Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234332e302f32342d3234203d3e20323034393238.roa
File:                     3138352e3231332e3234332e302f32342d3234203d3e20323034393238.roa (raw, json)
Hash identifier:          /82U/4ZCS1l7tEmRqZdiqoHQfHkAV0iGqgAdCf0IY6Q=
Subject key identifier:   5F:18:6E:F1:BB:5E:A0:7E:2E:92:84:56:C9:ED:0D:0A:25:8D:B0:AC
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       6240002F8049ABE04C8F03ABE96632281036F6C9
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234332e302f32342d3234203d3e20323034393238.roa
Signing time:             Thu 02 Oct 2025 07:55:08 +0000
ROA not before:           Thu 02 Oct 2025 07:50:08 +0000
ROA not after:            Thu 01 Oct 2026 07:55:08 +0000
asID:                     204928
IP address blocks:        185.213.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:08:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:40:00:2f:80:49:ab:e0:4c:8f:03:ab:e9:66:32:28:10:36:f6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Oct  2 07:50:08 2025 GMT
            Not After : Oct  1 07:55:08 2026 GMT
        Subject: CN=5F186EF1BB5EA07E2E928456C9ED0D0A258DB0AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:fc:c8:15:77:5e:37:a3:25:f3:72:4a:71:
                    6e:b4:1c:60:8a:44:6a:98:8f:d0:96:b8:6b:5f:9d:
                    d1:76:80:14:d0:e4:ec:bd:cd:d9:aa:9b:35:09:1a:
                    69:74:f8:0f:33:fa:f4:4e:6f:c1:99:89:1a:54:78:
                    2d:9a:4e:3f:b4:09:e0:79:c7:20:9d:aa:73:b7:12:
                    40:e5:f4:b7:8b:f4:cd:e5:65:0c:8c:20:d8:72:71:
                    2f:f9:9f:6a:42:0e:c1:b6:0d:d0:ad:e0:f8:24:3f:
                    40:86:5c:f6:56:cb:45:63:e5:4a:a8:a3:7a:e4:7e:
                    0b:98:d2:b2:cc:e2:98:e7:d4:df:e0:7c:8b:09:cb:
                    b2:7b:75:29:06:39:16:d7:b9:e5:80:8e:ca:05:b9:
                    6a:7e:7c:c6:2c:45:01:dd:ba:4f:4d:50:c2:cc:81:
                    0d:1d:47:2f:c6:6d:f5:32:c5:ec:13:39:93:32:01:
                    ae:02:f1:de:9e:f5:d0:29:d3:5e:c7:9c:40:34:8a:
                    29:d0:86:26:64:df:e7:08:5c:3c:d9:13:9c:19:58:
                    fa:e2:8b:0c:46:f0:4d:b6:38:43:71:44:55:a2:4a:
                    01:92:5d:b2:84:08:df:e8:b1:1c:76:98:37:aa:a3:
                    6b:60:22:57:3f:01:60:fb:ce:2b:22:66:81:a3:c5:
                    19:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:18:6E:F1:BB:5E:A0:7E:2E:92:84:56:C9:ED:0D:0A:25:8D:B0:AC
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234332e302f32342d3234203d3e20323034393238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:f9:ec:29:f2:2e:df:b7:2e:db:06:77:a4:49:77:6a:12:b6:
         d2:03:3b:f4:43:88:f1:b5:31:8b:df:5b:54:ae:98:89:b1:02:
         e7:94:fb:db:bc:e3:10:3c:b5:ba:3b:e0:d3:a6:af:3c:99:7c:
         0f:6b:97:ec:06:f4:b9:24:37:11:f6:63:0b:65:b7:0a:6e:6f:
         b0:4f:57:21:70:e6:49:01:f8:57:4d:c0:50:f7:73:4c:d2:4f:
         23:7d:36:65:96:76:35:86:9b:48:c0:52:23:6c:9b:57:46:37:
         8e:c9:d0:f6:43:ac:c4:c9:c4:cb:e5:02:12:36:a4:1b:8d:34:
         2c:ab:27:47:cf:dd:79:54:68:6c:ae:11:9c:55:d6:0a:d7:7a:
         0b:fd:37:86:ce:81:d9:f6:2a:4e:5a:68:35:70:d6:32:bc:e8:
         33:e3:79:f9:13:27:05:59:e8:b0:52:1b:c6:ed:0c:d4:63:23:
         4f:3e:41:78:54:2d:89:ae:77:c8:59:1a:61:84:24:69:e9:33:
         c4:0e:f2:b1:d4:66:80:5d:ad:81:9f:40:4b:80:a1:6e:16:7d:
         c2:fe:9b:20:b3:a2:ed:35:8f:a6:cd:63:c4:75:07:77:25:2d:
         24:c4:38:fa:d2:45:d0:7d:35:9a:b2:85:25:e7:b1:6c:f4:0e:
         80:48:67:7f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUYkAAL4BJq+BMjwOr6WYyKBA29skwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNTEwMDIwNzUwMDhaFw0yNjEwMDEwNzU1MDhaMDMxMTAvBgNV
BAMTKDVGMTg2RUYxQkI1RUEwN0UyRTkyODQ1NkM5RUQwRDBBMjU4REIwQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKPzIFXdeN6Ml83JKcW60HGCK
RGqYj9CWuGtfndF2gBTQ5Oy9zdmqmzUJGml0+A8z+vROb8GZiRpUeC2aTj+0CeB5
xyCdqnO3EkDl9LeL9M3lZQyMINhycS/5n2pCDsG2DdCt4PgkP0CGXPZWy0Vj5Uqo
o3rkfguY0rLM4pjn1N/gfIsJy7J7dSkGORbXueWAjsoFuWp+fMYsRQHduk9NUMLM
gQ0dRy/GbfUyxewTOZMyAa4C8d6e9dAp017HnEA0iinQhiZk3+cIXDzZE5wZWPri
iwxG8E22OENxRFWiSgGSXbKECN/osRx2mDeqo2tgIlc/AWD7zisiZoGjxRl1AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUXxhu8bteoH4ukoRWye0NCiWNsKwwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMxMzMyZTMy
MzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDM5MzIzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnV8zANBgkqhkiG9w0BAQsFAAOCAQEAJvnsKfIu37cu2wZ3pEl3ahK20gM7
9EOI8bUxi99bVK6YibEC55T727zjEDy1ujvg06avPJl8D2uX7Ab0uSQ3EfZjC2W3
Cm5vsE9XIXDmSQH4V03AUPdzTNJPI302ZZZ2NYabSMBSI2ybV0Y3jsnQ9kOsxMnE
y+UCEjakG400LKsnR8/deVRobK4RnFXWCtd6C/03hs6B2fYqTlpoNXDWMrzoM+N5
+RMnBVnosFIbxu0M1GMjTz5BeFQtia53yFkaYYQkaekzxA7ysdRmgF2tgZ9AS4Ch
bhZ9wv6bILOi7TWPps1jxHUHdyUtJMQ4+tJF0H01mrKFJeexbPQOgEhnfw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:11:31 2025 by rpki-client