Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20383334.roa
File:                     3138352e3231332e3234302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          7AeYFUpFp89zl1/49eiZUxuafVe6YSlfugT8H662vjI=
Subject key identifier:   89:DC:C1:8D:86:31:57:AC:65:2A:5F:77:03:E2:42:C2:5F:70:EF:70
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       7693EAF26EB67679221826A0E8574DC4016D2A2F
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20383334.roa
Signing time:             Thu 01 May 2025 00:00:50 +0000
ROA not before:           Wed 30 Apr 2025 23:55:50 +0000
ROA not after:            Thu 30 Apr 2026 00:00:50 +0000
asID:                     834
IP address blocks:        185.213.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 17:16:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:93:ea:f2:6e:b6:76:79:22:18:26:a0:e8:57:4d:c4:01:6d:2a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Apr 30 23:55:50 2025 GMT
            Not After : Apr 30 00:00:50 2026 GMT
        Subject: CN=89DCC18D863157AC652A5F7703E242C25F70EF70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:77:02:e2:49:ad:72:06:34:b0:64:e4:e0:58:
                    48:6e:d4:b9:74:de:e5:c7:f0:33:12:e7:fb:c5:5b:
                    6f:fe:a9:d7:66:cb:fd:88:e2:13:2e:79:6f:b0:90:
                    30:b1:32:c6:82:0f:a4:0e:a6:83:21:6b:62:a1:28:
                    3f:b2:fe:c2:47:34:2f:06:26:5a:56:14:8f:95:06:
                    7d:02:86:42:a0:92:12:dd:b4:a4:81:2a:9e:05:9b:
                    27:d6:29:10:ba:5c:02:40:3a:0e:b0:8f:8f:1b:2b:
                    cb:70:35:48:6e:04:32:3d:e6:64:ef:5e:90:b4:24:
                    9a:c0:08:82:4f:b7:01:39:73:78:b4:72:e0:25:ce:
                    f1:6f:dc:e3:10:9e:c6:ef:88:82:f0:2b:f5:a0:ab:
                    51:62:13:ec:48:ca:ab:23:58:d7:25:48:2f:1d:5c:
                    bf:51:73:75:23:4d:6e:48:c2:a3:f4:4b:72:f3:08:
                    e9:af:11:8b:cb:fa:09:17:d1:bf:55:86:bf:f7:51:
                    51:e2:b2:c7:e0:3c:f3:71:63:fd:64:e7:79:a7:2d:
                    9f:e6:1a:81:6a:2b:5b:3b:24:f8:50:f3:9f:6f:d0:
                    ef:49:a0:f8:2a:c9:e1:a4:3e:f9:b7:c0:04:55:15:
                    a2:2f:41:f2:15:c4:da:b8:78:6d:29:bc:51:69:ae:
                    9c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DC:C1:8D:86:31:57:AC:65:2A:5F:77:03:E2:42:C2:5F:70:EF:70
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:09:a0:7e:f8:29:5d:9b:9d:a4:a7:1b:1a:c8:6b:cb:89:ad:
         c8:f1:10:1b:aa:d3:e6:08:d0:66:8b:00:f9:49:c1:21:d7:6a:
         fb:55:39:45:db:09:1a:11:3f:9a:9e:68:29:a5:c0:3c:a7:1c:
         8b:6d:b1:61:de:56:cc:07:9f:96:27:01:5d:7c:05:8e:ea:b0:
         84:0d:51:2a:54:33:3d:08:8c:5c:63:d0:48:e3:06:95:12:3e:
         87:31:88:a4:74:0a:75:20:5d:34:a9:d9:fa:0e:1b:a9:5f:45:
         38:73:e2:ad:48:88:18:58:e1:99:ca:32:9b:fe:b4:2f:12:dc:
         21:b8:01:8e:5b:ca:eb:20:6e:1b:12:dc:66:a0:65:4e:a5:2e:
         b0:4c:f0:12:63:66:81:c5:e1:86:b1:76:1e:2e:21:39:8b:57:
         d8:14:76:45:d9:5d:e2:9a:58:21:70:40:6c:59:9f:8d:bb:19:
         8e:5e:db:28:fc:1d:d1:ec:c4:6f:85:99:86:35:55:cb:d1:f9:
         cb:8b:f4:fc:cc:08:4e:6f:1c:60:5b:22:5c:cd:8f:13:03:e1:
         36:46:db:33:50:3e:13:c8:60:c5:53:92:1e:eb:96:54:a6:b6:
         c4:72:2d:6b:a5:f9:de:d3:bd:64:15:8d:c2:43:32:c8:b6:e7:
         45:ba:34:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdpPq8m62dnkiGCag6FdNxAFtKi8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNTA0MzAyMzU1NTBaFw0yNjA0MzAwMDAwNTBaMDMxMTAvBgNV
BAMTKDg5RENDMThEODYzMTU3QUM2NTJBNUY3NzAzRTI0MkMyNUY3MEVGNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSdwLiSa1yBjSwZOTgWEhu1Ll0
3uXH8DMS5/vFW2/+qddmy/2I4hMueW+wkDCxMsaCD6QOpoMha2KhKD+y/sJHNC8G
JlpWFI+VBn0ChkKgkhLdtKSBKp4FmyfWKRC6XAJAOg6wj48bK8twNUhuBDI95mTv
XpC0JJrACIJPtwE5c3i0cuAlzvFv3OMQnsbviILwK/Wgq1FiE+xIyqsjWNclSC8d
XL9Rc3UjTW5IwqP0S3LzCOmvEYvL+gkX0b9Vhr/3UVHissfgPPNxY/1k53mnLZ/m
GoFqK1s7JPhQ859v0O9JoPgqyeGkPvm3wARVFaIvQfIVxNq4eG0pvFFprpxtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUidzBjYYxV6xlKl93A+JCwl9w73AwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMxMzMyZTMy
MzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnV
8DANBgkqhkiG9w0BAQsFAAOCAQEAuwmgfvgpXZudpKcbGshry4mtyPEQG6rT5gjQ
ZosA+UnBIddq+1U5RdsJGhE/mp5oKaXAPKcci22xYd5WzAeflicBXXwFjuqwhA1R
KlQzPQiMXGPQSOMGlRI+hzGIpHQKdSBdNKnZ+g4bqV9FOHPirUiIGFjhmcoym/60
LxLcIbgBjlvK6yBuGxLcZqBlTqUusEzwEmNmgcXhhrF2Hi4hOYtX2BR2Rdld4ppY
IXBAbFmfjbsZjl7bKPwd0ezEb4WZhjVVy9H5y4v0/MwITm8cYFsiXM2PEwPhNkbb
M1A+E8hgxVOSHuuWVKa2xHIta6X53tO9ZBWNwkMyyLbnRbo0Vw==
-----END CERTIFICATE-----