Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          LxTSy9eRK7M3qcNXyQFOoMYbm0QqWSO38gmPxHltBUU=
Subject key identifier:   7E:F1:F6:28:DF:0E:E0:6A:23:9C:49:C3:06:65:C5:F4:29:F9:A3:92
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4AE7A5746349BFA360403F1D4E76163ED933CF4E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 22 Aug 2025 14:47:15 +0000
ROA not before:           Fri 22 Aug 2025 14:42:15 +0000
ROA not after:            Fri 21 Aug 2026 14:47:15 +0000
asID:                     47583
IP address blocks:        185.211.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:e7:a5:74:63:49:bf:a3:60:40:3f:1d:4e:76:16:3e:d9:33:cf:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:15 2025 GMT
            Not After : Aug 21 14:47:15 2026 GMT
        Subject: CN=7EF1F628DF0EE06A239C49C30665C5F429F9A392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:41:08:b0:76:9d:00:83:f1:3c:f2:4a:aa:79:
                    02:05:34:b7:b7:6a:76:92:e8:95:11:78:cd:7b:03:
                    39:3a:ad:8f:10:bf:1d:be:44:ab:24:95:e1:0a:10:
                    c8:43:da:89:49:51:37:82:ea:81:23:50:03:c5:fc:
                    58:6a:19:55:c8:be:05:6f:14:f5:b5:82:21:99:f8:
                    d3:5e:75:c7:68:b7:05:fa:ad:3a:75:85:7a:5f:d4:
                    8a:f7:eb:0f:3b:e4:ae:67:3f:da:9a:30:a4:f6:0f:
                    14:40:e7:de:c2:d7:8e:a8:7d:bf:bc:83:4f:0e:f9:
                    15:c6:62:20:f8:5e:ec:ef:70:8a:9a:f0:84:d5:fd:
                    0d:8c:ea:96:79:05:01:21:0b:cc:d0:73:89:1c:70:
                    47:bc:fb:81:5e:26:9b:da:65:92:cc:20:a7:ef:a1:
                    ab:50:6d:a2:70:33:a9:13:03:ab:ec:6a:63:a7:bd:
                    06:37:a2:58:50:77:49:46:d3:90:b9:64:2a:6b:50:
                    ec:0d:e3:17:64:83:e4:75:c9:a2:be:ed:fc:4a:12:
                    f8:36:b2:99:b9:2b:4b:71:b7:5a:8a:73:04:d5:34:
                    b1:6b:76:a4:59:9e:f9:64:e1:a4:6b:e3:fb:ad:1b:
                    f7:43:6c:1b:bf:45:18:bf:e1:b2:89:fa:26:da:ed:
                    67:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F1:F6:28:DF:0E:E0:6A:23:9C:49:C3:06:65:C5:F4:29:F9:A3:92
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2f:e2:95:ea:70:e4:32:1e:c5:9f:9b:f1:10:51:02:5c:d2:
         71:4b:e7:36:c6:fe:cb:29:cc:d8:c1:88:48:74:4c:7c:15:b4:
         33:f8:c2:95:aa:32:9a:f5:70:2a:1b:b3:f2:e1:88:1f:03:58:
         85:e9:17:7e:9a:a5:4b:46:e0:74:2b:3d:65:59:06:61:fa:a4:
         2a:c0:d2:79:ad:03:44:8b:1a:0f:9b:c6:f8:1a:2f:b3:a7:02:
         d7:2c:82:6d:cf:18:55:5f:c2:dd:bf:d6:2e:dc:88:90:70:df:
         14:d9:52:fe:92:ea:a7:03:5c:4d:41:2f:71:9d:1e:aa:54:f1:
         0d:09:ec:3b:88:0e:59:d4:26:9f:74:94:fd:1b:2f:c9:0c:2c:
         ea:8e:b0:d7:bb:7d:69:ce:ca:06:fb:4f:16:2a:96:79:e2:ae:
         a1:61:02:09:b2:12:a2:27:fb:fe:09:fd:5f:28:11:7d:94:df:
         0b:0d:42:b7:60:3a:07:69:29:ba:72:04:85:ea:4c:76:42:4b:
         35:e9:b7:9e:5b:e8:e3:4e:9a:39:00:1a:ef:4e:5b:7b:50:7b:
         df:0f:ff:76:22:5c:25:51:22:d8:50:82:df:0f:07:bd:66:90:
         92:b5:27:00:a5:a7:ac:8b:79:a9:15:6d:13:40:58:72:1b:e1:
         ae:b9:bb:af
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSueldGNJv6NgQD8dTnYWPtkzz04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMTVaFw0yNjA4MjExNDQ3MTVaMDMxMTAvBgNV
BAMTKDdFRjFGNjI4REYwRUUwNkEyMzlDNDlDMzA2NjVDNUY0MjlGOUEzOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtQQiwdp0Ag/E88kqqeQIFNLe3
anaS6JUReM17Azk6rY8Qvx2+RKskleEKEMhD2olJUTeC6oEjUAPF/FhqGVXIvgVv
FPW1giGZ+NNedcdotwX6rTp1hXpf1Ir36w875K5nP9qaMKT2DxRA597C146ofb+8
g08O+RXGYiD4XuzvcIqa8ITV/Q2M6pZ5BQEhC8zQc4kccEe8+4FeJpvaZZLMIKfv
oatQbaJwM6kTA6vsamOnvQY3olhQd0lG05C5ZCprUOwN4xdkg+R1yaK+7fxKEvg2
spm5K0txt1qKcwTVNLFrdqRZnvlk4aRr4/utG/dDbBu/RRi/4bKJ+iba7WdTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfvH2KN8O4GojnEnDBmXF9Cn5o5IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BzANBgkqhkiG9w0BAQsFAAOCAQEASS/ilepw5DIexZ+b8RBRAlzScUvnNsb+yynM
2MGISHRMfBW0M/jClaoymvVwKhuz8uGIHwNYhekXfpqlS0bgdCs9ZVkGYfqkKsDS
ea0DRIsaD5vG+Bovs6cC1yyCbc8YVV/C3b/WLtyIkHDfFNlS/pLqpwNcTUEvcZ0e
qlTxDQnsO4gOWdQmn3SU/RsvyQws6o6w17t9ac7KBvtPFiqWeeKuoWECCbISoif7
/gn9XygRfZTfCw1Ct2A6B2kpunIEhepMdkJLNem3nlvo406aOQAa705be1B73w//
diJcJVEi2FCC3w8HvWaQkrUnAKWnrIt5qRVtE0BYchvhrrm7rw==
-----END CERTIFICATE-----