Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e203432383938.roa
File:                     3138352e3230392e3232302e302f32342d3234203d3e203432383938.roa (raw, json)
Hash identifier:          OlDTC6wWYGJGSi6zWhkj8G6zHmVB+iowbuUxTCK7aho=
Subject key identifier:   C2:47:BF:C9:F3:98:BE:2B:B8:26:A5:E6:93:8B:63:70:1E:F3:E3:EC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       626F0470FE755C96F0BA64F8C331C8E0AA095165
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e203432383938.roa
Signing time:             Fri 22 Aug 2025 14:47:15 +0000
ROA not before:           Fri 22 Aug 2025 14:42:15 +0000
ROA not after:            Fri 21 Aug 2026 14:47:15 +0000
asID:                     42898
IP address blocks:        185.209.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:6f:04:70:fe:75:5c:96:f0:ba:64:f8:c3:31:c8:e0:aa:09:51:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:15 2025 GMT
            Not After : Aug 21 14:47:15 2026 GMT
        Subject: CN=C247BFC9F398BE2BB826A5E6938B63701EF3E3EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a8:23:51:35:da:23:d0:cf:7e:c7:ff:12:c0:
                    0b:12:60:6d:43:39:44:84:2a:e0:33:c5:a9:b1:e3:
                    cf:8c:ed:ee:57:fb:1f:44:7b:9f:f8:42:b1:ec:fa:
                    cb:fe:fa:a4:45:a1:60:06:39:3c:5e:ed:08:49:0a:
                    21:84:48:33:7b:d7:80:a8:50:db:9a:e6:66:af:76:
                    93:63:1c:d3:7e:b3:66:38:7c:8b:cf:ee:c7:d8:62:
                    d1:8e:ee:8b:4e:59:73:c8:62:16:3a:b5:7d:82:c3:
                    1b:22:ae:18:a9:e2:6d:cc:a2:74:86:ab:93:1c:63:
                    67:55:e0:5c:c0:ce:d2:37:f3:f9:04:b8:a1:b6:d2:
                    a5:0d:74:ff:3d:66:19:fb:6a:eb:e1:14:49:fb:eb:
                    94:d8:e9:7f:f7:ee:b6:f3:ee:22:dd:ec:f2:7a:71:
                    5d:5c:db:97:31:1e:0d:d0:92:4c:84:6c:d1:e2:5f:
                    aa:fa:71:91:7e:68:33:8f:d8:32:ca:fd:56:ab:1f:
                    a0:98:f8:ea:de:a8:29:75:1b:dd:70:d5:00:39:02:
                    df:c1:e1:d4:dd:cc:89:86:77:16:4c:fa:84:8b:b3:
                    4f:e9:c6:23:b5:42:9f:77:2c:1e:26:7b:2c:7a:98:
                    3c:db:43:e2:04:d7:7b:ba:df:d7:5e:c0:3c:1c:bd:
                    c6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:47:BF:C9:F3:98:BE:2B:B8:26:A5:E6:93:8B:63:70:1E:F3:E3:EC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e203432383938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:eb:94:f7:e8:f6:4a:ee:a4:a7:40:4c:88:02:50:3b:77:38:
         a5:23:a9:9f:20:e6:c7:e0:f3:7c:68:a1:a2:bd:48:36:87:8c:
         14:fb:65:54:fc:d4:98:49:ca:c5:f0:5f:18:4c:af:6c:cd:83:
         de:0b:b9:39:11:d0:5e:17:eb:42:83:bc:15:6f:6e:9f:8d:60:
         1c:05:5c:ef:6a:7c:92:d4:c6:3b:e1:38:c5:95:14:45:16:3c:
         c1:59:50:29:82:3b:c3:f1:99:eb:f4:c0:b8:75:49:9c:0f:86:
         c9:c1:8c:b1:5c:8e:95:4b:70:f5:72:eb:84:0b:67:56:66:e4:
         5e:a6:0f:33:59:26:df:12:de:58:6e:99:53:02:05:ef:1c:ca:
         e7:77:d1:cc:87:bb:d5:5c:6b:80:e0:c2:80:31:a0:9f:55:36:
         7d:e0:52:e4:cb:09:f9:62:2f:42:4a:35:8a:22:fa:4b:87:3b:
         8a:0e:b9:0b:88:42:8f:85:eb:3a:ab:ec:a2:3c:bb:19:8a:2d:
         52:98:95:b5:6d:7f:96:80:ba:cc:b3:2d:aa:f6:36:03:1b:e4:
         e1:0e:2f:ff:ac:a1:b4:e8:6a:27:4f:00:77:c7:29:e7:f9:c9:
         70:21:f2:12:e6:83:a9:5e:f4:31:c5:3c:b6:4e:45:c3:a4:fe:
         11:7a:51:b7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUYm8EcP51XJbwumT4wzHI4KoJUWUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMTVaFw0yNjA4MjExNDQ3MTVaMDMxMTAvBgNV
BAMTKEMyNDdCRkM5RjM5OEJFMkJCODI2QTVFNjkzOEI2MzcwMUVGM0UzRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClqCNRNdoj0M9+x/8SwAsSYG1D
OUSEKuAzxamx48+M7e5X+x9Ee5/4QrHs+sv++qRFoWAGOTxe7QhJCiGESDN714Co
UNua5mavdpNjHNN+s2Y4fIvP7sfYYtGO7otOWXPIYhY6tX2Cwxsirhip4m3MonSG
q5McY2dV4FzAztI38/kEuKG20qUNdP89Zhn7auvhFEn765TY6X/37rbz7iLd7PJ6
cV1c25cxHg3QkkyEbNHiX6r6cZF+aDOP2DLK/VarH6CY+OreqCl1G91w1QA5At/B
4dTdzImGdxZM+oSLs0/pxiO1Qp93LB4meyx6mDzbQ+IE13u639dewDwcvcahAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUwke/yfOYviu4JqXmk4tjcB7z4+wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzkyZTMy
MzIzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzODM5Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC50dwwDQYJKoZIhvcNAQELBQADggEBACTrlPfo9krupKdATIgCUDt3OKUjqZ8g
5sfg83xooaK9SDaHjBT7ZVT81JhJysXwXxhMr2zNg94LuTkR0F4X60KDvBVvbp+N
YBwFXO9qfJLUxjvhOMWVFEUWPMFZUCmCO8Pxmev0wLh1SZwPhsnBjLFcjpVLcPVy
64QLZ1Zm5F6mDzNZJt8S3lhumVMCBe8cyud30cyHu9Vca4DgwoAxoJ9VNn3gUuTL
CfliL0JKNYoi+kuHO4oOuQuIQo+F6zqr7KI8uxmKLVKYlbVtf5aAusyzLar2NgMb
5OEOL/+sobToaidPAHfHKef5yXAh8hLmg6le9DHFPLZORcOk/hF6Ubc=
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:56:50 2025 by rpki-client