Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e2039333034.roa
File:                     3138352e3130302e3231342e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          mZq5G2P3zeb0ovREJdUC2xepeqZTrVtlpnNCNlW1j8s=
Subject key identifier:   4B:C9:85:31:49:79:F6:B7:FC:CB:6A:EF:2F:86:20:B0:0F:01:25:95
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       79BE5C4C51D41E0D1F0584454765E61827ADD832
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 04 Aug 2025 13:49:44 +0000
ROA not before:           Mon 04 Aug 2025 13:44:44 +0000
ROA not after:            Mon 03 Aug 2026 13:49:44 +0000
asID:                     9304
IP address blocks:        185.100.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 03:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:be:5c:4c:51:d4:1e:0d:1f:05:84:45:47:65:e6:18:27:ad:d8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Aug  4 13:44:44 2025 GMT
            Not After : Aug  3 13:49:44 2026 GMT
        Subject: CN=4BC985314979F6B7FCCB6AEF2F8620B00F012595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e2:0c:b4:b5:8e:13:3c:e4:54:84:27:12:08:
                    3a:cc:e3:33:ba:d6:1b:d0:d1:fc:71:74:0d:44:ef:
                    ed:c1:89:d7:bf:8d:c6:5e:61:39:9a:bd:d3:fd:27:
                    ea:a5:f3:ca:94:6e:4c:cd:c7:b8:ce:02:2a:9d:7a:
                    35:06:e4:87:e0:2c:4d:75:55:07:06:87:7e:cc:e9:
                    d0:df:52:3b:f2:34:d8:49:cc:2f:2e:a6:b8:07:d2:
                    5a:be:fb:27:23:4a:44:3e:ab:e7:3f:3e:ef:36:d1:
                    37:43:de:fd:8e:f8:f7:ad:23:9d:ae:31:29:47:e4:
                    db:40:3a:9d:18:8c:00:0e:44:e7:94:02:29:48:ff:
                    c0:83:03:7a:88:d5:31:7c:82:43:83:81:20:32:75:
                    29:5c:d7:ef:1f:4b:23:c4:0d:09:33:ce:45:7b:e0:
                    d0:74:e4:cf:70:d7:04:93:b5:64:21:de:10:f0:80:
                    0b:98:48:37:8b:2b:0f:09:68:c4:59:0b:93:15:d8:
                    73:b9:54:98:5a:e9:87:5c:d5:46:03:4f:13:63:66:
                    ae:94:1c:20:81:8d:20:a2:37:ba:1e:b7:95:98:d2:
                    76:3a:13:01:6b:94:5f:1a:f2:36:4e:35:8a:ac:40:
                    72:86:84:f1:79:4a:eb:b7:8b:be:32:4b:f2:a8:bb:
                    ff:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C9:85:31:49:79:F6:B7:FC:CB:6A:EF:2F:86:20:B0:0F:01:25:95
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231342e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:d6:34:3f:72:89:b0:79:fa:a0:4b:7f:83:47:26:e5:56:18:
         5c:5d:17:31:9d:00:83:0c:d2:05:2e:c9:d6:a8:35:38:a1:ea:
         62:41:7f:ad:7e:02:63:ed:50:4b:4d:c0:4e:ee:df:ac:ee:2a:
         73:b0:17:70:ff:a6:c7:7c:26:3e:8d:63:e3:57:e4:7c:a6:6c:
         1a:e3:c2:3b:1e:f1:76:04:4f:c1:d4:3b:83:8d:9c:d8:d2:75:
         97:50:60:37:51:dd:d9:d7:55:e9:46:82:f7:c3:14:0a:a7:9f:
         8f:e9:16:0f:60:e2:62:6d:6a:9f:03:05:8b:81:d5:d7:3f:61:
         56:78:41:41:61:85:6e:a1:05:6c:a0:43:cc:71:e3:d2:b4:07:
         f7:7b:46:60:a1:2f:15:b6:49:cd:81:e5:f2:1b:20:12:e7:eb:
         ef:8b:6c:9a:8b:c9:3f:6e:2d:fe:fe:c0:c7:85:88:28:48:f8:
         60:6e:cb:74:3f:67:aa:e1:07:9a:f9:ab:0e:55:79:d0:fb:ef:
         01:b6:36:70:39:7d:e9:08:9f:39:e9:da:52:45:a3:f9:5a:06:
         a8:f8:7e:43:4b:2e:3e:1c:7e:50:6e:5a:33:dd:cd:ac:eb:38:
         bd:ee:7c:70:7d:9c:be:05:8f:05:6c:2f:15:5b:04:59:d1:8a:
         c7:42:fe:ea
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUeb5cTFHUHg0fBYRFR2XmGCet2DIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA4MDQxMzQ0NDRaFw0yNjA4MDMxMzQ5NDRaMDMxMTAvBgNV
BAMTKDRCQzk4NTMxNDk3OUY2QjdGQ0NCNkFFRjJGODYyMEIwMEYwMTI1OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS4gy0tY4TPORUhCcSCDrM4zO6
1hvQ0fxxdA1E7+3Bide/jcZeYTmavdP9J+ql88qUbkzNx7jOAiqdejUG5IfgLE11
VQcGh37M6dDfUjvyNNhJzC8uprgH0lq++ycjSkQ+q+c/Pu820TdD3v2O+PetI52u
MSlH5NtAOp0YjAAOROeUAilI/8CDA3qI1TF8gkODgSAydSlc1+8fSyPEDQkzzkV7
4NB05M9w1wSTtWQh3hDwgAuYSDeLKw8JaMRZC5MV2HO5VJha6Ydc1UYDTxNjZq6U
HCCBjSCiN7oet5WY0nY6EwFrlF8a8jZONYqsQHKGhPF5Suu3i74yS/Kou//PAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUS8mFMUl59rf8y2rvL4YgsA8BJZUwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzMzMDM0LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
uWTWMA0GCSqGSIb3DQEBCwUAA4IBAQCM1jQ/comwefqgS3+DRyblVhhcXRcxnQCD
DNIFLsnWqDU4oepiQX+tfgJj7VBLTcBO7t+s7ipzsBdw/6bHfCY+jWPjV+R8pmwa
48I7HvF2BE/B1DuDjZzY0nWXUGA3Ud3Z11XpRoL3wxQKp5+P6RYPYOJibWqfAwWL
gdXXP2FWeEFBYYVuoQVsoEPMcePStAf3e0ZgoS8VtknNgeXyGyAS5+vvi2yai8k/
bi3+/sDHhYgoSPhgbst0P2eq4Qea+asOVXnQ++8BtjZwOX3pCJ856dpSRaP5Wgao
+H5DSy4+HH5Qbloz3c2s6zi97nxwfZy+BY8FbC8VWwRZ0YrHQv7q
-----END CERTIFICATE-----
Generated at Fri Aug 8 13:01:45 2025 by rpki-client