Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa
File:                     3138352e3136322e3137362e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          7nM/cx/azlTw+xx/P6nG5UL7vQ1Rv5+v0RRz+G1eUPQ=
Subject key identifier:   5B:39:C9:0D:56:CF:0D:B4:7E:DD:65:9F:76:4C:84:B5:A9:83:85:32
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       4FFE97ADA051DB49D9A2D5257580341AD20E3288
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa
Signing time:             Wed 04 Jun 2025 14:41:44 +0000
ROA not before:           Wed 04 Jun 2025 14:36:44 +0000
ROA not after:            Wed 03 Jun 2026 14:41:44 +0000
asID:                     0
IP address blocks:        185.162.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:fe:97:ad:a0:51:db:49:d9:a2:d5:25:75:80:34:1a:d2:0e:32:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Jun  4 14:36:44 2025 GMT
            Not After : Jun  3 14:41:44 2026 GMT
        Subject: CN=5B39C90D56CF0DB47EDD659F764C84B5A9838532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:8e:c6:aa:f5:39:a0:64:9f:bf:78:54:ac:84:
                    e4:27:a1:7a:a8:1c:80:3d:4b:1c:7b:6c:6e:69:30:
                    0c:35:54:6f:6d:ed:2b:81:b0:a5:51:33:2b:b4:69:
                    da:ae:d1:b8:b4:f3:0b:99:42:4c:51:ff:a4:4e:92:
                    0c:61:43:3e:fe:75:00:65:5b:a2:49:e9:d1:56:93:
                    3b:2d:cc:a2:d2:09:1a:be:7b:06:7b:ae:0e:1c:5e:
                    f1:fe:57:81:b3:1f:1b:19:ab:ac:24:0b:26:03:74:
                    29:f4:34:ad:73:b6:4f:bc:b2:4b:7b:b2:16:f3:1c:
                    83:ee:c2:99:93:a6:99:dc:a0:45:4e:e9:33:cb:7d:
                    10:ad:bc:eb:20:ca:de:f9:39:01:6c:38:cb:a7:ec:
                    a3:77:b7:6b:ac:d9:4b:84:0a:8c:b3:6e:d2:54:b7:
                    8e:b4:b6:84:51:00:93:62:51:af:15:ba:25:c7:28:
                    d9:f0:b5:94:dd:bb:f8:29:ae:b6:ef:27:b0:ab:8b:
                    d3:d4:f0:ec:64:c6:96:aa:5a:0a:7e:8a:7e:64:9f:
                    a3:48:27:b1:6f:04:78:9a:26:d2:a0:55:28:8d:ef:
                    bc:23:8e:9f:69:ff:43:2b:28:90:b2:08:56:a3:c0:
                    d6:93:68:30:9e:99:70:89:b9:99:62:e6:fb:34:36:
                    a7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:39:C9:0D:56:CF:0D:B4:7E:DD:65:9F:76:4C:84:B5:A9:83:85:32
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3136322e3137362e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:92:c3:5d:25:67:b0:70:2e:4b:87:29:87:11:4c:2a:6a:64:
         c9:c0:31:55:3f:5c:e9:4b:82:c4:70:c3:92:53:1e:6c:5c:3b:
         a6:0c:e1:2c:c0:33:d0:0b:2c:fe:a8:aa:db:59:fa:fb:3f:3e:
         aa:11:d7:1b:fb:47:d0:e1:2d:91:8a:3e:5c:d7:d1:57:bc:f8:
         ba:f8:30:23:02:df:f2:71:e1:ea:55:a9:8a:43:a2:98:7a:20:
         aa:79:bf:a4:b7:f7:f3:6b:4a:fc:86:2c:00:3e:c3:95:d0:3a:
         49:3f:70:00:9d:64:67:0f:02:e0:fe:84:49:77:2b:5d:e7:64:
         24:26:5c:fe:27:e7:ab:4e:92:7d:fa:47:28:f5:65:5d:c7:63:
         3e:60:db:a1:a7:37:57:18:97:e8:73:85:8e:d3:ec:8c:aa:05:
         4d:1c:41:83:ac:3d:cb:45:51:4e:d9:ce:65:20:54:07:ec:61:
         ad:79:df:2d:1c:e8:6d:9e:2e:c7:79:d3:ae:2e:4f:65:f2:0d:
         1a:52:39:64:d7:ee:c4:ac:4d:e4:8d:11:62:5e:33:d7:3b:89:
         50:0f:71:d1:ef:70:e3:b3:0e:5a:ae:5c:e9:2a:16:8b:79:36:
         9a:62:d1:01:07:15:70:71:98:42:b4:9a:57:60:87:cd:f3:b8:
         ca:13:a0:2b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUT/6XraBR20nZotUldYA0GtIOMogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA2MDQxNDM2NDRaFw0yNjA2MDMxNDQxNDRaMDMxMTAvBgNV
BAMTKDVCMzlDOTBENTZDRjBEQjQ3RURENjU5Rjc2NEM4NEI1QTk4Mzg1MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDujsaq9TmgZJ+/eFSshOQnoXqo
HIA9Sxx7bG5pMAw1VG9t7SuBsKVRMyu0adqu0bi08wuZQkxR/6ROkgxhQz7+dQBl
W6JJ6dFWkzstzKLSCRq+ewZ7rg4cXvH+V4GzHxsZq6wkCyYDdCn0NK1ztk+8skt7
shbzHIPuwpmTppncoEVO6TPLfRCtvOsgyt75OQFsOMun7KN3t2us2UuECoyzbtJU
t460toRRAJNiUa8VuiXHKNnwtZTdu/gprrbvJ7Cri9PU8OxkxpaqWgp+in5kn6NI
J7FvBHiaJtKgVSiN77wjjp9p/0MrKJCyCFajwNaTaDCemXCJuZli5vs0NqcjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUWznJDVbPDbR+3WWfdkyEtamDhTIwHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzEzODM1MmUzMTM2MzIyZTMx
MzczNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaKwMA0G
CSqGSIb3DQEBCwUAA4IBAQA6ksNdJWewcC5LhymHEUwqamTJwDFVP1zpS4LEcMOS
Ux5sXDumDOEswDPQCyz+qKrbWfr7Pz6qEdcb+0fQ4S2Rij5c19FXvPi6+DAjAt/y
ceHqVamKQ6KYeiCqeb+kt/fza0r8hiwAPsOV0DpJP3AAnWRnDwLg/oRJdytd52Qk
Jlz+J+erTpJ9+kco9WVdx2M+YNuhpzdXGJfoc4WO0+yMqgVNHEGDrD3LRVFO2c5l
IFQH7GGted8tHOhtni7HedOuLk9l8g0aUjlk1+7ErE3kjRFiXjPXO4lQD3HR73Dj
sw5arlzpKhaLeTaaYtEBBxVwcZhCtJpXYIfN87jKE6Ar
-----END CERTIFICATE-----