Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2039333034.roa
File:                     3138352e3235302e34312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          PFu1T78Q+AvI8dhQcVWr/K6IctDKZOs0/OYDyrqLd7I=
Subject key identifier:   C1:BE:DA:74:61:48:20:E6:2A:5E:98:2D:9B:BA:B6:E3:CE:2B:FA:B5
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       5CB81E9BD87C56FB357FD10DBA10EB2A203EACE3
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 17 Jun 2025 10:59:27 +0000
ROA not before:           Tue 17 Jun 2025 10:54:27 +0000
ROA not after:            Tue 16 Jun 2026 10:59:27 +0000
asID:                     9304
IP address blocks:        185.250.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:b8:1e:9b:d8:7c:56:fb:35:7f:d1:0d:ba:10:eb:2a:20:3e:ac:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Jun 17 10:54:27 2025 GMT
            Not After : Jun 16 10:59:27 2026 GMT
        Subject: CN=C1BEDA74614820E62A5E982D9BBAB6E3CE2BFAB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:58:41:69:01:20:74:d9:19:97:91:66:67:fb:
                    88:6e:81:a4:24:aa:cc:f3:93:72:a5:d9:55:89:e0:
                    d3:be:38:58:6e:30:74:ee:3c:36:e3:ea:18:86:a8:
                    2a:a9:d3:d6:fb:6d:d9:1a:29:27:c2:00:48:16:4e:
                    9c:df:b6:5a:58:67:f7:34:9a:1b:66:b1:84:a6:2b:
                    dc:b1:02:d8:bf:ca:ea:0b:e8:7b:d5:83:05:87:6c:
                    69:a3:bd:ce:32:f3:58:06:4c:e2:1e:05:90:de:36:
                    4c:c3:6d:f5:8f:06:da:a2:d4:9c:49:d2:05:23:2d:
                    a4:6d:25:a0:10:13:28:5f:42:6d:9c:15:7a:fe:d9:
                    56:6f:7c:5d:34:12:99:81:99:e4:5f:72:00:09:8a:
                    d4:cf:bc:08:91:d3:61:09:45:e8:2d:4a:76:f6:6d:
                    48:03:cb:54:7d:f7:89:2c:51:54:c6:df:c5:a7:f7:
                    32:bb:79:ef:44:f5:94:dc:5c:c8:4a:9f:e9:7d:30:
                    2a:c8:86:0f:82:d7:10:29:83:34:79:0b:81:d3:48:
                    6f:51:ea:dc:77:9d:85:dd:92:1c:7e:99:fa:5f:a2:
                    4b:32:c4:83:c0:a9:89:94:34:14:6e:3c:d0:49:99:
                    0a:d6:b1:09:99:70:9a:e6:9d:d4:c6:53:fa:6c:3d:
                    9a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BE:DA:74:61:48:20:E6:2A:5E:98:2D:9B:BA:B6:E3:CE:2B:FA:B5
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:bc:a2:69:65:63:7e:4a:e5:f3:f3:f4:6d:e4:6e:a4:dc:d0:
         27:54:7a:80:68:5f:6b:37:4f:86:74:97:5b:ca:d1:75:76:58:
         49:b8:57:f3:82:23:94:24:94:2e:02:e6:10:8a:68:92:29:cf:
         4b:b2:ac:44:f5:c0:a3:d6:b1:a4:e2:18:bf:fa:ab:b4:06:f8:
         20:e5:31:12:92:d0:60:da:86:39:1f:e2:9c:4c:a6:95:bc:ca:
         88:95:2b:6d:3f:58:67:13:9a:cf:95:11:ae:12:1d:ee:dd:5a:
         60:60:74:46:93:03:06:91:a2:b6:0d:9f:94:ea:f8:c2:05:7a:
         1b:d4:41:86:28:e3:14:65:c1:f2:06:a3:16:b4:04:70:ad:61:
         38:ce:73:88:fd:87:ac:73:bb:a7:e7:2a:0b:d3:9e:47:6d:6f:
         72:24:db:44:26:68:2f:71:3a:20:34:85:31:b6:51:6c:48:b7:
         3c:c5:ec:a2:b7:7d:1d:11:35:64:63:55:af:77:93:c8:bc:30:
         29:7b:cb:2b:72:11:61:73:8d:03:f7:b1:bb:66:31:3a:50:89:
         02:e6:d0:f7:27:75:7a:ea:df:74:13:37:52:85:82:dc:39:26:
         bb:ac:1f:69:60:04:07:44:dd:b4:f5:d0:b3:3e:f6:23:dd:98:
         4a:ef:a9:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXLgem9h8Vvs1f9ENuhDrKiA+rOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA2MTcxMDU0MjdaFw0yNjA2MTYxMDU5MjdaMDMxMTAvBgNV
BAMTKEMxQkVEQTc0NjE0ODIwRTYyQTVFOTgyRDlCQkFCNkUzQ0UyQkZBQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeWEFpASB02RmXkWZn+4hugaQk
qszzk3Kl2VWJ4NO+OFhuMHTuPDbj6hiGqCqp09b7bdkaKSfCAEgWTpzftlpYZ/c0
mhtmsYSmK9yxAti/yuoL6HvVgwWHbGmjvc4y81gGTOIeBZDeNkzDbfWPBtqi1JxJ
0gUjLaRtJaAQEyhfQm2cFXr+2VZvfF00EpmBmeRfcgAJitTPvAiR02EJRegtSnb2
bUgDy1R994ksUVTG38Wn9zK7ee9E9ZTcXMhKn+l9MCrIhg+C1xApgzR5C4HTSG9R
6tx3nYXdkhx+mfpfoksyxIPAqYmUNBRuPNBJmQrWsQmZcJrmndTGU/psPZpbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwb7adGFIIOYqXpgtm7q2484r+rUwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzEzODM1MmUzMjM1MzAyZTM0
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn6
KTANBgkqhkiG9w0BAQsFAAOCAQEALryiaWVjfkrl8/P0beRupNzQJ1R6gGhfazdP
hnSXW8rRdXZYSbhX84IjlCSULgLmEIpokinPS7KsRPXAo9axpOIYv/qrtAb4IOUx
EpLQYNqGOR/inEymlbzKiJUrbT9YZxOaz5URrhId7t1aYGB0RpMDBpGitg2flOr4
wgV6G9RBhijjFGXB8gajFrQEcK1hOM5ziP2HrHO7p+cqC9OeR21vciTbRCZoL3E6
IDSFMbZRbEi3PMXsord9HRE1ZGNVr3eTyLwwKXvLK3IRYXONA/exu2YxOlCJAubQ
9yd1eurfdBM3UoWC3Dkmu6wfaWAEB0TdtPXQsz72I92YSu+ppQ==
-----END CERTIFICATE-----