Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135362e302f32342d3234203d3e2030.roa
File:                     3138352e3132332e3135362e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          x3/Q2KmEeNG471pt6QKZpeNlxMWBrBOmu1shsJkOqMY=
Subject key identifier:   8A:AF:CF:57:3B:92:A1:71:C0:1D:41:04:5C:D1:EF:12:5D:08:0A:66
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       63FBDBD06F33F5A4EEA51A7F4E56272A0BC6CFC5
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135362e302f32342d3234203d3e2030.roa
Signing time:             Thu 21 Aug 2025 13:36:31 +0000
ROA not before:           Thu 21 Aug 2025 13:31:31 +0000
ROA not after:            Thu 20 Aug 2026 13:36:31 +0000
asID:                     0
IP address blocks:        185.123.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:fb:db:d0:6f:33:f5:a4:ee:a5:1a:7f:4e:56:27:2a:0b:c6:cf:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Aug 21 13:31:31 2025 GMT
            Not After : Aug 20 13:36:31 2026 GMT
        Subject: CN=8AAFCF573B92A171C01D41045CD1EF125D080A66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9a:52:61:db:b5:fe:28:0d:6e:b8:ad:cd:69:
                    9a:78:2e:9d:bd:e9:44:3c:fe:dc:ad:11:1c:52:eb:
                    c3:52:da:2a:bd:3d:55:2c:2c:4a:20:05:df:81:3b:
                    a4:75:b5:5c:c3:03:06:9c:b8:7f:83:24:75:c1:1c:
                    67:b6:7e:85:89:aa:c8:e1:13:5a:1e:e1:44:13:bc:
                    48:9d:c0:7d:a9:76:89:96:18:3c:c6:5e:fc:63:9e:
                    7d:dc:50:90:cf:fe:14:b9:4a:ba:41:d8:79:30:9f:
                    d8:7b:78:ad:00:a7:32:58:84:80:93:39:e2:11:31:
                    1d:3d:ac:f9:68:97:24:72:2c:d3:7e:d2:4b:08:d9:
                    95:0d:99:57:3e:34:9c:80:98:83:ae:b3:7b:9f:d0:
                    34:53:18:90:3c:07:b5:0d:72:93:b1:37:43:b1:80:
                    37:d1:12:f2:7f:9f:84:7a:3f:b6:49:99:72:f4:e0:
                    73:bd:bc:f5:75:7c:d8:9a:24:93:95:64:50:6f:bb:
                    dd:8c:0a:58:07:4f:21:f6:f4:79:4f:66:f2:5a:58:
                    42:6a:99:8e:49:2c:e7:f3:db:46:52:2b:0b:10:1b:
                    18:af:1e:3b:b7:e8:0d:a5:d7:3e:18:78:14:5f:80:
                    73:4a:b6:4f:e6:1a:fa:92:95:ea:94:01:6b:48:93:
                    a9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AF:CF:57:3B:92:A1:71:C0:1D:41:04:5C:D1:EF:12:5D:08:0A:66
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138352e3132332e3135362e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:13:5b:88:28:53:ab:f1:29:d9:8e:57:8b:80:d5:4b:eb:22:
         3a:52:78:9d:e5:2d:3b:14:50:6d:46:7c:6d:a2:a0:20:1c:c4:
         f7:9a:99:d8:ee:11:4f:75:fc:a1:a8:39:64:13:ec:e6:23:a4:
         c3:45:32:5a:d0:c4:6d:82:2a:a8:b3:43:e7:e0:c1:5d:6f:dc:
         e2:c2:b7:9f:18:30:81:a3:46:b2:fd:c5:e9:05:77:bb:ee:6e:
         e2:62:19:39:86:e1:c5:36:36:d0:3b:80:b7:3d:73:38:e8:94:
         e4:49:94:0f:f8:ba:7d:a7:31:5b:9d:e0:35:19:7f:aa:28:f5:
         e8:6c:c3:9a:d1:32:53:c1:37:3c:4b:95:f4:c3:d6:a5:c0:66:
         dd:dd:a2:5f:7d:16:05:31:40:56:7d:02:e4:95:09:0f:cd:9e:
         7a:66:b4:57:04:6a:19:00:8d:2d:f4:91:3b:58:ec:df:f8:8c:
         1e:bf:34:83:b3:94:82:9e:6e:16:ca:4e:4d:94:bb:d6:14:83:
         72:5c:75:eb:f7:8b:46:15:df:a9:c9:fb:ab:e0:cb:76:1c:41:
         66:42:80:c0:49:21:b6:74:66:69:1e:24:f6:8d:39:c5:69:f7:
         78:4e:90:f9:db:14:39:cc:ee:ff:78:42:d8:76:bb:58:8e:82:
         ab:e0:63:7a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUY/vb0G8z9aTupRp/TlYnKgvGz8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA4MjExMzMxMzFaFw0yNjA4MjAxMzM2MzFaMDMxMTAvBgNV
BAMTKDhBQUZDRjU3M0I5MkExNzFDMDFENDEwNDVDRDFFRjEyNUQwODBBNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9mlJh27X+KA1uuK3NaZp4Lp29
6UQ8/tytERxS68NS2iq9PVUsLEogBd+BO6R1tVzDAwacuH+DJHXBHGe2foWJqsjh
E1oe4UQTvEidwH2pdomWGDzGXvxjnn3cUJDP/hS5SrpB2Hkwn9h7eK0ApzJYhICT
OeIRMR09rPlolyRyLNN+0ksI2ZUNmVc+NJyAmIOus3uf0DRTGJA8B7UNcpOxN0Ox
gDfREvJ/n4R6P7ZJmXL04HO9vPV1fNiaJJOVZFBvu92MClgHTyH29HlPZvJaWEJq
mY5JLOfz20ZSKwsQGxivHju36A2l1z4YeBRfgHNKtk/mGvqSleqUAWtIk6l9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiq/PVzuSoXHAHUEEXNHvEl0ICmYwHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzEzODM1MmUzMTMyMzMyZTMx
MzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXucMA0G
CSqGSIb3DQEBCwUAA4IBAQCpE1uIKFOr8SnZjleLgNVL6yI6Unid5S07FFBtRnxt
oqAgHMT3mpnY7hFPdfyhqDlkE+zmI6TDRTJa0MRtgiqos0Pn4MFdb9ziwrefGDCB
o0ay/cXpBXe77m7iYhk5huHFNjbQO4C3PXM46JTkSZQP+Lp9pzFbneA1GX+qKPXo
bMOa0TJTwTc8S5X0w9alwGbd3aJffRYFMUBWfQLklQkPzZ56ZrRXBGoZAI0t9JE7
WOzf+IwevzSDs5SCnm4Wyk5NlLvWFINyXHXr94tGFd+pyfur4Mt2HEFmQoDASSG2
dGZpHiT2jTnFafd4TpD52xQ5zO7/eELYdrtYjoKr4GN6
-----END CERTIFICATE-----