Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/3138352e302e322e302f32342d3234203d3e20323032303736.roa
File:                     3138352e302e322e302f32342d3234203d3e20323032303736.roa (raw, json)
Hash identifier:          L50rf6xo5gvfQ5YmgAqRN+Dyy0oJvjmP5yfRq/ds1Ok=
Subject key identifier:   C2:7C:C1:C0:23:72:61:E1:AA:CD:93:F6:3F:0F:BF:48:EC:2B:71:73
Certificate issuer:       /CN=635199cdc46cb6919367127d69c22339e990ffda
Certificate serial:       22E56329463619BB15B41F10BC4199455EB95F05
Authority key identifier: 63:51:99:CD:C4:6C:B6:91:93:67:12:7D:69:C2:23:39:E9:90:FF:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y1GZzcRstpGTZxJ9acIjOemQ_9o.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/3138352e302e322e302f32342d3234203d3e20323032303736.roa
Signing time:             Mon 13 Nov 2023 21:10:19 +0000
ROA not before:           Mon 13 Nov 2023 21:05:19 +0000
ROA not after:            Mon 11 Nov 2024 21:10:19 +0000
asID:                     202076
IP address blocks:        185.0.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/635199CDC46CB6919367127D69C22339E990FFDA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/635199CDC46CB6919367127D69C22339E990FFDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y1GZzcRstpGTZxJ9acIjOemQ_9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:e5:63:29:46:36:19:bb:15:b4:1f:10:bc:41:99:45:5e:b9:5f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635199cdc46cb6919367127d69c22339e990ffda
        Validity
            Not Before: Nov 13 21:05:19 2023 GMT
            Not After : Nov 11 21:10:19 2024 GMT
        Subject: CN=C27CC1C0237261E1AACD93F63F0FBF48EC2B7173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c9:3b:27:a7:08:0a:71:17:5f:94:68:be:3b:
                    29:5d:07:f7:6e:c1:e0:1c:b4:ac:94:61:6c:d7:a6:
                    6e:65:8e:56:18:30:a1:8d:96:90:71:f0:a5:bf:a5:
                    f4:3f:7c:4f:30:91:2e:20:94:2f:10:a3:8d:fe:47:
                    e8:1c:49:c9:88:5a:13:98:60:69:fa:1f:1b:bc:9b:
                    c2:72:f4:c0:c6:a8:5d:78:df:22:c9:9d:c3:07:48:
                    27:ee:12:e7:6b:26:aa:3f:09:66:e2:91:33:cc:2c:
                    24:12:c1:ae:40:38:5b:52:bc:6e:65:6d:7b:f5:c3:
                    17:40:6b:b0:2b:b7:6b:8d:c3:4d:65:99:23:0f:9b:
                    ee:b0:39:8c:14:b4:77:d6:1d:b9:db:74:a5:9f:f1:
                    cf:a4:f0:4c:b2:79:49:6c:67:d5:b4:8f:2c:86:4d:
                    ed:49:14:49:2c:83:7d:4b:b1:5e:69:be:d8:27:f6:
                    bd:45:56:5e:8b:7a:44:2a:2b:ec:5e:fe:1f:77:2a:
                    42:4d:cf:46:a0:15:bb:96:74:49:61:b7:1c:de:24:
                    a6:ec:95:18:62:dd:d3:8f:ce:87:bc:93:17:23:38:
                    db:30:1d:31:4d:36:cd:80:8c:2a:ea:44:d2:6a:2c:
                    5b:07:1a:5b:64:49:f5:b5:25:a5:ee:9c:b2:7f:64:
                    9e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7C:C1:C0:23:72:61:E1:AA:CD:93:F6:3F:0F:BF:48:EC:2B:71:73
            X509v3 Authority Key Identifier:
