Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa
File:                     3138352e3138372e3233322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ZzfNqLkrpu7MVp5t5+Z5nO5IkhtQRlUoUDyfOvyyEe4=
Subject key identifier:   33:9B:CA:93:27:01:F4:1D:C1:85:09:C2:AB:92:24:74:A6:7B:36:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       71F0A796E86B6A2844567F878C00AA67E8309FFC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa
Signing time:             Fri 09 Feb 2024 20:52:56 +0000
ROA not before:           Fri 09 Feb 2024 20:47:56 +0000
ROA not after:            Fri 07 Feb 2025 20:52:56 +0000
asID:                     834
IP address blocks:        185.187.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f0:a7:96:e8:6b:6a:28:44:56:7f:87:8c:00:aa:67:e8:30:9f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb  9 20:47:56 2024 GMT
            Not After : Feb  7 20:52:56 2025 GMT
        Subject: CN=339BCA932701F41DC18509C2AB922474A67B36BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fe:b5:5e:6f:83:8c:a2:95:a0:3d:82:2d:9b:
                    f5:f0:2b:20:ea:1b:22:ad:96:0a:8d:d6:67:9f:c9:
                    84:1c:57:1e:a0:4e:19:06:40:36:7e:72:fb:21:35:
                    82:93:e6:86:ed:c9:24:0b:91:ce:95:f5:b4:9b:c5:
                    16:ca:c9:c1:7b:2d:fb:2e:6f:5e:08:23:c2:7c:de:
                    a4:db:a8:7f:30:28:0d:c3:de:df:d7:c9:4d:a2:5a:
                    ae:d6:ad:c4:05:a5:d0:be:80:1b:ed:c0:9b:1c:55:
                    29:4c:d9:a2:81:7b:42:40:36:76:4f:b3:fe:29:a7:
                    28:e0:04:21:68:37:55:33:0d:63:ad:e8:2a:ce:14:
                    62:aa:8f:37:30:8a:82:6d:6a:53:cd:84:e4:69:12:
                    da:18:f0:58:9f:dd:c5:54:ad:8a:20:f8:2a:bb:1b:
                    af:fe:2b:8c:20:a6:eb:b2:a3:c9:f3:1e:25:59:ff:
                    17:ce:f0:5a:d3:ae:c3:5b:2a:3a:ac:97:10:9f:8e:
                    62:92:fb:68:63:eb:9b:c1:dd:d7:ae:8a:65:19:b8:
                    9f:a3:8e:a7:5d:a2:3f:22:79:0b:85:8e:6d:4f:a9:
                    d4:17:22:e6:bb:8b:a7:7e:19:86:b1:18:cb:82:4d:
                    4e:f4:d0:a1:bc:6e:24:28:8f:e6:7a:ad:41:3e:0d:
                    a3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9B:CA:93:27:01:F4:1D:C1:85:09:C2:AB:92:24:74:A6:7B:36:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3138372e3233322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:47:3c:70:45:73:b6:cd:02:1e:6a:59:02:0c:c1:cf:07:41:
         00:2f:76:f9:19:38:c1:89:bd:53:66:13:d5:0d:8e:91:97:29:
         97:98:95:86:cb:b3:64:c4:1e:f2:20:e6:e1:47:eb:37:cb:87:
         fb:ba:a8:1d:96:b8:49:0d:dd:69:f9:93:61:75:94:86:6d:59:
         f4:ec:40:c2:b4:d0:d3:70:90:81:25:b1:54:84:d5:c5:49:8e:
         e4:fb:9c:60:38:7e:48:50:02:e6:93:6d:32:60:88:69:91:79:
         0b:13:97:0e:38:38:f7:6a:f3:88:92:aa:dc:ed:b1:77:23:f9:
         6d:a9:7e:8d:1e:aa:da:c8:24:4d:df:67:f7:fb:66:ca:26:80:
         94:c0:7a:74:26:fb:21:0e:e7:48:11:74:43:86:44:51:d6:ed:
         38:e0:4a:cf:09:35:1d:ff:0b:6a:eb:dc:e6:26:25:9f:a6:44:
         cd:2d:0b:03:52:1f:82:0f:da:ad:28:67:6f:8a:f8:28:18:81:
         d5:ce:d9:fe:4f:b3:75:b6:bf:0a:03:82:c8:a1:4e:47:1a:73:
         57:02:48:c5:9e:d7:7b:14:a6:23:d2:d2:6b:3f:e0:96:3d:72:
         2a:1d:cf:b3:4c:3c:73:f0:47:da:5f:33:32:ee:4c:e4:44:4f:
         3c:da:fe:8e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcfCnluhraihEVn+HjACqZ+gwn/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMDkyMDQ3NTZaFw0yNTAyMDcyMDUyNTZaMDMxMTAvBgNV
BAMTKDMzOUJDQTkzMjcwMUY0MURDMTg1MDlDMkFCOTIyNDc0QTY3QjM2QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr/rVeb4OMopWgPYItm/XwKyDq
GyKtlgqN1mefyYQcVx6gThkGQDZ+cvshNYKT5obtySQLkc6V9bSbxRbKycF7Lfsu
b14II8J83qTbqH8wKA3D3t/XyU2iWq7WrcQFpdC+gBvtwJscVSlM2aKBe0JANnZP
s/4ppyjgBCFoN1UzDWOt6CrOFGKqjzcwioJtalPNhORpEtoY8Fif3cVUrYog+Cq7
G6/+K4wgpuuyo8nzHiVZ/xfO8FrTrsNbKjqslxCfjmKS+2hj65vB3deuimUZuJ+j
jqddoj8ieQuFjm1PqdQXIua7i6d+GYaxGMuCTU700KG8biQoj+Z6rUE+DaNnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUM5vKkycB9B3BhQnCq5IkdKZ7NrswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM4MzcyZTMy
MzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm7
6DANBgkqhkiG9w0BAQsFAAOCAQEAlkc8cEVzts0CHmpZAgzBzwdBAC92+Rk4wYm9
U2YT1Q2OkZcpl5iVhsuzZMQe8iDm4UfrN8uH+7qoHZa4SQ3dafmTYXWUhm1Z9OxA
wrTQ03CQgSWxVITVxUmO5PucYDh+SFAC5pNtMmCIaZF5CxOXDjg492rziJKq3O2x
dyP5bal+jR6q2sgkTd9n9/tmyiaAlMB6dCb7IQ7nSBF0Q4ZEUdbtOOBKzwk1Hf8L
auvc5iYln6ZEzS0LA1Ifgg/arShnb4r4KBiB1c7Z/k+zdba/CgOCyKFORxpzVwJI
xZ7XexSmI9LSaz/glj1yKh3Ps0w8c/BH2l8zMu5M5ERPPNr+jg==
-----END CERTIFICATE-----