc:cd:36:4e:84:aa:54:9c:3e:e4:
         c8:6f:02:90:70:e2:ea:e7:6e:d7:b8:55:07:26:1c:89:89:6d:
         70:75:e1:a1:00:6b:9e:69:80:53:87:a9:8d:c5:ff:36:4c:82:
         b3:2f:76:a1:b0:da:bf:38:db:d4:99:49:9e:47:87:1b:6d:a4:
         c9:16:b3:cd:fb:e9:bf:3b:e7:81:5c:d1:81:29:4f:f0:31:4c:
         1a:c1:28:8d:5a:90:60:d6:3f:71:fc:5c:85:dd:11:42:de:ce:
         c0:b2:ee:96:50:26:47:ec:28:2b:9b:3a:ab:0a:e0:d5:48:63:
         f4:5b:c1:20
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURVNADi9zgJ9v1W6kdzBCGJ0LCMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTQ5ODE0MTgxOTExMmI4NDQ2YzJkNGEzMTExZjUzMDM4
ZjA1ZGJlOTAeFw0yNTA4MDExNzU3MDNaFw0yNjA3MzExODAyMDNaMDMxMTAvBgNV
BAMTKDZDODExODZFMTIyM0JBQzY3RUMyQkJEODc0MkYxM0U4MTQ0NkUzQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwTrolr33LTwHj7IHIlN5bGs4I
t2w00QsCvorLo+pY9FPAc1pL42d9AZDuVyXxNoEJHbdH7imTrPyzKCAgh1uoUjMh
ICUNQMLnEVTPJr+LI/SlQZeNCjGCOcZhgTZZRA4JSkEnHQ4V7vVEc/SHUyfs1RN8
o50awqPB90nQb7yQDpD6qbv71eHWNO+C15oO+Pw5FHQpO2lMgtWtQPLtGUo/7Rfk
4qtu0Phafpt+CytDz0lpo1Xh2xxjpNww0jxz1NNKCLdLPd+mIgC+qkgi6/74qCz8
cViw4qqyvRt3yL8qH2Oetqpotq5A+A4rGYG1h9o11KVjZf9+UaaSvkh3mNhbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbIEYbhIjusZ+wrvYdC8T6BRG460wHwYDVR0j
BBgwFoAUFJgUGBkRK4RGwtSjER9TA48F2+kwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQtZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5
ODk3LzAvMTQ5ODE0MTgxOTExMkI4NDQ2QzJENEEzMTExRjUzMDM4RjA1REJFOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ZKZ1VHQmtSSzRSR3d0U2pFUjlUQTQ4
RjItay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjkwNjZmNWQt
ZWNjMS00OTI3LTk1YzEtZTFhOGRmOGY5ODk3LzAvMzEzODM1MmUzOTMxMmUzMTMx
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM2MzMzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlb
czANBgkqhkiG9w0BAQsFAAOCAQEAO7P3nq7yg1Bz3WwVp9a2bwQjHr1WwB0vLLP/
QaIstNn63edqcm2CGV7MMK7jX5secl7uvxHjQx1IiJ0zXahgfGY9CVJ0NJeoKbQt
LL1HehC+wApleCg2a6fnEbbCQgonwF0JLY0tMzLEvv1Bf0+EsjvDMbDKdUrVqeH/
/Y/zY7wu/vFEAB3czTZOhKpUnD7kyG8CkHDi6udu17hVByYciYltcHXhoQBrnmmA
U4epjcX/NkyCsy92obDavzjb1JlJnkeHG22kyRazzfvpvzvngVzRgSlP8DFMGsEo
jVqQYNY/cfxchd0RQt7OwLLullAmR+woK5s6qwrg1Uhj9FvBIA==
-----END CERTIFICATE-----