                keyid:63:51:99:CD:C4:6C:B6:91:93:67:12:7D:69:C2:23:39:E9:90:FF:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/635199CDC46CB6919367127D69C22339E990FFDA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y1GZzcRstpGTZxJ9acIjOemQ_9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/17/3138352e302e322e302f32342d3234203d3e20323032303736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:ed:f7:7e:59:1e:d3:f2:4d:29:69:92:fc:04:bc:bc:b7:43:
         1c:73:97:1c:5b:8b:ed:24:27:39:6a:64:a0:02:59:c8:40:aa:
         d5:cd:1c:74:7d:e5:1f:9c:fd:04:ed:8a:89:3a:92:ad:ef:cf:
         e6:e7:cc:a1:23:5e:3a:56:c9:9c:50:2d:62:81:9d:08:2e:b3:
         3f:17:b5:0a:97:5d:39:45:62:55:68:b1:72:ab:3f:31:46:19:
         f8:c2:cc:fb:e0:80:d7:cc:64:d7:24:53:cd:86:de:dc:63:72:
         37:0d:9f:79:8e:88:b8:6f:9f:5a:a3:cf:61:8a:39:5e:a7:99:
         5c:5c:2e:7d:f7:eb:90:ac:74:27:2f:4e:91:7b:13:90:54:9f:
         6f:ac:79:ac:82:f3:b0:92:81:d2:a5:9d:e7:00:1b:cf:ea:d1:
         fa:ae:28:12:9a:ec:a0:88:49:c0:87:22:40:55:9a:93:5a:bf:
         c3:9a:1d:f4:98:e2:80:8a:c4:68:7c:5d:dd:91:44:ed:82:61:
         10:6f:8f:32:f6:5f:93:30:b6:78:54:26:74:ef:9e:d4:6c:89:
         88:4c:dd:fa:55:44:61:17:87:6d:5a:1c:33:72:e3:d6:c2:21:
         43:67:6f:f6:86:24:cd:4a:8d:00:77:fe:05:9b:92:5b:65:f7:
         01:60:35:50
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUIuVjKUY2GbsVtB8QvEGZRV65XwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjM1MTk5Y2RjNDZjYjY5MTkzNjcxMjdkNjljMjIzMzll
OTkwZmZkYTAeFw0yMzExMTMyMTA1MTlaFw0yNDExMTEyMTEwMTlaMDMxMTAvBgNV
BAMTKEMyN0NDMUMwMjM3MjYxRTFBQUNEOTNGNjNGMEZCRjQ4RUMyQjcxNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9yTsnpwgKcRdflGi+OyldB/du
weActKyUYWzXpm5ljlYYMKGNlpBx8KW/pfQ/fE8wkS4glC8Qo43+R+gcScmIWhOY
YGn6Hxu8m8Jy9MDGqF143yLJncMHSCfuEudrJqo/CWbikTPMLCQSwa5AOFtSvG5l
bXv1wxdAa7Art2uNw01lmSMPm+6wOYwUtHfWHbnbdKWf8c+k8EyyeUlsZ9W0jyyG
Te1JFEksg31LsV5pvtgn9r1FVl6LekQqK+xe/h93KkJNz0agFbuWdElhtxzeJKbs
lRhi3dOPzoe8kxcjONswHTFNNs2AjCrqRNJqLFsHGltkSfW1JaXunLJ/ZJ6rAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUwnzBwCNyYeGqzZP2Pw+/SOwrcXMwHwYDVR0j
BBgwFoAUY1GZzcRstpGTZxJ9acIjOemQ/9owDgYDVR0PAQH/BAQDAgeAMIGXBgNV
HR8EgY8wgYwwgYmggYaggYOGgYByc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5LzdiNTc1ZWE3LTc4NmYtNGIyZC1hNDU1LTc5ZDdmYzQz
ZWNlZS8xNy82MzUxOTlDREM0NkNCNjkxOTM2NzEyN0Q2OUMyMjMzOUU5OTBGRkRB
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvWTFHWnpjUnN0cEdUWnhKOWFjSWpP
ZW1RXzlvLmNlcjCBqgYIKwYBBQUHAQsEgZ0wgZowgZcGCCsGAQUFBzALhoGKcnN5
bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS83YjU3NWVh
Ny03ODZmLTRiMmQtYTQ1NS03OWQ3ZmM0M2VjZWUvMTcvMzEzODM1MmUzMDJlMzIy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzIzMDM3MzYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5
AAIwDQYJKoZIhvcNAQELBQADggEBAKLt935ZHtPyTSlpkvwEvLy3Qxxzlxxbi+0k
JzlqZKACWchAqtXNHHR95R+c/QTtiok6kq3vz+bnzKEjXjpWyZxQLWKBnQgusz8X
tQqXXTlFYlVosXKrPzFGGfjCzPvggNfMZNckU82G3txjcjcNn3mOiLhvn1qjz2GK
OV6nmVxcLn3365CsdCcvTpF7E5BUn2+seayC87CSgdKlnecAG8/q0fquKBKa7KCI
ScCHIkBVmpNav8OaHfSY4oCKxGh8Xd2RRO2CYRBvjzL2X5MwtnhUJnTvntRsiYhM
3fpVRGEXh21aHDNy49bCIUNnb/aGJM1KjQB3/gWbkltl9wFgNVA=
-----END CERTIFICATE-----