Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa
File:                     3138352e3230352e3232322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rBsBc+kc7Dc7//jME4UN7EDezqvBH4N1hyL+aiK6UXM=
Subject key identifier:   87:D0:54:8F:8A:54:E2:AE:50:58:C8:7B:92:25:3F:8D:63:0A:4A:9A
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       19BBB24276CA75DC2AC7562B1687ACC285FB3925
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Mar 2026 10:46:11 +0000
ROA not before:           Mon 23 Mar 2026 10:41:11 +0000
ROA not after:            Mon 22 Mar 2027 10:46:11 +0000
asID:                     834
IP address blocks:        185.205.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:bb:b2:42:76:ca:75:dc:2a:c7:56:2b:16:87:ac:c2:85:fb:39:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Mar 23 10:41:11 2026 GMT
            Not After : Mar 22 10:46:11 2027 GMT
        Subject: CN=87D0548F8A54E2AE5058C87B92253F8D630A4A9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:70:f5:67:96:5a:ac:d5:9c:74:95:3c:46:9a:
                    92:b2:4a:05:be:f4:58:3a:7f:85:7c:7c:76:6f:b9:
                    e6:00:51:06:3d:13:17:75:92:38:30:02:48:af:d2:
                    b0:15:d4:76:3b:aa:34:9d:87:f7:db:7e:c8:7d:89:
                    83:5b:b3:92:6c:c8:3c:5e:e1:22:2c:97:3e:92:39:
                    4f:6c:b4:d9:a5:6b:bc:d3:01:be:96:be:61:1f:55:
                    1d:48:65:c6:ba:f7:fd:e7:74:06:c9:bc:d5:bd:8d:
                    a6:90:51:d7:63:94:15:d9:b3:31:25:a1:91:2c:8e:
                    15:c6:db:f7:6b:a5:60:31:2b:4f:10:1d:25:50:3e:
                    b6:f1:65:69:95:9a:a1:32:19:82:0f:20:30:eb:e5:
                    25:b9:b2:20:d5:d4:d8:d5:9d:f5:37:fd:d8:93:4d:
                    fa:60:62:97:c0:aa:db:fa:c5:2e:64:0e:43:c2:c3:
                    41:03:ff:e2:a8:96:b9:e6:d8:14:78:51:81:10:1d:
                    ef:19:e9:79:38:11:1e:39:e9:5f:ee:c3:f8:35:f1:
                    be:c4:cc:c1:a7:cd:7c:2e:93:82:67:78:91:a7:4e:
                    58:55:0e:93:b3:ad:b8:e6:3d:30:be:f1:fd:7f:ae:
                    60:d9:11:13:a7:d1:f6:ab:32:1b:a2:e7:ea:df:a5:
                    e2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D0:54:8F:8A:54:E2:AE:50:58:C8:7B:92:25:3F:8D:63:0A:4A:9A
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:24:cc:97:25:13:23:1c:24:1f:f8:49:97:a4:11:33:b0:5d:
         ad:0c:a0:b8:87:a7:a9:f3:48:e3:6a:f6:1a:e5:54:fe:a8:03:
         b1:78:e2:9a:0c:6e:ab:8e:b5:a5:72:0e:75:56:44:67:7c:9a:
         bb:c7:8f:3f:b9:02:61:f5:ff:94:1b:e5:4d:4d:7f:28:d0:64:
         d5:fb:59:80:fa:8a:2b:00:2d:ca:cb:5d:f0:0d:e9:7a:5a:bd:
         56:f4:c7:55:04:2c:0d:a9:77:f0:21:14:a0:38:35:b0:6c:a5:
         3f:aa:4f:fa:da:51:49:b4:bf:2e:59:84:78:27:15:5f:e3:50:
         4d:08:05:26:4e:a2:82:4a:ef:55:0d:fc:0f:0c:26:2e:1d:72:
         3d:5a:bd:13:2e:07:8c:c0:bf:db:4d:58:1d:5e:3f:67:c6:34:
         74:9e:53:aa:f7:b3:90:0e:3d:53:6e:d9:84:8d:0f:1e:dd:84:
         6c:8f:e1:e1:fa:0c:98:3e:f3:65:cb:b9:c7:9e:ba:2b:c8:dd:
         4d:8b:39:40:a7:c7:27:42:f6:4c:13:0c:b1:17:64:c8:e0:33:
         c4:c4:c1:85:40:ac:04:2d:48:6b:6e:78:27:ee:f0:6b:65:c5:
         2a:d5:92:29:90:84:83:eb:fd:41:c5:ab:c7:a3:37:44:e2:ce:
         69:82:40:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGbuyQnbKddwqx1YrFoeswoX7OSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjAzMjMxMDQxMTFaFw0yNzAzMjIxMDQ2MTFaMDMxMTAvBgNV
BAMTKDg3RDA1NDhGOEE1NEUyQUU1MDU4Qzg3QjkyMjUzRjhENjMwQTRBOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHcPVnllqs1Zx0lTxGmpKySgW+
9Fg6f4V8fHZvueYAUQY9Exd1kjgwAkiv0rAV1HY7qjSdh/fbfsh9iYNbs5JsyDxe
4SIslz6SOU9stNmla7zTAb6WvmEfVR1IZca69/3ndAbJvNW9jaaQUddjlBXZszEl
oZEsjhXG2/drpWAxK08QHSVQPrbxZWmVmqEyGYIPIDDr5SW5siDV1NjVnfU3/diT
TfpgYpfAqtv6xS5kDkPCw0ED/+Kolrnm2BR4UYEQHe8Z6Xk4ER456V/uw/g18b7E
zMGnzXwuk4JneJGnTlhVDpOzrbjmPTC+8f1/rmDZEROn0farMhui5+rfpeL9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUh9BUj4pU4q5QWMh7kiU/jWMKSpowHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzMjMwMzUyZTMy
MzIzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnN
3jANBgkqhkiG9w0BAQsFAAOCAQEABSTMlyUTIxwkH/hJl6QRM7BdrQyguIenqfNI
42r2GuVU/qgDsXjimgxuq461pXIOdVZEZ3yau8ePP7kCYfX/lBvlTU1/KNBk1ftZ
gPqKKwAtystd8A3pelq9VvTHVQQsDal38CEUoDg1sGylP6pP+tpRSbS/LlmEeCcV
X+NQTQgFJk6igkrvVQ38DwwmLh1yPVq9Ey4HjMC/201YHV4/Z8Y0dJ5TqvezkA49
U27ZhI0PHt2EbI/h4foMmD7zZcu5x566K8jdTYs5QKfHJ0L2TBMMsRdkyOAzxMTB
hUCsBC1Ia254J+7wa2XFKtWSKZCEg+v9QcWrx6M3ROLOaYJAvA==
-----END CERTIFICATE-----