Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Kdp0NAZtYv6M31FeV5a5XjnvnuLR6eKBnIGugssiifg=
Subject key identifier:   57:75:CE:85:76:F4:13:14:3D:3F:DC:5D:5A:86:1D:50:7A:E0:A9:1E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       095BF9B0AA946034D9DEAE67CB594279A6198913
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 22 Aug 2025 14:47:20 +0000
ROA not before:           Fri 22 Aug 2025 14:42:20 +0000
ROA not after:            Fri 21 Aug 2026 14:47:20 +0000
asID:                     47583
IP address blocks:        185.211.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:5b:f9:b0:aa:94:60:34:d9:de:ae:67:cb:59:42:79:a6:19:89:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:20 2025 GMT
            Not After : Aug 21 14:47:20 2026 GMT
        Subject: CN=5775CE8576F413143D3FDC5D5A861D507AE0A91E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e7:a4:83:b3:cc:16:78:fc:16:7d:0f:1b:52:
                    44:f0:c2:75:0b:26:bc:68:75:7c:c5:4f:fa:ce:f3:
                    44:b7:d6:a9:38:02:69:d9:86:ce:8e:31:5d:3b:97:
                    de:55:bb:b2:20:81:8f:20:04:b2:6c:e8:a1:3b:d9:
                    61:fd:3e:81:71:98:5b:e2:8a:da:21:81:8e:43:c4:
                    78:1a:f9:ca:0c:18:9e:b6:7a:35:a7:4f:51:d2:ed:
                    38:b6:b3:6f:19:f0:7f:15:65:b4:aa:a5:30:f7:6e:
                    76:90:08:69:0c:59:f6:4b:04:34:b5:36:d2:6a:1c:
                    85:4e:38:f3:5c:ab:1a:aa:56:7a:1c:a4:34:a1:b5:
                    0c:64:b4:53:e1:cf:73:0e:0d:da:ae:3e:9e:7c:a1:
                    c6:53:94:7e:73:62:81:df:f6:d3:43:de:15:8a:dc:
                    c9:cf:fe:5e:7d:e4:fb:50:11:8e:93:97:48:fa:85:
                    96:7f:79:2c:0a:e6:9f:da:ec:6e:25:cf:5a:59:0e:
                    9c:7b:94:cf:c9:2d:bb:f6:94:0e:fa:16:96:ad:19:
                    e4:86:97:01:19:67:8c:f0:53:ca:55:40:5d:05:ea:
                    16:31:eb:fa:87:29:67:02:a5:be:5b:cf:df:f3:3b:
                    8d:24:d3:c3:37:59:ff:e3:28:04:6d:ba:3e:79:90:
                    92:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:75:CE:85:76:F4:13:14:3D:3F:DC:5D:5A:86:1D:50:7A:E0:A9:1E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:bd:54:70:5a:28:c1:b2:64:c5:76:fc:8e:0a:88:88:86:a5:
         1f:e7:37:c9:23:fb:0a:b3:01:d2:34:60:f6:50:40:b7:68:6f:
         3a:1b:10:b2:75:63:e3:00:50:96:10:7a:49:0e:dd:d3:0f:fc:
         39:a7:45:c6:8b:3a:d1:fa:19:51:7a:58:1e:8d:23:97:24:9f:
         29:d7:44:00:cf:76:c4:67:1a:4e:d3:90:42:4e:2e:ad:52:43:
         b7:31:54:99:a4:ba:d4:ae:03:c6:e4:da:da:75:77:cb:53:2e:
         53:b6:33:24:1f:54:6b:7c:e7:f0:b6:42:44:36:91:d6:d7:b2:
         53:bb:37:3b:f5:bc:87:9c:15:ed:e9:7e:d1:96:2f:98:61:50:
         1f:86:78:1a:b0:97:30:bf:93:04:35:65:d5:2c:6e:be:1c:b8:
         f0:97:03:75:80:72:e0:8b:4f:e4:30:a7:a7:f6:bf:0f:f1:7a:
         85:13:03:45:09:02:9f:4d:ab:c2:b2:52:f8:f8:0d:69:bb:67:
         a4:92:92:a5:19:25:c3:15:f5:ce:24:47:ab:14:97:e2:7b:3a:
         21:46:aa:fb:af:01:14:e0:56:46:b5:31:ce:d8:e9:44:2c:10:
         e7:7d:c5:9b:7a:a4:c8:27:6a:ce:f1:96:ec:3e:fb:ef:14:a9:
         66:63:d9:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCVv5sKqUYDTZ3q5ny1lCeaYZiRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMjBaFw0yNjA4MjExNDQ3MjBaMDMxMTAvBgNV
BAMTKDU3NzVDRTg1NzZGNDEzMTQzRDNGREM1RDVBODYxRDUwN0FFMEE5MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH56SDs8wWePwWfQ8bUkTwwnUL
JrxodXzFT/rO80S31qk4AmnZhs6OMV07l95Vu7IggY8gBLJs6KE72WH9PoFxmFvi
itohgY5DxHga+coMGJ62ejWnT1HS7Ti2s28Z8H8VZbSqpTD3bnaQCGkMWfZLBDS1
NtJqHIVOOPNcqxqqVnocpDShtQxktFPhz3MODdquPp58ocZTlH5zYoHf9tND3hWK
3MnP/l595PtQEY6Tl0j6hZZ/eSwK5p/a7G4lz1pZDpx7lM/JLbv2lA76FpatGeSG
lwEZZ4zwU8pVQF0F6hYx6/qHKWcCpb5bz9/zO40k08M3Wf/jKARtuj55kJL9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV3XOhXb0ExQ9P9xdWoYdUHrgqR4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BDANBgkqhkiG9w0BAQsFAAOCAQEAL71UcFoowbJkxXb8jgqIiIalH+c3ySP7CrMB
0jRg9lBAt2hvOhsQsnVj4wBQlhB6SQ7d0w/8OadFxos60foZUXpYHo0jlySfKddE
AM92xGcaTtOQQk4urVJDtzFUmaS61K4DxuTa2nV3y1MuU7YzJB9Ua3zn8LZCRDaR
1teyU7s3O/W8h5wV7el+0ZYvmGFQH4Z4GrCXML+TBDVl1Sxuvhy48JcDdYBy4ItP
5DCnp/a/D/F6hRMDRQkCn02rwrJS+PgNabtnpJKSpRklwxX1ziRHqxSX4ns6IUaq
+68BFOBWRrUxztjpRCwQ533Fm3qkyCdqzvGW7D777xSpZmPZag==
-----END CERTIFICATE-----