Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138382e302f32342d3234203d3e20383334.roa
File:                     3137382e3230382e3138382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          njM/Zmj9CmLLuxTTc0KeZNd8NxATNR7epxAp4p27a6g=
Subject key identifier:   45:96:43:60:86:15:C2:03:F1:1C:16:A3:40:BA:71:CF:8B:92:03:6A
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       093CF7201EB6DAC4411031D135130E6F91E2EAB0
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138382e302f32342d3234203d3e20383334.roa
Signing time:             Thu 03 Jul 2025 00:03:03 +0000
ROA not before:           Wed 02 Jul 2025 23:58:03 +0000
ROA not after:            Thu 02 Jul 2026 00:03:03 +0000
asID:                     834
IP address blocks:        178.208.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:3c:f7:20:1e:b6:da:c4:41:10:31:d1:35:13:0e:6f:91:e2:ea:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jul  2 23:58:03 2025 GMT
            Not After : Jul  2 00:03:03 2026 GMT
        Subject: CN=459643608615C203F11C16A340BA71CF8B92036A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:02:dd:ce:a1:29:ab:c8:0f:18:ce:90:85:0a:
                    c8:60:4f:cd:45:18:31:d2:4f:3d:13:49:67:31:50:
                    95:ae:58:5e:2d:6e:92:9d:dc:5e:d0:9e:ff:f5:4f:
                    26:75:5c:82:47:35:df:8e:3d:9d:35:52:a8:37:4f:
                    30:a1:28:aa:94:46:c6:85:09:23:29:41:83:d8:66:
                    f7:1d:57:3e:d9:9c:fc:07:30:b2:90:14:dd:db:91:
                    4f:4b:cb:34:14:72:c6:0b:2a:31:a3:5d:af:7e:cb:
                    12:18:19:cb:28:25:34:1b:74:5b:34:d5:1e:fc:73:
                    16:fb:43:ef:6e:ad:35:e2:70:17:21:a9:e1:6b:cf:
                    ad:01:be:82:6f:dc:85:7d:de:89:15:0a:be:f5:26:
                    63:c9:64:5e:d0:f3:a3:13:2d:4f:63:e6:85:a3:b4:
                    3f:ec:03:2b:e7:de:db:08:cd:ae:88:1c:6f:fa:67:
                    64:6b:af:d3:0f:19:ac:ac:53:19:b5:13:4a:a4:29:
                    99:8e:e3:96:20:9a:f8:82:b9:a0:8c:aa:c3:b7:98:
                    81:d5:35:06:d0:23:53:1b:b1:1d:60:57:7f:18:1d:
                    88:42:6f:d8:6a:92:96:85:49:38:ae:d4:47:af:68:
                    b7:a3:27:05:4a:65:7e:48:cd:fe:88:86:16:db:7f:
                    57:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:96:43:60:86:15:C2:03:F1:1C:16:A3:40:BA:71:CF:8B:92:03:6A
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:3a:55:e1:6c:63:06:a4:f5:b4:11:fa:63:f4:b7:07:b9:be:
         dc:4f:6c:44:05:56:36:3f:e6:ee:78:bd:7c:67:f6:d3:ac:0a:
         8d:e1:8d:a7:62:fb:77:ea:a3:e6:ea:18:7b:f0:82:df:ec:96:
         db:1d:52:54:1c:77:34:7d:38:1b:3d:4b:df:0d:72:d3:81:f4:
         59:ef:84:61:68:88:a9:d8:4b:e1:6d:48:65:ee:57:d6:55:35:
         8e:fa:16:81:9a:04:04:69:69:85:37:24:64:a1:06:1f:1e:ae:
         92:d3:3b:31:f7:74:6e:89:f7:e6:46:e7:02:cf:f4:72:1f:5f:
         0a:24:1d:56:cf:11:14:4a:ab:1e:39:50:88:bb:40:81:63:f0:
         8b:fb:bf:36:75:c6:a0:62:db:d8:dc:a7:2f:f2:15:82:37:ae:
         80:48:8d:87:af:a3:77:8a:0e:d8:04:9d:a3:70:8c:e6:6c:83:
         94:10:27:29:c7:fd:c1:33:73:52:8e:14:8c:69:f8:bd:9f:86:
         02:d1:70:7a:c5:3e:1f:3a:be:85:97:7e:8a:c9:ec:e0:78:1b:
         93:04:30:7c:07:26:b3:db:bf:fd:88:1c:7d:88:8a:f4:5b:1a:
         81:29:a1:d5:12:3e:69:9b:60:9a:b7:28:33:fe:d3:b0:78:57:
         31:c7:f8:46
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCTz3IB622sRBEDHRNRMOb5Hi6rAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNTA3MDIyMzU4MDNaFw0yNjA3MDIwMDAzMDNaMDMxMTAvBgNV
BAMTKDQ1OTY0MzYwODYxNUMyMDNGMTFDMTZBMzQwQkE3MUNGOEI5MjAzNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoAt3OoSmryA8YzpCFCshgT81F
GDHSTz0TSWcxUJWuWF4tbpKd3F7Qnv/1TyZ1XIJHNd+OPZ01Uqg3TzChKKqURsaF
CSMpQYPYZvcdVz7ZnPwHMLKQFN3bkU9LyzQUcsYLKjGjXa9+yxIYGcsoJTQbdFs0
1R78cxb7Q+9urTXicBchqeFrz60BvoJv3IV93okVCr71JmPJZF7Q86MTLU9j5oWj
tD/sAyvn3tsIza6IHG/6Z2Rrr9MPGaysUxm1E0qkKZmO45YgmviCuaCMqsO3mIHV
NQbQI1MbsR1gV38YHYhCb9hqkpaFSTiu1EevaLejJwVKZX5Izf6Ihhbbf1dVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURZZDYIYVwgPxHBajQLpxz4uSA2owHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzgzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALLQ
vDANBgkqhkiG9w0BAQsFAAOCAQEAfTpV4WxjBqT1tBH6Y/S3B7m+3E9sRAVWNj/m
7ni9fGf206wKjeGNp2L7d+qj5uoYe/CC3+yW2x1SVBx3NH04Gz1L3w1y04H0We+E
YWiIqdhL4W1IZe5X1lU1jvoWgZoEBGlphTckZKEGHx6uktM7Mfd0bon35kbnAs/0
ch9fCiQdVs8RFEqrHjlQiLtAgWPwi/u/NnXGoGLb2NynL/IVgjeugEiNh6+jd4oO
2ASdo3CM5myDlBAnKcf9wTNzUo4UjGn4vZ+GAtFwesU+Hzq+hZd+isns4HgbkwQw
fAcms9u//YgcfYiK9FsagSmh1RI+aZtgmrcoM/7TsHhXMcf4Rg==
-----END CERTIFICATE-----