Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa
File:                     3138352e3130302e3231352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dX3tdThmMRhFXFSRzsoWBpOHr/KOXwUO6NsI1zVYyZ0=
Subject key identifier:   58:5B:D3:D0:68:AA:36:9E:48:D5:96:EA:9D:6F:96:E2:DC:83:13:23
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       0D49547B84EEE3396F5F8D4EBF1E54400C389D16
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 18 Mar 2025 08:54:03 +0000
ROA not before:           Tue 18 Mar 2025 08:49:03 +0000
ROA not after:            Tue 17 Mar 2026 08:54:03 +0000
asID:                     834
IP address blocks:        185.100.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Apr 2025 22:17:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:49:54:7b:84:ee:e3:39:6f:5f:8d:4e:bf:1e:54:40:0c:38:9d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Mar 18 08:49:03 2025 GMT
            Not After : Mar 17 08:54:03 2026 GMT
        Subject: CN=585BD3D068AA369E48D596EA9D6F96E2DC831323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fe:34:4b:01:29:5c:a7:f8:44:c4:d3:89:54:
                    38:34:11:79:e8:16:01:e0:40:97:65:ef:9e:8e:fb:
                    25:71:b8:a8:d4:4f:c4:96:70:84:4d:47:b9:d7:f9:
                    5c:23:5b:3e:bd:a3:7c:32:5e:40:c7:61:5e:4a:2e:
                    69:26:b8:c0:b8:d7:ea:11:98:3a:6e:7f:e1:ff:7a:
                    4a:4c:2f:34:a0:67:bb:0f:e3:dd:13:41:c9:3a:b3:
                    82:94:bd:46:82:e3:aa:19:ca:7f:0d:be:89:2e:9d:
                    cc:2f:39:80:97:eb:b9:f5:aa:42:0f:94:40:58:c0:
                    9e:a3:dc:0f:00:44:71:fa:fc:df:07:14:04:88:23:
                    5e:bf:42:9d:81:18:3b:d9:d1:42:5c:ba:a8:b3:e0:
                    86:37:09:9d:b9:f8:aa:22:fc:3f:15:12:4a:06:98:
                    ad:b2:a1:d6:c7:c9:c1:76:58:e9:c8:62:46:68:ce:
                    07:b1:8e:14:e8:7f:20:86:47:c7:8f:07:3d:31:74:
                    b3:ba:ab:c1:02:d9:68:40:2e:87:28:a5:ed:d1:bf:
                    ab:25:6d:df:fa:28:d6:75:f5:39:f7:44:e7:21:6b:
                    4c:d5:fc:f2:b7:d3:3c:f8:d9:39:c4:db:45:c8:ca:
                    7c:7c:10:fa:44:b6:e8:77:7f:2a:c2:3b:01:2a:67:
                    3e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:5B:D3:D0:68:AA:36:9E:48:D5:96:EA:9D:6F:96:E2:DC:83:13:23
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3130302e3231352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a1:10:fd:fc:9d:14:ee:6d:71:89:c3:3f:bd:05:c2:8e:b5:
         8a:6a:70:1c:bd:fd:2d:00:4a:bf:a4:d9:e0:38:b9:76:d0:60:
         ff:c4:16:db:b3:0b:e4:f2:e7:cc:a3:d5:c6:93:2a:24:41:df:
         16:3b:cb:b0:59:b7:ea:2e:9e:4a:54:8d:b2:ff:26:84:5f:a1:
         c1:45:4e:81:16:d8:5a:1d:fa:6b:96:58:0d:f2:5b:7a:3a:09:
         4b:9d:b1:c1:6b:9d:33:c3:08:ba:ce:40:90:77:f1:fc:be:6e:
         d5:99:29:e5:48:dc:3a:86:47:93:2c:0a:31:be:bb:3a:48:09:
         09:2c:63:4d:cd:5d:7e:cd:54:ac:20:16:1f:bc:8d:fd:e4:a6:
         6b:98:a5:b7:94:aa:f0:2c:e1:c2:02:8f:b8:0f:c2:da:6d:31:
         b3:5d:ba:d0:c8:05:a9:8b:04:f6:29:16:fe:eb:27:a5:0c:87:
         6c:66:4a:28:42:05:26:e8:53:f0:23:2a:75:e2:75:b9:2c:39:
         c2:10:28:ea:08:50:90:42:cb:12:84:37:e1:c4:cb:b7:7c:65:
         60:56:9e:f8:29:b6:c4:fa:e0:a1:2c:72:a0:c8:4e:a3:ca:3b:
         b8:05:72:b9:41:97:69:d9:74:11:a0:50:b3:20:61:e8:3d:4d:
         e9:3f:2f:01
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDUlUe4Tu4zlvX41Ovx5UQAw4nRYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAzMTgwODQ5MDNaFw0yNjAzMTcwODU0MDNaMDMxMTAvBgNV
BAMTKDU4NUJEM0QwNjhBQTM2OUU0OEQ1OTZFQTlENkY5NkUyREM4MzEzMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk/jRLASlcp/hExNOJVDg0EXno
FgHgQJdl756O+yVxuKjUT8SWcIRNR7nX+VwjWz69o3wyXkDHYV5KLmkmuMC41+oR
mDpuf+H/ekpMLzSgZ7sP490TQck6s4KUvUaC46oZyn8NvokuncwvOYCX67n1qkIP
lEBYwJ6j3A8ARHH6/N8HFASII16/Qp2BGDvZ0UJcuqiz4IY3CZ25+Koi/D8VEkoG
mK2yodbHycF2WOnIYkZozgexjhTofyCGR8ePBz0xdLO6q8EC2WhALocope3Rv6sl
bd/6KNZ19Tn3ROcha0zV/PK30zz42TnE20XIynx8EPpEtuh3fyrCOwEqZz49AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWFvT0GiqNp5I1ZbqnW+W4tyDEyMwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlk
1zANBgkqhkiG9w0BAQsFAAOCAQEAYqEQ/fydFO5tcYnDP70Fwo61impwHL39LQBK
v6TZ4Di5dtBg/8QW27ML5PLnzKPVxpMqJEHfFjvLsFm36i6eSlSNsv8mhF+hwUVO
gRbYWh36a5ZYDfJbejoJS52xwWudM8MIus5AkHfx/L5u1Zkp5UjcOoZHkywKMb67
OkgJCSxjTc1dfs1UrCAWH7yN/eSma5ilt5Sq8CzhwgKPuA/C2m0xs1260MgFqYsE
9ikW/usnpQyHbGZKKEIFJuhT8CMqdeJ1uSw5whAo6ghQkELLEoQ34cTLt3xlYFae
+Cm2xPrgoSxyoMhOo8o7uAVyuUGXadl0EaBQsyBh6D1N6T8vAQ==
-----END CERTIFICATE-----