Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
File:                     3137382e3230382e3138322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          52Ffe7ZHhZlRdldsBHRSHe2pa6OnFq2Psj/exb4CQnk=
Subject key identifier:   93:A6:BF:0A:07:0B:99:A0:E1:0B:95:E8:72:B8:12:27:3F:D4:EE:4F
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       0DE65F72BD2171AD4B7140315379DFAF0B979748
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
Signing time:             Tue 04 Nov 2025 00:08:46 +0000
ROA not before:           Tue 04 Nov 2025 00:03:46 +0000
ROA not after:            Tue 03 Nov 2026 00:08:46 +0000
asID:                     834
IP address blocks:        178.208.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:e6:5f:72:bd:21:71:ad:4b:71:40:31:53:79:df:af:0b:97:97:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Nov  4 00:03:46 2025 GMT
            Not After : Nov  3 00:08:46 2026 GMT
        Subject: CN=93A6BF0A070B99A0E10B95E872B812273FD4EE4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:45:a5:01:44:18:d5:e6:eb:89:51:ce:58:1c:
                    a3:d4:5f:48:c8:8a:3d:ef:a4:57:73:91:25:83:2e:
                    e7:3b:86:4f:83:f3:ff:60:f4:a3:ac:aa:5b:59:cb:
                    c4:20:98:dd:44:5b:cb:8f:91:dd:4b:aa:3c:0f:70:
                    73:5e:f9:45:42:9f:dc:c0:b7:db:8b:23:8d:98:7c:
                    41:6d:9d:12:86:78:ce:dd:e6:0d:ed:48:4c:dc:97:
                    3d:29:50:81:90:37:8b:70:b2:66:35:de:35:65:00:
                    29:4a:70:b8:d1:27:29:34:20:bc:39:af:16:eb:0d:
                    80:a3:b1:4a:16:74:74:68:b0:5c:25:59:a1:ca:a3:
                    64:c6:56:e5:f4:b8:f7:d2:08:1d:b0:f1:4c:11:11:
                    77:52:4a:86:68:22:50:ed:36:4a:18:af:75:73:e4:
                    db:2c:39:df:2c:36:3d:e0:46:5c:2b:c4:a2:c8:b9:
                    b1:a7:dd:b1:2a:5f:0c:7d:35:0f:5c:17:4b:19:7d:
                    98:2f:29:ee:09:05:fa:d1:e1:e3:a6:ad:16:15:b4:
                    55:cb:57:37:7a:22:8f:35:b7:4e:18:7c:8b:b3:13:
                    3c:3f:dd:88:c9:a9:88:b1:a0:a6:ad:1a:14:82:98:
                    fb:d8:1a:29:8f:c8:9f:d8:ad:d1:bb:d7:47:ac:77:
                    ac:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A6:BF:0A:07:0B:99:A0:E1:0B:95:E8:72:B8:12:27:3F:D4:EE:4F
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:67:0d:69:ea:b6:de:3e:71:54:69:1d:d3:f7:90:0e:7d:b4:
         09:ac:bb:a1:25:50:0d:e7:6d:df:e4:41:e4:d2:c3:08:0d:ab:
         56:9a:b5:95:1a:6b:b8:ec:5c:4e:98:3a:d3:36:f2:7e:e1:2b:
         42:9c:05:61:34:10:34:58:d3:72:a6:3d:a2:d2:9a:e6:40:8e:
         e8:b4:fb:ab:1b:dd:0e:2c:b5:6a:82:aa:95:08:db:4a:4c:6e:
         f7:a5:16:53:9d:43:46:c5:56:a3:1e:14:da:e9:ab:ee:4f:a0:
         45:7c:ae:51:5d:5e:de:d6:7e:6a:95:48:d9:1e:ef:cc:97:4f:
         37:39:fb:06:ec:23:3a:4c:ab:ac:66:d9:1b:3c:66:73:9e:61:
         43:2c:9a:c5:9c:65:b7:e4:bf:49:c1:6d:1e:39:43:3d:88:55:
         bb:d3:4e:e8:00:f3:59:c2:64:27:36:c7:d7:ac:43:e4:03:78:
         81:ec:60:48:ed:17:5d:82:14:3f:ed:30:9c:03:2a:60:41:79:
         99:d0:bf:e7:ae:54:2b:79:64:f3:43:a4:21:c7:6f:df:46:68:
         d0:c8:37:a2:55:af:bc:5c:cd:bb:84:b4:9e:6b:34:d6:70:1b:
         8c:68:af:4f:75:ad:15:3b:ba:e7:31:3e:50:ba:88:f3:1c:23:
         f9:ed:9a:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDeZfcr0hca1LcUAxU3nfrwuXl0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTExMDQwMDAzNDZaFw0yNjExMDMwMDA4NDZaMDMxMTAvBgNV
BAMTKDkzQTZCRjBBMDcwQjk5QTBFMTBCOTVFODcyQjgxMjI3M0ZENEVFNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpRaUBRBjV5uuJUc5YHKPUX0jI
ij3vpFdzkSWDLuc7hk+D8/9g9KOsqltZy8QgmN1EW8uPkd1LqjwPcHNe+UVCn9zA
t9uLI42YfEFtnRKGeM7d5g3tSEzclz0pUIGQN4twsmY13jVlAClKcLjRJyk0ILw5
rxbrDYCjsUoWdHRosFwlWaHKo2TGVuX0uPfSCB2w8UwREXdSSoZoIlDtNkoYr3Vz
5NssOd8sNj3gRlwrxKLIubGn3bEqXwx9NQ9cF0sZfZgvKe4JBfrR4eOmrRYVtFXL
Vzd6Io81t04YfIuzEzw/3YjJqYixoKatGhSCmPvYGimPyJ/YrdG710esd6y7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk6a/CgcLmaDhC5XocrgSJz/U7k8wHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzgzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbLQ
tjANBgkqhkiG9w0BAQsFAAOCAQEAIWcNaeq23j5xVGkd0/eQDn20Cay7oSVQDedt
3+RB5NLDCA2rVpq1lRpruOxcTpg60zbyfuErQpwFYTQQNFjTcqY9otKa5kCO6LT7
qxvdDiy1aoKqlQjbSkxu96UWU51DRsVWox4U2umr7k+gRXyuUV1e3tZ+apVI2R7v
zJdPNzn7BuwjOkyrrGbZGzxmc55hQyyaxZxlt+S/ScFtHjlDPYhVu9NO6ADzWcJk
JzbH16xD5AN4gexgSO0XXYIUP+0wnAMqYEF5mdC/565UK3lk80OkIcdv30Zo0Mg3
olWvvFzNu4S0nms01nAbjGivT3WtFTu65zE+ULqI8xwj+e2a/Q==
-----END CERTIFICATE-----