Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138382e39342e3139312e302f32342d3234203d3e2039333034.roa
File:                     3138382e39342e3139312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          kHLj0CCSRey0XdhxSgcTxmLdHvnBUVZqQawwENhkgrs=
Subject key identifier:   1C:FD:48:F1:A7:71:2C:B6:9C:3B:D3:5C:E4:52:BF:F6:B4:98:DD:2B
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       6C71D11D4F4E2721C170587D0B79245C370E4C13
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138382e39342e3139312e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 17 Jun 2025 12:44:49 +0000
ROA not before:           Tue 17 Jun 2025 12:39:49 +0000
ROA not after:            Tue 16 Jun 2026 12:44:49 +0000
asID:                     9304
IP address blocks:        188.94.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:71:d1:1d:4f:4e:27:21:c1:70:58:7d:0b:79:24:5c:37:0e:4c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Jun 17 12:39:49 2025 GMT
            Not After : Jun 16 12:44:49 2026 GMT
        Subject: CN=1CFD48F1A7712CB69C3BD35CE452BFF6B498DD2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cd:59:1e:43:5f:63:5a:5c:87:18:bc:92:1e:
                    3f:87:3e:07:6e:eb:86:4f:ec:47:80:c9:03:c9:0e:
                    0b:83:39:b6:ed:8c:f3:f4:8b:66:d2:91:47:bb:f1:
                    d6:66:9f:3d:8a:31:14:33:c5:bb:b3:19:2b:3d:f3:
                    02:37:2c:8f:5b:c4:4c:bf:0e:08:bb:0f:fd:ec:1b:
                    49:bb:57:81:a8:9b:6f:d8:4f:c8:d0:e7:64:0e:7d:
                    4f:ce:7a:ce:59:4b:d7:30:57:92:06:0c:63:a6:27:
                    6c:cf:a6:23:3c:68:9f:68:59:2e:40:64:66:68:d6:
                    52:1d:08:e5:43:2f:56:5a:1e:16:91:0d:cf:ec:95:
                    26:ed:ae:63:f9:9b:88:cd:17:1e:c7:31:cb:25:cf:
                    c1:ce:66:09:cd:4a:b5:e1:be:32:39:5a:4f:02:b0:
                    d9:50:d1:f3:c1:85:d0:74:b9:0b:f6:ec:8e:d3:48:
                    27:d4:ec:9f:a0:df:9d:f1:e4:43:ee:be:8b:57:6f:
                    18:7b:b2:58:b0:0e:9f:10:c9:39:85:34:a7:ea:88:
                    e5:a5:76:5e:47:93:8b:82:3d:e8:28:3e:10:50:96:
                    a4:3b:7e:d6:3e:05:f7:6d:ab:38:3d:b4:75:f2:eb:
                    60:ff:88:29:07:dd:ad:7f:ca:58:9e:c8:35:6b:f0:
                    f1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:FD:48:F1:A7:71:2C:B6:9C:3B:D3:5C:E4:52:BF:F6:B4:98:DD:2B
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/3138382e39342e3139312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:4b:b2:f3:f7:8d:96:5e:1c:52:0c:b9:bc:07:a9:86:12:0c:
         29:cf:7c:b3:41:69:8f:0b:00:a2:7b:96:b6:a1:28:8f:e3:ff:
         bc:3d:2f:e0:1b:3e:a7:2f:b1:c5:b9:cf:8d:c3:8b:b6:aa:d3:
         c1:c4:6a:9b:b0:df:74:07:b7:9b:fa:8a:4b:b4:d9:69:14:11:
         50:51:40:bf:bd:d9:d9:ca:5d:a8:b5:ac:c8:8a:39:20:e0:31:
         dd:7a:e7:95:d4:0a:97:5c:1c:bf:97:1f:19:01:73:39:5c:a1:
         16:83:ff:5d:f8:59:32:57:a9:64:cd:c5:cc:5d:3a:b3:27:e4:
         23:3c:2f:f4:21:cc:53:00:2b:ef:f8:ad:3c:2b:ec:e2:a1:07:
         df:81:97:f8:5b:b7:ce:71:65:7e:a2:71:42:8c:ea:8e:4b:f7:
         5f:5a:aa:9c:db:1f:0b:c5:05:9a:72:a1:5d:5e:56:42:eb:35:
         9f:be:c5:5a:b2:fe:42:98:51:45:84:23:b5:25:f7:99:4a:4a:
         0c:e1:40:c9:c1:72:bf:dc:44:22:94:25:0d:98:5c:aa:e3:e0:
         f0:91:7a:98:21:f3:19:f3:95:b8:d4:99:4a:61:44:72:6f:d5:
         fe:5f:51:51:ca:ca:ef:51:77:e6:12:ea:95:a3:c1:2b:9b:7b:
         86:08:41:e7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbHHRHU9OJyHBcFh9C3kkXDcOTBMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA2MTcxMjM5NDlaFw0yNjA2MTYxMjQ0NDlaMDMxMTAvBgNV
BAMTKDFDRkQ0OEYxQTc3MTJDQjY5QzNCRDM1Q0U0NTJCRkY2QjQ5OEREMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQzVkeQ19jWlyHGLySHj+HPgdu
64ZP7EeAyQPJDguDObbtjPP0i2bSkUe78dZmnz2KMRQzxbuzGSs98wI3LI9bxEy/
Dgi7D/3sG0m7V4Gom2/YT8jQ52QOfU/Oes5ZS9cwV5IGDGOmJ2zPpiM8aJ9oWS5A
ZGZo1lIdCOVDL1ZaHhaRDc/slSbtrmP5m4jNFx7HMcslz8HOZgnNSrXhvjI5Wk8C
sNlQ0fPBhdB0uQv27I7TSCfU7J+g353x5EPuvotXbxh7sliwDp8QyTmFNKfqiOWl
dl5Hk4uCPegoPhBQlqQ7ftY+Bfdtqzg9tHXy62D/iCkH3a1/ylieyDVr8PHnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHP1I8adxLLacO9Nc5FK/9rSY3SswHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzEzODM4MmUzOTM0MmUzMTM5
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALxe
vzANBgkqhkiG9w0BAQsFAAOCAQEAnUuy8/eNll4cUgy5vAephhIMKc98s0FpjwsA
onuWtqEoj+P/vD0v4Bs+py+xxbnPjcOLtqrTwcRqm7DfdAe3m/qKS7TZaRQRUFFA
v73Z2cpdqLWsyIo5IOAx3XrnldQKl1wcv5cfGQFzOVyhFoP/XfhZMlepZM3FzF06
syfkIzwv9CHMUwAr7/itPCvs4qEH34GX+Fu3znFlfqJxQozqjkv3X1qqnNsfC8UF
mnKhXV5WQus1n77FWrL+QphRRYQjtSX3mUpKDOFAycFyv9xEIpQlDZhcquPg8JF6
mCHzGfOVuNSZSmFEcm/V/l9RUcrK71F35hLqlaPBK5t7hghB5w==
-----END CERTIFICATE-----