Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa
File:                     3138352e3130302e3231352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +5epFxzeMvnEFP2CZmh84Hv3YeovVaiPhqXKp4CExZY=
Subject key identifier:   BD:5F:09:E6:2F:63:A8:56:82:23:9C:E2:0A:19:92:14:63:E7:A9:26
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       32C8DDC7B4CDDCB20C97ADE8F6D567B5CC32687F
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 05 Aug 2025 00:01:00 +0000
ROA not before:           Mon 04 Aug 2025 23:56:00 +0000
ROA not after:            Tue 04 Aug 2026 00:01:00 +0000
asID:                     834
IP address blocks:        185.100.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:c8:dd:c7:b4:cd:dc:b2:0c:97:ad:e8:f6:d5:67:b5:cc:32:68:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Aug  4 23:56:00 2025 GMT
            Not After : Aug  4 00:01:00 2026 GMT
        Subject: CN=BD5F09E62F63A85682239CE20A19921463E7A926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fe:a8:58:3e:e2:03:9c:98:b7:a4:a1:a8:dd:
                    9d:df:95:47:99:dc:70:f4:8e:13:ee:19:f9:7b:e4:
                    c1:ac:c7:b3:e3:22:65:60:d9:a4:29:40:d0:0c:ee:
                    b6:8c:97:9d:b2:93:8c:97:eb:ca:15:a9:44:1e:a1:
                    9e:18:80:d3:97:d8:07:b2:3f:0b:64:ab:a6:bb:a2:
                    17:22:b7:64:fa:0e:d6:25:b9:94:bb:dc:e8:05:96:
                    54:56:c9:40:7b:3a:d6:a1:1a:e9:ca:38:f3:79:4b:
                    e2:f9:e0:d3:79:ef:cb:ab:6c:ae:55:7d:04:69:35:
                    f7:bf:2d:f0:64:71:16:e0:ee:c7:f5:b6:f2:7f:3f:
                    e2:c4:9e:a7:00:4c:5d:50:8a:7a:ba:66:bb:4e:0a:
                    ad:54:2f:ce:17:34:5d:0e:f9:6e:d4:4e:0c:3e:7c:
                    b5:37:04:0f:d0:10:5d:c2:eb:3c:a4:67:c5:0d:1e:
                    ce:ef:ea:8b:0e:89:a2:f7:c8:11:21:ca:69:33:08:
                    88:51:75:9a:e0:66:50:32:22:1a:d6:b0:51:9b:2a:
                    e9:fe:19:95:3d:3d:bb:52:5b:65:3f:f7:3e:32:b2:
                    f4:5e:68:68:ec:5b:53:1e:a9:a7:1f:a5:63:62:b9:
                    59:b3:9e:18:d6:1d:6e:5c:2a:66:ad:76:4c:73:27:
                    0a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5F:09:E6:2F:63:A8:56:82:23:9C:E2:0A:19:92:14:63:E7:A9:26
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:5c:6e:2b:07:ea:00:2a:96:5a:d2:da:af:fa:13:ac:03:10:
         00:21:9c:b6:58:e4:a7:e8:05:aa:8c:08:22:3a:1b:1d:6a:fa:
         1a:2a:eb:9d:9b:53:d0:94:06:dd:1d:d0:84:f1:f0:ae:87:37:
         a1:78:02:ee:96:71:e7:b6:e5:0f:95:b3:84:4c:7d:af:4b:a6:
         01:d2:fb:57:3d:bb:c9:a9:5d:94:ae:ab:f1:1c:36:48:5d:a0:
         af:f4:2a:75:cb:22:2c:ab:87:cd:6d:66:ff:3e:48:14:0e:93:
         ca:85:2c:f1:36:08:7b:a3:aa:a7:ae:aa:9d:b1:6f:69:c1:42:
         b9:5f:4c:51:80:dc:1d:52:fd:ef:f3:73:f1:bb:0c:57:61:6b:
         3e:48:86:0d:92:ec:fa:76:bd:73:17:63:47:d1:48:75:fc:6a:
         4c:66:52:dc:84:d2:9d:44:ba:64:70:17:fa:4c:80:5f:a1:c3:
         52:9f:e6:64:38:6e:8f:9b:f6:df:d5:90:32:0c:2e:d3:41:da:
         01:1a:95:87:2a:a7:ff:21:b3:6b:53:9c:c3:fb:be:5e:ce:2f:
         1c:43:ee:5c:35:76:f1:33:ed:3a:b4:71:22:cb:75:c5:e6:a4:
         95:24:8a:fd:7a:dd:95:e3:45:34:ee:d7:20:50:82:cb:24:d9:
         0a:e3:cb:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMsjdx7TN3LIMl63o9tVntcwyaH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA4MDQyMzU2MDBaFw0yNjA4MDQwMDAxMDBaMDMxMTAvBgNV
BAMTKEJENUYwOUU2MkY2M0E4NTY4MjIzOUNFMjBBMTk5MjE0NjNFN0E5MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ/qhYPuIDnJi3pKGo3Z3flUeZ
3HD0jhPuGfl75MGsx7PjImVg2aQpQNAM7raMl52yk4yX68oVqUQeoZ4YgNOX2Aey
Pwtkq6a7ohcit2T6DtYluZS73OgFllRWyUB7OtahGunKOPN5S+L54NN578urbK5V
fQRpNfe/LfBkcRbg7sf1tvJ/P+LEnqcATF1Qinq6ZrtOCq1UL84XNF0O+W7UTgw+
fLU3BA/QEF3C6zykZ8UNHs7v6osOiaL3yBEhymkzCIhRdZrgZlAyIhrWsFGbKun+
GZU9PbtSW2U/9z4ysvReaGjsW1MeqacfpWNiuVmznhjWHW5cKmatdkxzJwpvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvV8J5i9jqFaCI5ziChmSFGPnqSYwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlk
1zANBgkqhkiG9w0BAQsFAAOCAQEAS1xuKwfqACqWWtLar/oTrAMQACGctljkp+gF
qowIIjobHWr6GirrnZtT0JQG3R3QhPHwroc3oXgC7pZx57blD5WzhEx9r0umAdL7
Vz27yaldlK6r8Rw2SF2gr/QqdcsiLKuHzW1m/z5IFA6TyoUs8TYIe6Oqp66qnbFv
acFCuV9MUYDcHVL97/Nz8bsMV2FrPkiGDZLs+na9cxdjR9FIdfxqTGZS3ITSnUS6
ZHAX+kyAX6HDUp/mZDhuj5v239WQMgwu00HaARqVhyqn/yGza1Ocw/u+Xs4vHEPu
XDV28TPtOrRxIst1xeaklSSK/XrdleNFNO7XIFCCyyTZCuPLCg==
-----END CERTIFICATE-----