Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa
File:                     3138352e3138322e382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ORC4vUjmr3/LUrgglnGIWbMhGW20hG6AILp8pzMInCU=
Subject key identifier:   DA:2B:5C:31:B8:FD:77:C8:2F:38:50:35:63:C8:E5:48:5B:A4:A5:34
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       026C2214FF880ADEFAC8951AA62D40851FCA07C9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa
Signing time:             Fri 20 Oct 2023 13:41:51 +0000
ROA not before:           Fri 20 Oct 2023 13:36:51 +0000
ROA not after:            Fri 18 Oct 2024 13:41:51 +0000
asID:                     51167
IP address blocks:        185.182.8.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:6c:22:14:ff:88:0a:de:fa:c8:95:1a:a6:2d:40:85:1f:ca:07:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:51 2023 GMT
            Not After : Oct 18 13:41:51 2024 GMT
        Subject: CN=DA2B5C31B8FD77C82F38503563C8E5485BA4A534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9c:a3:23:0b:93:3d:e5:9a:c1:38:0f:39:ba:
                    a2:b9:a5:c6:ed:33:45:a3:23:a6:cf:c6:a8:00:c6:
                    df:7d:19:58:bb:16:dd:6d:71:e1:7b:ba:73:19:f9:
                    cd:59:b8:e5:c8:e5:f7:1f:d1:64:9d:a7:aa:b1:e9:
                    e0:8d:1b:38:5f:48:e8:ca:88:b7:ac:8f:df:0f:0a:
                    c2:c7:3a:6b:0d:3a:ee:bf:17:d2:9d:6a:34:35:cb:
                    0f:ff:27:0b:6e:3f:06:06:64:85:e1:11:22:65:08:
                    a2:3f:ff:a2:f1:06:96:0f:4b:b4:40:4d:74:4f:58:
                    7c:dc:8e:aa:0b:dc:2d:0b:07:63:fb:e2:a3:c1:65:
                    a4:bc:33:cb:d3:4e:75:f2:24:ec:82:c1:62:e8:b5:
                    74:55:82:57:b2:f7:29:ea:a1:fe:4b:c5:95:f2:c9:
                    ba:a5:bc:59:74:78:6e:89:e9:5c:5b:8a:e2:46:8f:
                    0f:61:16:cb:a0:3c:16:c1:2d:90:72:e2:8f:f3:61:
                    a1:33:22:83:01:20:75:93:3c:e6:d3:7a:ac:30:25:
                    b9:8e:47:bb:39:e2:e9:ac:13:f7:19:25:e4:58:78:
                    79:ba:a5:66:a5:e5:8c:1c:67:d9:15:38:51:d0:2f:
                    df:11:c7:63:fe:1c:98:10:c4:dd:ea:9f:0b:f2:c6:
                    bb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2B:5C:31:B8:FD:77:C8:2F:38:50:35:63:C8:E5:48:5B:A4:A5:34
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138322e382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:b9:4c:f4:80:9d:d2:e2:b9:51:42:a4:fd:79:2d:55:10:f2:
         80:65:3e:44:93:d0:4e:bb:63:45:ae:4b:e7:8e:a5:a8:bb:30:
         ff:81:55:2d:d7:dc:06:b2:ed:e4:d1:b3:38:7c:18:46:8a:2e:
         e0:82:4e:3b:56:b0:77:70:bd:58:d2:c5:49:d6:ad:5d:a0:df:
         c5:52:72:73:11:78:4a:c8:85:30:e8:81:d9:8a:8f:f7:d8:9d:
         6b:23:d3:87:f2:52:9d:d2:f2:9a:a5:aa:c8:09:af:fb:00:87:
         68:3f:9c:76:4c:20:32:4b:c1:d5:a4:31:9a:16:68:6a:c8:ea:
         4a:96:af:f8:f9:5e:cd:74:83:55:34:bc:7d:a2:a3:62:13:fa:
         65:59:f0:1e:c4:a1:76:d0:f1:c3:f2:90:54:bd:a0:ee:ba:30:
         71:d1:0f:0c:76:0e:64:fd:6e:91:ca:24:e6:92:40:f2:84:96:
         47:bf:6a:de:4e:af:83:93:24:08:34:7b:f7:23:e2:b8:7c:b1:
         d3:15:ee:33:a7:f9:69:7c:77:61:43:3c:5b:83:71:65:67:6e:
         00:1b:06:9b:a1:d8:af:4d:ba:4c:e5:f3:ae:5d:a0:95:b6:85:
         9f:f3:a1:47:04:3b:6d:eb:93:d4:a0:10:e4:2c:95:99:dc:ba:
         71:8a:87:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAmwiFP+ICt76yJUapi1AhR/KB8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTFaFw0yNDEwMTgxMzQxNTFaMDMxMTAvBgNV
BAMTKERBMkI1QzMxQjhGRDc3QzgyRjM4NTAzNTYzQzhFNTQ4NUJBNEE1MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7nKMjC5M95ZrBOA85uqK5pcbt
M0WjI6bPxqgAxt99GVi7Ft1tceF7unMZ+c1ZuOXI5fcf0WSdp6qx6eCNGzhfSOjK
iLesj98PCsLHOmsNOu6/F9KdajQ1yw//JwtuPwYGZIXhESJlCKI//6LxBpYPS7RA
TXRPWHzcjqoL3C0LB2P74qPBZaS8M8vTTnXyJOyCwWLotXRVgley9ynqof5LxZXy
ybqlvFl0eG6J6VxbiuJGjw9hFsugPBbBLZBy4o/zYaEzIoMBIHWTPObTeqwwJbmO
R7s54umsE/cZJeRYeHm6pWal5YwcZ9kVOFHQL98Rx2P+HJgQxN3qnwvyxrtzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2itcMbj9d8gvOFA1Y8jlSFukpTQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzIyZTM4
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbm2
CDANBgkqhkiG9w0BAQsFAAOCAQEAH7lM9ICd0uK5UUKk/XktVRDygGU+RJPQTrtj
Ra5L546lqLsw/4FVLdfcBrLt5NGzOHwYRoou4IJOO1awd3C9WNLFSdatXaDfxVJy
cxF4SsiFMOiB2YqP99idayPTh/JSndLymqWqyAmv+wCHaD+cdkwgMkvB1aQxmhZo
asjqSpav+PlezXSDVTS8faKjYhP6ZVnwHsShdtDxw/KQVL2g7rowcdEPDHYOZP1u
kcok5pJA8oSWR79q3k6vg5MkCDR79yPiuHyx0xXuM6f5aXx3YUM8W4NxZWduABsG
m6HYr026TOXzrl2glbaFn/OhRwQ7beuT1KAQ5CyVmdy6cYqHRw==
-----END CERTIFICATE-----