Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136302e302f32332d3234203d3e20383334.roa
File:                     3138352e322e3136302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          kOTJCkNLJ9os2nHCj4/ZUoz3tjjnF9208iatrvW6teU=
Subject key identifier:   2E:FD:DC:96:25:F4:0D:5B:FF:5D:3F:07:03:71:EF:06:3E:B3:A1:79
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       7002B443057B62C89797143887828D961AA71A0F
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136302e302f32332d3234203d3e20383334.roa
Signing time:             Sun 31 Mar 2024 00:00:21 +0000
ROA not before:           Sat 30 Mar 2024 23:55:21 +0000
ROA not after:            Sun 30 Mar 2025 00:00:21 +0000
asID:                     834
IP address blocks:        185.2.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:02:b4:43:05:7b:62:c8:97:97:14:38:87:82:8d:96:1a:a7:1a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Mar 30 23:55:21 2024 GMT
            Not After : Mar 30 00:00:21 2025 GMT
        Subject: CN=2EFDDC9625F40D5BFF5D3F070371EF063EB3A179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:50:30:0e:0b:ad:25:71:f4:4e:b0:6d:73:55:
                    a4:59:26:c5:8e:ed:1a:f1:27:c9:cf:c6:c9:73:13:
                    54:4a:0a:cb:b0:36:7f:f4:9f:3c:98:a3:9b:f1:d3:
                    70:5e:a8:17:f1:ad:fd:fe:7f:c3:b8:92:cf:1d:0a:
                    dc:c1:d3:96:37:a9:ab:5f:f0:cb:b9:0d:f2:dd:d4:
                    4a:6b:f9:20:77:9e:b1:8c:c5:3d:c5:80:21:f8:44:
                    16:c6:d2:95:c6:77:01:77:43:08:03:76:ce:48:a8:
                    55:80:45:af:92:e5:f4:46:13:19:d6:7b:d5:ba:6a:
                    c4:f7:64:65:b5:b2:98:5d:6b:41:de:10:5e:65:dc:
                    4b:0a:65:23:27:5c:ee:05:40:86:28:e2:d0:a1:bd:
                    d6:91:7f:db:4a:c3:e0:24:90:c4:26:55:28:a3:cd:
                    16:08:1b:ee:d0:22:ad:42:68:6b:1f:d6:bc:34:ec:
                    a5:4b:97:f9:6a:02:e1:cf:10:9a:3f:0b:9d:59:a4:
                    90:6a:11:95:f7:88:38:28:2d:7c:e6:16:e5:01:ad:
                    3d:b3:cd:7a:80:c8:42:74:7b:26:c1:02:35:c6:19:
                    df:de:a1:ba:8a:cc:64:27:e4:86:02:f2:bf:86:e3:
                    e9:75:f1:51:b3:5b:e2:3a:73:f9:b5:8b:09:dd:4a:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:FD:DC:96:25:F4:0D:5B:FF:5D:3F:07:03:71:EF:06:3E:B3:A1:79
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:e9:e5:24:50:65:af:69:ba:55:a1:a2:68:02:f3:94:cd:c8:
         52:1c:ba:e6:f0:a7:ee:ea:32:9e:7d:22:a6:24:1e:d4:5c:95:
         bb:27:42:b0:7a:33:b5:f7:bb:f6:90:77:2f:15:93:52:7e:10:
         b9:00:6a:ae:2b:0d:9a:e4:0d:3d:87:33:cc:95:bf:42:1e:44:
         16:54:c8:9d:72:b8:ca:08:c8:af:12:ff:fb:84:dc:eb:18:8e:
         37:77:16:82:3d:2b:07:a2:1e:e1:20:5e:77:5d:1c:f4:be:d3:
         0b:59:86:5d:4c:67:82:8c:2e:72:1a:fd:d5:bf:f5:f7:49:b7:
         87:73:4f:53:77:5d:73:ce:34:c1:48:63:9b:06:bf:8f:6b:e6:
         69:bf:3b:33:5d:c5:c2:b7:21:01:10:e3:0a:eb:11:18:73:e8:
         8b:55:2a:50:d3:51:0c:ce:00:85:a0:48:cf:f6:70:a5:89:0d:
         83:f4:bc:fb:28:b9:4a:6d:02:04:8b:25:6e:34:23:79:bd:c8:
         82:7e:c3:ef:8f:84:d8:2a:0e:12:6c:65:77:73:19:d5:ab:9d:
         9c:21:39:e9:18:7f:4b:90:49:70:4c:d6:1c:c9:58:a8:63:4e:
         79:33:2b:55:4a:60:ab:d2:58:f8:e6:f7:d9:04:5f:fb:81:03:
         6c:78:03:71
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcAK0QwV7YsiXlxQ4h4KNlhqnGg8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDAzMzAyMzU1MjFaFw0yNTAzMzAwMDAwMjFaMDMxMTAvBgNV
BAMTKDJFRkREQzk2MjVGNDBENUJGRjVEM0YwNzAzNzFFRjA2M0VCM0ExNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVUDAOC60lcfROsG1zVaRZJsWO
7RrxJ8nPxslzE1RKCsuwNn/0nzyYo5vx03BeqBfxrf3+f8O4ks8dCtzB05Y3qatf
8Mu5DfLd1Epr+SB3nrGMxT3FgCH4RBbG0pXGdwF3QwgDds5IqFWARa+S5fRGExnW
e9W6asT3ZGW1sphda0HeEF5l3EsKZSMnXO4FQIYo4tChvdaRf9tKw+AkkMQmVSij
zRYIG+7QIq1CaGsf1rw07KVLl/lqAuHPEJo/C51ZpJBqEZX3iDgoLXzmFuUBrT2z
zXqAyEJ0eybBAjXGGd/eobqKzGQn5IYC8r+G4+l18VGzW+I6c/m1iwndSghXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQULv3cliX0DVv/XT8HA3HvBj6zoXkwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzODM1MmUzMjJlMzEzNjMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQKgMA0G
CSqGSIb3DQEBCwUAA4IBAQAR6eUkUGWvabpVoaJoAvOUzchSHLrm8Kfu6jKefSKm
JB7UXJW7J0KwejO197v2kHcvFZNSfhC5AGquKw2a5A09hzPMlb9CHkQWVMidcrjK
CMivEv/7hNzrGI43dxaCPSsHoh7hIF53XRz0vtMLWYZdTGeCjC5yGv3Vv/X3SbeH
c09Td11zzjTBSGObBr+Pa+ZpvzszXcXCtyEBEOMK6xEYc+iLVSpQ01EMzgCFoEjP
9nCliQ2D9Lz7KLlKbQIEiyVuNCN5vciCfsPvj4TYKg4SbGV3cxnVq52cITnpGH9L
kElwTNYcyVioY055MytVSmCr0lj45vfZBF/7gQNseANx
-----END CERTIFICATE-----