Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e352e302f32342d3332203d3e203531313637.roa
File:                     3138352e3231312e352e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          oQTX15ujEQ49GVWy13DrCM42AIdzJAKlrvQ2IbzV0eE=
Subject key identifier:   45:92:5E:9F:B0:A5:55:45:E6:57:AB:98:9A:51:2B:34:33:CA:8D:1D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       24EA3A50B1EFF1EA70E014CFFA1566ED585BDC0C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e352e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 22 Aug 2025 14:47:12 +0000
ROA not before:           Fri 22 Aug 2025 14:42:12 +0000
ROA not after:            Fri 21 Aug 2026 14:47:12 +0000
asID:                     51167
IP address blocks:        185.211.5.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ea:3a:50:b1:ef:f1:ea:70:e0:14:cf:fa:15:66:ed:58:5b:dc:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:12 2025 GMT
            Not After : Aug 21 14:47:12 2026 GMT
        Subject: CN=45925E9FB0A55545E657AB989A512B3433CA8D1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f6:4f:ff:81:31:7b:cd:30:c4:b4:1d:0b:51:
                    7a:86:9f:b6:e1:a0:62:5d:67:fb:8e:b9:51:97:87:
                    eb:8a:17:b9:c7:25:7b:87:bd:a6:0a:8c:4b:a4:d5:
                    18:81:c2:9c:5e:53:87:a8:3d:da:e3:64:60:e7:ab:
                    ef:8e:99:65:ec:19:52:95:01:1d:44:5f:ee:b4:03:
                    52:db:72:60:85:d7:bd:e9:2c:1a:83:28:41:46:a5:
                    f0:2b:f4:73:35:4d:0a:0f:64:e6:a4:2a:c4:4b:6b:
                    65:e7:9a:af:b9:18:ad:42:6e:70:cc:af:8b:4b:8a:
                    e4:7d:00:e3:a3:32:04:6b:61:df:b7:bf:af:24:27:
                    d4:c2:03:7c:b8:ed:0d:94:ed:f7:45:d8:ed:3e:4c:
                    e9:f3:a6:16:3d:dd:ea:fe:70:2a:df:9d:7b:1f:0d:
                    ff:e4:6c:14:d2:e4:07:8c:5e:f2:e5:4a:15:7f:e7:
                    8d:cc:81:69:dc:41:4b:b0:56:ba:a9:f3:a5:68:ba:
                    1d:3f:3b:b2:37:c1:49:9a:39:3c:5f:bd:03:47:ca:
                    f7:20:7e:92:98:b4:4d:62:af:ef:11:04:0b:96:4d:
                    46:df:3d:6f:23:ef:26:ed:e2:d4:b7:ec:3d:f3:d7:
                    07:16:c1:c6:a3:64:74:84:71:1d:30:47:ed:9a:54:
                    30:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:92:5E:9F:B0:A5:55:45:E6:57:AB:98:9A:51:2B:34:33:CA:8D:1D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e352e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:84:84:8b:af:65:5b:ec:8a:45:c8:f7:a3:8d:7c:3b:c8:31:
         85:52:75:af:5d:5a:99:39:77:21:4f:11:23:ac:38:1b:73:c0:
         da:e6:99:50:b5:46:91:e2:4f:ee:cc:29:95:12:e9:3a:a5:a5:
         02:d9:95:88:51:eb:5c:ad:34:71:96:4c:7c:96:9b:16:bd:4e:
         03:9f:02:dd:85:37:59:d2:f3:69:1c:3e:8c:7c:8b:76:92:86:
         dd:1e:bf:48:b5:2a:b3:de:8c:7e:1e:33:b7:6a:5b:a4:f2:0a:
         32:cf:ff:32:6b:b3:8b:2c:65:63:11:57:71:37:69:ff:52:f2:
         6d:2c:30:7f:66:bf:fe:f0:db:dc:97:6f:26:43:e1:81:37:cf:
         fb:b6:11:72:b4:77:1f:d8:11:38:aa:9a:49:ad:46:0e:4a:8d:
         68:dc:ec:92:67:f0:8c:62:d1:8f:aa:43:c1:6a:14:c0:56:3a:
         39:f8:a4:b0:5a:02:fe:7a:20:16:c8:7f:5b:3b:00:73:96:84:
         13:5d:cd:4a:ba:25:7d:f6:56:d9:4c:fe:bf:9c:f8:48:0f:d9:
         9a:5e:10:9f:57:a5:09:37:c8:e4:9a:25:46:4b:38:09:b3:72:
         14:c1:16:a9:1e:d6:60:75:87:e1:dd:bd:3c:66:2d:7d:75:3d:
         c6:a0:a6:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJOo6ULHv8epw4BTP+hVm7Vhb3AwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMTJaFw0yNjA4MjExNDQ3MTJaMDMxMTAvBgNV
BAMTKDQ1OTI1RTlGQjBBNTU1NDVFNjU3QUI5ODlBNTEyQjM0MzNDQThEMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe9k//gTF7zTDEtB0LUXqGn7bh
oGJdZ/uOuVGXh+uKF7nHJXuHvaYKjEuk1RiBwpxeU4eoPdrjZGDnq++OmWXsGVKV
AR1EX+60A1LbcmCF173pLBqDKEFGpfAr9HM1TQoPZOakKsRLa2Xnmq+5GK1CbnDM
r4tLiuR9AOOjMgRrYd+3v68kJ9TCA3y47Q2U7fdF2O0+TOnzphY93er+cCrfnXsf
Df/kbBTS5AeMXvLlShV/543MgWncQUuwVrqp86Vouh0/O7I3wUmaOTxfvQNHyvcg
fpKYtE1ir+8RBAuWTUbfPW8j7ybt4tS37D3z1wcWwcajZHSEcR0wR+2aVDBpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURZJen7ClVUXmV6uYmlErNDPKjR0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM1
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BTANBgkqhkiG9w0BAQsFAAOCAQEAVYSEi69lW+yKRcj3o418O8gxhVJ1r11amTl3
IU8RI6w4G3PA2uaZULVGkeJP7swplRLpOqWlAtmViFHrXK00cZZMfJabFr1OA58C
3YU3WdLzaRw+jHyLdpKG3R6/SLUqs96Mfh4zt2pbpPIKMs//MmuziyxlYxFXcTdp
/1LybSwwf2a//vDb3JdvJkPhgTfP+7YRcrR3H9gROKqaSa1GDkqNaNzskmfwjGLR
j6pDwWoUwFY6OfiksFoC/nogFsh/WzsAc5aEE13NSrolffZW2Uz+v5z4SA/Zml4Q
n1elCTfI5JolRks4CbNyFMEWqR7WYHWH4d29PGYtfXU9xqCmSQ==
-----END CERTIFICATE-----