Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e2039333034.roa
File:                     3138352e35382e3135372e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          ecPrVI69N/vnSd3FE9LMlI9j3yoUAyDEH+/p4MpTJaY=
Subject key identifier:   8E:8D:2E:FB:92:A0:4E:71:D9:18:7E:69:7C:F8:C1:F9:5A:7B:E0:DE
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       2EEA5B6CC81B261F37D8F538A1A7D463D27783D8
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e2039333034.roa
Signing time:             Sat 07 Jun 2025 18:14:53 +0000
ROA not before:           Sat 07 Jun 2025 18:09:53 +0000
ROA not after:            Sat 06 Jun 2026 18:14:53 +0000
asID:                     9304
IP address blocks:        185.58.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ea:5b:6c:c8:1b:26:1f:37:d8:f5:38:a1:a7:d4:63:d2:77:83:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jun  7 18:09:53 2025 GMT
            Not After : Jun  6 18:14:53 2026 GMT
        Subject: CN=8E8D2EFB92A04E71D9187E697CF8C1F95A7BE0DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ca:2e:6f:63:1c:38:d0:85:cc:4b:79:8e:e3:
                    1a:86:51:1e:6f:20:5e:1a:7f:0d:48:fe:00:4c:40:
                    0e:29:64:7e:f7:49:49:5a:61:d0:95:4e:dc:b3:a4:
                    58:87:16:da:af:22:58:1e:83:c0:66:c9:51:19:c1:
                    1c:7a:68:e3:32:88:69:16:b7:eb:b6:d4:f6:d7:e8:
                    8b:07:0e:26:51:5c:43:b4:74:fd:00:e3:1c:f7:54:
                    6a:79:ab:ea:9e:1a:24:b0:96:60:79:a6:64:13:97:
                    18:bd:c5:1c:e4:48:c2:eb:70:5d:8d:b1:43:4d:cd:
                    e4:9a:b3:8b:5b:b3:4a:9b:90:d7:25:71:08:0f:60:
                    94:f7:e3:62:20:da:5d:e7:90:03:27:71:4d:25:58:
                    47:31:7d:fb:8b:61:6f:fe:a2:f4:73:be:75:b9:e0:
                    a3:52:00:76:d3:35:52:ae:b8:c4:b5:f0:ae:b6:5c:
                    5d:59:20:20:9b:b2:ee:ef:fe:7d:e7:3a:59:53:88:
                    8f:c4:d4:a9:ae:a5:07:28:ca:18:ab:d3:97:45:36:
                    68:aa:c1:a8:50:0e:2c:d9:a7:50:c4:d8:b6:d4:55:
                    72:2f:5f:69:c6:5a:07:6a:cf:20:0d:a0:31:d4:f5:
                    b7:ec:82:3c:13:96:15:92:18:52:4b:d7:9e:a7:3e:
                    d1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:8D:2E:FB:92:A0:4E:71:D9:18:7E:69:7C:F8:C1:F9:5A:7B:E0:DE
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/3138352e35382e3135372e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:cd:d3:e1:c4:4f:03:53:b3:fe:0d:eb:f4:1b:a6:e0:fe:c9:
         c1:b1:fc:53:4e:22:82:80:1c:53:c2:22:ba:1b:e2:57:f4:0f:
         42:c8:71:73:a6:ce:94:92:0f:ad:56:90:07:f1:f6:d5:c9:78:
         97:4f:32:9b:cf:3e:04:6b:02:53:86:f6:0a:d6:17:89:eb:1c:
         80:4b:35:2c:d4:c5:42:b0:b5:c0:84:94:cf:04:e1:90:94:fc:
         ec:26:3f:db:36:4d:be:3a:75:05:e3:e7:13:60:5c:9e:94:bf:
         df:b1:1f:7a:bd:83:83:cb:98:8b:88:cc:65:a1:5c:23:a6:03:
         d8:42:65:78:30:73:09:20:96:f1:a3:6e:aa:30:33:08:92:8c:
         04:36:bb:f4:9e:5d:cd:ea:a0:f0:a0:83:61:20:ac:38:a5:d3:
         c0:7f:00:af:9d:f7:e2:fb:b7:16:3e:cc:48:2b:bd:07:27:02:
         87:0a:ae:b1:38:c5:46:33:57:b0:d4:f5:8e:b1:00:0c:02:d0:
         70:3f:89:46:04:97:76:89:9c:35:9c:14:c3:13:6d:d1:bb:eb:
         35:b2:94:45:b3:18:bf:72:2e:de:3e:d3:15:47:4f:4c:b7:f4:
         70:58:43:34:fc:2f:e1:14:74:44:6d:d0:fe:73:7a:62:2f:8f:
         cd:93:6d:14
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULupbbMgbJh832PU4oafUY9J3g9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTA2MDcxODA5NTNaFw0yNjA2MDYxODE0NTNaMDMxMTAvBgNV
BAMTKDhFOEQyRUZCOTJBMDRFNzFEOTE4N0U2OTdDRjhDMUY5NUE3QkUwREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxyi5vYxw40IXMS3mO4xqGUR5v
IF4afw1I/gBMQA4pZH73SUlaYdCVTtyzpFiHFtqvIlgeg8BmyVEZwRx6aOMyiGkW
t+u21PbX6IsHDiZRXEO0dP0A4xz3VGp5q+qeGiSwlmB5pmQTlxi9xRzkSMLrcF2N
sUNNzeSas4tbs0qbkNclcQgPYJT342Ig2l3nkAMncU0lWEcxffuLYW/+ovRzvnW5
4KNSAHbTNVKuuMS18K62XF1ZICCbsu7v/n3nOllTiI/E1KmupQcoyhir05dFNmiq
wahQDizZp1DE2LbUVXIvX2nGWgdqzyANoDHU9bfsgjwTlhWSGFJL156nPtE1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjo0u+5KgTnHZGH5pfPjB+Vp74N4wHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzEzODM1MmUzNTM4MmUzMTM1
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALk6
nTANBgkqhkiG9w0BAQsFAAOCAQEApc3T4cRPA1Oz/g3r9Bum4P7JwbH8U04igoAc
U8IiuhviV/QPQshxc6bOlJIPrVaQB/H21cl4l08ym88+BGsCU4b2CtYXiescgEs1
LNTFQrC1wISUzwThkJT87CY/2zZNvjp1BePnE2BcnpS/37Efer2Dg8uYi4jMZaFc
I6YD2EJleDBzCSCW8aNuqjAzCJKMBDa79J5dzeqg8KCDYSCsOKXTwH8Ar5334vu3
Fj7MSCu9BycChwqusTjFRjNXsNT1jrEADALQcD+JRgSXdomcNZwUwxNt0bvrNbKU
RbMYv3Iu3j7TFUdPTLf0cFhDNPwv4RR0RG3Q/nN6Yi+PzZNtFA==
-----END CERTIFICATE-----