Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38352e302f32342d3332203d3e2039303039.roa
File:                     3138352e3138332e38352e302f32342d3332203d3e2039303039.roa (raw, json)
Hash identifier:          qsqV9idOqSo0NXI7e3lvg72HQgQ7g63/xeBBsuGlG78=
Subject key identifier:   35:73:7A:CA:35:D6:54:8E:E3:D4:E9:5E:16:36:D2:F4:42:AA:BB:E7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5B2C4EF85FF5374FE2AC6D83EBE2B494922969AA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38352e302f32342d3332203d3e2039303039.roa
Signing time:             Mon 26 Feb 2024 08:53:06 +0000
ROA not before:           Mon 26 Feb 2024 08:48:06 +0000
ROA not after:            Mon 24 Feb 2025 08:53:06 +0000
asID:                     9009
IP address blocks:        185.183.85.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:2c:4e:f8:5f:f5:37:4f:e2:ac:6d:83:eb:e2:b4:94:92:29:69:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:06 2024 GMT
            Not After : Feb 24 08:53:06 2025 GMT
        Subject: CN=35737ACA35D6548EE3D4E95E1636D2F442AABBE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9c:22:61:51:97:56:cb:96:90:ba:9f:3f:18:
                    0d:65:b3:2f:94:0a:53:cf:6a:3f:95:db:04:49:5b:
                    d2:47:dd:6d:1f:a1:f9:72:ff:d1:64:40:74:c4:13:
                    af:81:d8:8f:c0:a5:02:8d:56:c8:d7:ef:60:2f:51:
                    95:76:fc:85:fd:d5:e5:03:c1:66:70:c0:7a:f5:f3:
                    24:d5:4a:f2:d5:d3:57:64:3c:0c:c4:16:d2:cb:23:
                    af:07:f6:ca:2c:43:af:2f:39:8c:8d:e7:61:84:57:
                    b8:4f:23:cf:71:dc:ce:5c:53:d7:27:aa:da:9d:ba:
                    b4:90:ae:65:0a:69:f3:d4:bb:e6:19:ef:f1:9d:d1:
                    43:f3:60:be:d7:a3:7e:02:15:0f:9d:ed:0f:51:4a:
                    b5:42:88:60:d8:47:60:cb:bf:c6:39:6f:12:ec:2a:
                    1f:18:26:0f:d4:e5:58:0e:7d:17:2a:05:66:5d:02:
                    8a:bf:3d:bb:4c:99:9e:f8:44:7b:7c:ca:c2:c7:8f:
                    ac:eb:24:cc:94:85:70:6d:c4:19:99:12:cb:ab:37:
                    06:cd:d0:6f:68:07:d3:d2:88:8d:49:bf:72:97:04:
                    df:f5:ad:db:23:88:b5:6b:d9:a1:9a:14:09:e9:d0:
                    87:8b:36:35:43:a2:a9:e6:84:4d:2a:5e:93:bc:f8:
                    a9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:73:7A:CA:35:D6:54:8E:E3:D4:E9:5E:16:36:D2:F4:42:AA:BB:E7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138332e38352e302f32342d3332203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:45:63:f9:25:38:a1:86:5e:01:eb:36:81:b3:68:d1:92:5c:
         dd:47:e5:41:09:e3:e8:e2:ef:19:2d:03:4d:b9:b5:56:b8:4a:
         60:d3:89:dd:47:13:00:6e:2e:da:d8:35:d3:83:6b:2c:c9:98:
         7b:e5:6f:70:04:ae:e8:90:4b:ae:aa:53:da:d5:5d:53:03:83:
         9d:ad:98:37:e2:02:8e:49:74:cd:e8:f7:ad:19:52:2a:32:04:
         f6:1c:e9:90:7a:60:63:ea:ac:26:08:7d:fb:dd:dd:3a:b6:4a:
         46:c3:83:c0:ba:d8:cb:6b:8e:50:72:e3:b5:b4:87:d4:f6:97:
         69:37:b7:b5:79:f3:12:e6:f6:4a:33:6c:3e:69:73:18:71:2d:
         dd:08:56:f6:05:21:0e:1e:18:e7:7e:2e:21:58:90:ab:67:41:
         4f:77:6c:2d:0c:f0:9d:f5:c1:53:15:f5:cc:b7:8f:7f:ad:96:
         aa:5a:ca:df:4e:b7:66:f8:a7:24:24:80:ef:3a:1f:ac:a4:06:
         b8:e7:bc:58:ba:9c:eb:21:88:78:fc:0e:eb:7b:c9:e0:62:0a:
         fc:d2:fb:1d:76:a5:07:c9:bd:6c:6b:84:c5:15:3c:7c:1c:2c:
         32:b1:5c:ce:63:4f:0c:54:5b:f9:46:0e:c9:9d:5d:98:34:ea:
         a8:0a:e5:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWyxO+F/1N0/irG2D6+K0lJIpaaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDZaFw0yNTAyMjQwODUzMDZaMDMxMTAvBgNV
BAMTKDM1NzM3QUNBMzVENjU0OEVFM0Q0RTk1RTE2MzZEMkY0NDJBQUJCRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8nCJhUZdWy5aQup8/GA1lsy+U
ClPPaj+V2wRJW9JH3W0fofly/9FkQHTEE6+B2I/ApQKNVsjX72AvUZV2/IX91eUD
wWZwwHr18yTVSvLV01dkPAzEFtLLI68H9sosQ68vOYyN52GEV7hPI89x3M5cU9cn
qtqdurSQrmUKafPUu+YZ7/Gd0UPzYL7Xo34CFQ+d7Q9RSrVCiGDYR2DLv8Y5bxLs
Kh8YJg/U5VgOfRcqBWZdAoq/PbtMmZ74RHt8ysLHj6zrJMyUhXBtxBmZEsurNwbN
0G9oB9PSiI1Jv3KXBN/1rdsjiLVr2aGaFAnp0IeLNjVDoqnmhE0qXpO8+KkhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNXN6yjXWVI7j1OleFjbS9EKqu+cwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzMyZTM4
MzUyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm3
VTANBgkqhkiG9w0BAQsFAAOCAQEABEVj+SU4oYZeAes2gbNo0ZJc3UflQQnj6OLv
GS0DTbm1VrhKYNOJ3UcTAG4u2tg104NrLMmYe+VvcASu6JBLrqpT2tVdUwODna2Y
N+ICjkl0zej3rRlSKjIE9hzpkHpgY+qsJgh9+93dOrZKRsODwLrYy2uOUHLjtbSH
1PaXaTe3tXnzEub2SjNsPmlzGHEt3QhW9gUhDh4Y534uIViQq2dBT3dsLQzwnfXB
UxX1zLePf62WqlrK3063ZvinJCSA7zofrKQGuOe8WLqc6yGIePwO63vJ4GIK/NL7
HXalB8m9bGuExRU8fBwsMrFczmNPDFRb+UYOyZ1dmDTqqArl5g==
-----END CERTIFICATE-----