Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa
File:                     38392e3131362e31362e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier:          7gdiZpTYF4VKwdmEsTHKuwi6oAiZC6mVLx4cpcdl/GE=
Subject key identifier:   C3:8E:4E:6F:C0:90:35:E8:8F:33:A4:6B:CF:59:AF:5A:AF:0D:11:78
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       448DCB78697F694E944B4114A208BD3ACB8D96F9
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa
Signing time:             Fri 09 May 2025 09:37:57 +0000
ROA not before:           Fri 09 May 2025 09:32:57 +0000
ROA not after:            Fri 08 May 2026 09:37:57 +0000
asID:                     15419
IP address blocks:        89.116.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:8d:cb:78:69:7f:69:4e:94:4b:41:14:a2:08:bd:3a:cb:8d:96:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: May  9 09:32:57 2025 GMT
            Not After : May  8 09:37:57 2026 GMT
        Subject: CN=C38E4E6FC09035E88F33A46BCF59AF5AAF0D1178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c1:49:a3:6c:8f:43:a7:12:7f:5d:d7:56:b4:
                    e2:25:03:e5:fa:20:d9:a5:f2:69:13:62:7c:8f:43:
                    9e:0a:78:df:3b:72:1c:c4:61:64:a0:b7:86:80:8c:
                    96:18:f9:6b:33:9d:db:ea:70:1d:ce:06:6c:bf:38:
                    24:55:a9:db:6d:90:bb:ce:b1:b0:b4:d0:5d:97:6a:
                    f5:18:fb:f0:15:8d:5a:b3:aa:ca:7d:ca:78:38:d4:
                    67:67:c5:82:d9:19:ac:61:fb:d9:1d:3d:89:47:56:
                    5b:a3:80:ac:cb:15:92:87:a4:60:43:2f:0a:19:08:
                    0e:bc:cc:47:9a:a2:1a:f4:5f:4f:c4:4b:1e:3e:8d:
                    8d:cf:03:0e:e5:e5:fe:ae:f3:94:fd:fc:15:5d:77:
                    48:10:40:b7:37:ed:df:f8:5a:d3:6c:4d:e8:ea:d3:
                    08:5c:9b:72:08:7b:fd:91:cd:d2:7d:89:0f:ff:c6:
                    e0:14:75:66:fa:6e:e5:95:2c:38:55:de:09:c5:45:
                    de:f6:7c:77:eb:7d:15:12:d9:2c:6d:e8:40:7a:a4:
                    49:b8:6d:50:de:09:0c:e4:ab:15:30:fb:4b:57:1e:
                    60:4e:93:da:6c:40:32:ce:60:15:c6:be:33:97:2d:
                    26:8a:29:cb:81:d4:fe:d6:25:90:ed:b2:56:0d:db:
                    d4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:8E:4E:6F:C0:90:35:E8:8F:33:A4:6B:CF:59:AF:5A:AF:0D:11:78
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:b6:64:48:72:b0:b5:97:36:1f:22:cb:bc:e6:44:b5:ee:e9:
         3c:21:8d:22:2b:48:62:ce:70:44:7b:dd:f5:9c:ba:5c:02:20:
         09:a1:17:8a:9e:0a:85:69:67:09:7d:09:2b:e7:fc:c9:79:1f:
         fd:cc:b9:16:26:9c:2c:3c:1e:95:9e:15:47:c1:05:10:5c:38:
         00:47:06:24:b8:22:16:eb:bc:e4:63:d0:e6:08:99:93:f0:63:
         b5:37:9c:db:7f:95:08:f8:d8:40:4b:33:86:3e:eb:8a:e5:66:
         0b:33:7a:0e:cc:00:ab:07:9d:70:82:76:29:4f:c1:8a:c8:10:
         15:7a:76:2b:e0:75:d2:4f:69:84:da:db:53:eb:8b:86:ed:6c:
         80:89:c3:2a:82:59:7f:d9:80:7d:f1:5e:c8:da:c7:94:69:41:
         5d:29:c3:b9:1d:80:e8:bc:fd:20:f9:04:60:57:46:ae:0d:7b:
         60:84:16:18:35:b0:0a:20:51:0a:ee:13:37:77:86:ed:a6:56:
         3c:a7:6e:88:c5:26:fe:22:57:4b:f6:33:c4:a2:8f:f6:a3:34:
         50:91:76:dc:14:23:58:a5:b3:bf:a8:20:60:51:d9:ba:55:71:
         ef:81:ed:1b:76:78:ab:87:6f:8e:57:fe:97:ac:53:83:9b:fb:
         d4:65:5d:22
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURI3LeGl/aU6US0EUogi9OsuNlvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTdaFw0yNjA1MDgwOTM3NTdaMDMxMTAvBgNV
BAMTKEMzOEU0RTZGQzA5MDM1RTg4RjMzQTQ2QkNGNTlBRjVBQUYwRDExNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPwUmjbI9DpxJ/XddWtOIlA+X6
INml8mkTYnyPQ54KeN87chzEYWSgt4aAjJYY+WszndvqcB3OBmy/OCRVqdttkLvO
sbC00F2XavUY+/AVjVqzqsp9yng41GdnxYLZGaxh+9kdPYlHVlujgKzLFZKHpGBD
LwoZCA68zEeaohr0X0/ESx4+jY3PAw7l5f6u85T9/BVdd0gQQLc37d/4WtNsTejq
0whcm3IIe/2RzdJ9iQ//xuAUdWb6buWVLDhV3gnFRd72fHfrfRUS2Sxt6EB6pEm4
bVDeCQzkqxUw+0tXHmBOk9psQDLOYBXGvjOXLSaKKcuB1P7WJZDtslYN29SRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUw45Ob8CQNeiPM6Rrz1mvWq8NEXgwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTM2
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVl0
EDANBgkqhkiG9w0BAQsFAAOCAQEAobZkSHKwtZc2HyLLvOZEte7pPCGNIitIYs5w
RHvd9Zy6XAIgCaEXip4KhWlnCX0JK+f8yXkf/cy5FiacLDwelZ4VR8EFEFw4AEcG
JLgiFuu85GPQ5giZk/BjtTec23+VCPjYQEszhj7riuVmCzN6DswAqwedcIJ2KU/B
isgQFXp2K+B10k9phNrbU+uLhu1sgInDKoJZf9mAffFeyNrHlGlBXSnDuR2A6Lz9
IPkEYFdGrg17YIQWGDWwCiBRCu4TN3eG7aZWPKduiMUm/iJXS/YzxKKP9qM0UJF2
3BQjWKWzv6ggYFHZulVx74HtG3Z4q4dvjlf+l6xTg5v71GVdIg==
-----END CERTIFICATE-----