Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36322e302f32342d3234203d3e203239303636.roa
File:                     3138352e3133302e36322e302f32342d3234203d3e203239303636.roa (raw, json)
Hash identifier:          cZvuOTu1xxenEkmS/lv/FbwQZVMqO/d4TmKYvwutnlA=
Subject key identifier:   58:43:F0:46:A0:A4:36:B1:03:52:F1:80:AE:41:73:6F:9A:02:8C:DE
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       1A6551085BADE59ED36B1FD66AE94FC50139E152
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36322e302f32342d3234203d3e203239303636.roa
Signing time:             Tue 07 Oct 2025 17:55:08 +0000
ROA not before:           Tue 07 Oct 2025 17:50:08 +0000
ROA not after:            Tue 06 Oct 2026 17:55:08 +0000
asID:                     29066
IP address blocks:        185.130.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:26:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:65:51:08:5b:ad:e5:9e:d3:6b:1f:d6:6a:e9:4f:c5:01:39:e1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Oct  7 17:50:08 2025 GMT
            Not After : Oct  6 17:55:08 2026 GMT
        Subject: CN=5843F046A0A436B10352F180AE41736F9A028CDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:47:f8:22:3b:d7:b9:1b:b6:02:c6:e3:79:
                    2a:93:a1:de:61:c9:ab:db:6c:5c:13:0a:63:93:91:
                    15:24:89:ac:3b:31:ac:f1:9b:36:e1:d9:ea:4e:88:
                    70:b6:46:bc:cc:d7:be:e2:90:1e:cb:89:1d:01:3a:
                    19:ae:0e:67:78:d4:d0:f6:b5:01:30:c6:4a:81:14:
                    7b:11:e8:c0:15:c8:db:20:2a:d6:0b:02:2f:2d:fe:
                    7b:e8:d9:7a:97:57:ef:80:cc:49:ce:b2:60:21:cc:
                    75:b5:e2:2d:e3:18:08:34:9f:3a:b0:ac:30:ec:b3:
                    21:ae:ad:88:0f:03:26:ca:7c:5d:bb:1e:d0:21:2c:
                    d1:91:1a:b1:29:a7:be:27:a2:65:bd:2c:82:70:73:
                    a8:ab:ed:02:c0:c2:90:e0:9b:b8:a6:25:96:a1:69:
                    4a:95:5b:10:dc:91:c3:ff:d5:2f:f1:59:a1:72:40:
                    4b:9a:0e:d2:45:73:93:df:20:9a:e1:01:08:6a:11:
                    5c:2f:9d:98:4c:0f:4e:86:83:7e:7a:62:16:93:51:
                    17:4c:a3:a8:18:74:11:93:f0:ff:da:29:82:53:ae:
                    fd:af:58:f8:28:db:57:0b:54:d4:b2:d6:d9:e2:17:
                    cd:b6:4d:f8:6b:e6:73:61:85:b8:f7:11:a7:c5:51:
                    f0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:43:F0:46:A0:A4:36:B1:03:52:F1:80:AE:41:73:6F:9A:02:8C:DE
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3133302e36322e302f32342d3234203d3e203239303636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:6a:7e:1c:0e:2f:55:9c:b2:84:f8:ff:d6:a5:13:62:d8:4a:
         ea:bc:45:6e:03:cc:18:8d:03:d5:b7:bd:c9:5d:ce:6a:f8:b8:
         bd:70:4c:39:c2:68:3e:f9:0d:d5:ed:5e:30:14:cd:d8:67:46:
         2f:8a:4d:61:8b:d0:87:6f:1d:20:a8:a0:31:9b:9f:18:f3:88:
         8d:fe:33:2f:a3:2a:d2:95:35:fd:5b:4e:e5:ab:8c:62:93:68:
         70:b5:c8:4f:b5:f4:1c:9d:4b:ef:91:2a:18:22:67:90:b7:3d:
         fa:2b:d2:82:49:32:36:38:65:54:49:c4:e0:8f:a1:6b:be:81:
         1f:c2:31:db:8d:88:e8:58:38:ff:dd:18:e9:33:fe:38:bd:e0:
         23:af:ce:23:6c:52:e5:7f:4b:14:d1:5e:59:8c:80:5b:2d:6e:
         4d:d5:b4:ca:ca:8d:b2:81:6e:bd:fc:be:34:a7:62:05:f5:e9:
         3a:2d:6f:43:f9:25:fa:90:e7:a5:a5:14:c3:e9:cf:52:f7:cd:
         7f:c3:e2:14:29:50:fc:8c:b6:a6:cf:7d:bf:2c:3e:b9:b3:c5:
         f0:f9:ba:d6:14:92:b9:0d:0a:63:de:a8:35:d6:2a:f1:89:56:
         00:17:63:7a:a6:fa:b9:59:cd:68:94:cf:2e:09:95:27:3b:6c:
         2c:bb:a4:fc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGmVRCFut5Z7Tax/WaulPxQE54VIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNTEwMDcxNzUwMDhaFw0yNjEwMDYxNzU1MDhaMDMxMTAvBgNV
BAMTKDU4NDNGMDQ2QTBBNDM2QjEwMzUyRjE4MEFFNDE3MzZGOUEwMjhDREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMOEf4IjvXuRu2AsbjeSqTod5h
yavbbFwTCmOTkRUkiaw7Mazxmzbh2epOiHC2RrzM177ikB7LiR0BOhmuDmd41ND2
tQEwxkqBFHsR6MAVyNsgKtYLAi8t/nvo2XqXV++AzEnOsmAhzHW14i3jGAg0nzqw
rDDssyGurYgPAybKfF27HtAhLNGRGrEpp74nomW9LIJwc6ir7QLAwpDgm7imJZah
aUqVWxDckcP/1S/xWaFyQEuaDtJFc5PfIJrhAQhqEVwvnZhMD06Gg356YhaTURdM
o6gYdBGT8P/aKYJTrv2vWPgo21cLVNSy1tniF822Tfhr5nNhhbj3EafFUfCNAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUWEPwRqCkNrEDUvGArkFzb5oCjN4wHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMTMzMzAyZTM2
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzAzNjM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
uYI+MA0GCSqGSIb3DQEBCwUAA4IBAQDCan4cDi9VnLKE+P/WpRNi2ErqvEVuA8wY
jQPVt73JXc5q+Li9cEw5wmg++Q3V7V4wFM3YZ0Yvik1hi9CHbx0gqKAxm58Y84iN
/jMvoyrSlTX9W07lq4xik2hwtchPtfQcnUvvkSoYImeQtz36K9KCSTI2OGVUScTg
j6FrvoEfwjHbjYjoWDj/3RjpM/44veAjr84jbFLlf0sU0V5ZjIBbLW5N1bTKyo2y
gW69/L40p2IF9ek6LW9D+SX6kOelpRTD6c9S981/w+IUKVD8jLamz32/LD65s8Xw
+brWFJK5DQpj3qg11irxiVYAF2N6pvq5Wc1olM8uCZUnO2wsu6T8
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:35:24 2025 by rpki-client