Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
File:                     38372e3131382e36342e302f31382d3234203d3e203331313033.roa (raw, json)
Hash identifier:          5FgGKvGyM0+sTnRzeGibD3YbS14Xm/BeG3m9Kf1UjW8=
Subject key identifier:   99:B0:C3:F2:89:62:8D:18:0D:81:10:9C:66:94:D8:AC:F3:69:86:17
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       0142497DC2F31CEF5710005B65E52FC8F9AEADA6
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
Signing time:             Fri 02 May 2025 13:54:05 +0000
ROA not before:           Fri 02 May 2025 13:49:05 +0000
ROA not after:            Fri 01 May 2026 13:54:05 +0000
asID:                     31103
IP address blocks:        87.118.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 23:19:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:42:49:7d:c2:f3:1c:ef:57:10:00:5b:65:e5:2f:c8:f9:ae:ad:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: May  2 13:49:05 2025 GMT
            Not After : May  1 13:54:05 2026 GMT
        Subject: CN=99B0C3F289628D180D81109C6694D8ACF3698617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:89:31:a0:de:a0:f9:39:8c:22:9b:80:62:e7:
                    14:86:fe:fd:5e:23:ec:60:cc:13:77:e4:66:81:c8:
                    ac:1a:a3:7a:3b:ca:d8:6c:37:09:76:63:32:5d:68:
                    04:24:a8:af:63:9a:a1:b6:7b:30:bf:a0:67:0d:f6:
                    ee:98:bf:40:16:12:98:72:f1:45:00:88:30:82:81:
                    2e:72:93:c2:95:53:43:48:40:be:f2:eb:77:6f:39:
                    4e:d8:b0:86:d6:fa:3e:5c:59:8d:02:7e:a2:61:13:
                    02:80:e4:f7:1e:0c:0b:92:97:62:1f:68:a5:d0:7e:
                    05:25:3f:2f:e7:d6:e5:5b:52:a0:9e:c9:94:bb:ed:
                    6d:ae:43:9e:da:da:83:2b:2f:44:9a:0a:09:72:62:
                    30:eb:6d:e2:56:ba:b1:a7:7e:1e:43:c3:26:d5:62:
                    8b:43:4a:30:4a:9f:ef:7a:d8:48:b8:df:55:6e:ed:
                    45:84:6d:5c:ba:8a:86:d5:68:41:8a:4d:19:87:55:
                    7e:08:66:5b:d0:ea:8e:5d:91:6f:41:e4:47:ae:91:
                    9c:f7:59:22:b7:46:c9:b1:94:ff:ce:1f:6b:e4:7d:
                    95:9f:7e:2d:31:2e:74:03:5a:6e:18:24:b3:e7:c1:
                    82:64:0a:5e:22:db:04:3a:c7:f7:73:7f:57:89:4a:
                    b0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B0:C3:F2:89:62:8D:18:0D:81:10:9C:66:94:D8:AC:F3:69:86:17
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.118.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         34:9b:14:ac:aa:8e:07:6b:cb:a9:f1:d2:21:be:6f:2f:bd:d8:
         f8:a6:34:9c:07:54:ce:c5:1a:ec:a5:bb:d9:d6:ff:b9:1b:12:
         a7:91:25:24:df:2d:06:bc:a4:22:86:b7:24:2a:cc:98:45:7c:
         f1:fb:52:91:c4:f0:39:f1:45:67:d4:df:0e:0f:4d:24:cf:34:
         44:2f:6d:ea:b3:bd:41:02:2e:87:a9:a2:bb:bb:2a:49:91:f2:
         42:8a:70:e4:0d:db:85:a2:5e:ad:9d:7f:ab:3e:2e:3d:5f:86:
         50:6f:99:8c:00:d5:90:b0:d1:60:c2:f3:59:1f:ca:57:56:48:
         31:fc:97:fc:fe:f6:73:ff:e9:a7:4b:94:b5:dd:da:e7:59:83:
         81:cd:83:fa:15:03:64:56:59:39:95:6a:3f:19:a9:45:85:f8:
         93:7f:bf:37:82:a0:f8:09:b2:ab:15:03:0f:24:a5:7b:49:af:
         11:b8:84:2d:e0:b1:d6:76:db:9f:01:65:1c:f5:89:ad:2d:ec:
         57:bd:be:0d:e5:20:0c:ca:47:70:7a:2a:70:81:ab:1e:7e:41:
         10:de:78:67:61:39:38:c2:f6:6e:53:cc:43:1c:83:26:95:18:
         21:f0:99:f3:4d:3a:cf:d0:3e:d7:42:64:4c:06:87:0b:ec:e9:
         7c:3c:26:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAUJJfcLzHO9XEABbZeUvyPmuraYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNTA1MDIxMzQ5MDVaFw0yNjA1MDExMzU0MDVaMDMxMTAvBgNV
BAMTKDk5QjBDM0YyODk2MjhEMTgwRDgxMTA5QzY2OTREOEFDRjM2OTg2MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQiTGg3qD5OYwim4Bi5xSG/v1e
I+xgzBN35GaByKwao3o7ythsNwl2YzJdaAQkqK9jmqG2ezC/oGcN9u6Yv0AWEphy
8UUAiDCCgS5yk8KVU0NIQL7y63dvOU7YsIbW+j5cWY0CfqJhEwKA5PceDAuSl2If
aKXQfgUlPy/n1uVbUqCeyZS77W2uQ57a2oMrL0SaCglyYjDrbeJWurGnfh5DwybV
YotDSjBKn+962Ei431Vu7UWEbVy6iobVaEGKTRmHVX4IZlvQ6o5dkW9B5EeukZz3
WSK3RsmxlP/OH2vkfZWffi0xLnQDWm4YJLPnwYJkCl4i2wQ6x/dzf1eJSrBBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmbDD8olijRgNgRCcZpTYrPNphhcwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzgzNzJlMzEzMTM4MmUzNjM0
MmUzMDJmMzEzODJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBld2
QDANBgkqhkiG9w0BAQsFAAOCAQEANJsUrKqOB2vLqfHSIb5vL73Y+KY0nAdUzsUa
7KW72db/uRsSp5ElJN8tBrykIoa3JCrMmEV88ftSkcTwOfFFZ9TfDg9NJM80RC9t
6rO9QQIuh6miu7sqSZHyQopw5A3bhaJerZ1/qz4uPV+GUG+ZjADVkLDRYMLzWR/K
V1ZIMfyX/P72c//pp0uUtd3a51mDgc2D+hUDZFZZOZVqPxmpRYX4k3+/N4Kg+Amy
qxUDDySle0mvEbiELeCx1nbbnwFlHPWJrS3sV72+DeUgDMpHcHoqcIGrHn5BEN54
Z2E5OML2blPMQxyDJpUYIfCZ8006z9A+10JkTAaHC+zpfDwmSQ==
-----END CERTIFICATE-----