Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa
File:                     3138352e3231362e3230322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          pARRKh0GJ4229UW7APxDEAO7KqkwujuKkKhgQhmQ8m0=
Subject key identifier:   D5:2B:62:7A:F4:8E:F4:7F:31:90:D8:B7:FC:B9:19:81:B2:7D:94:99
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       07881408E91B9496246C5975B7F09EB3C4ABE1E3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa
Signing time:             Sun 03 Sep 2023 07:42:00 +0000
ROA not before:           Sun 03 Sep 2023 07:37:00 +0000
ROA not after:            Sun 01 Sep 2024 07:42:00 +0000
asID:                     834
IP address blocks:        185.216.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:88:14:08:e9:1b:94:96:24:6c:59:75:b7:f0:9e:b3:c4:ab:e1:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep  3 07:37:00 2023 GMT
            Not After : Sep  1 07:42:00 2024 GMT
        Subject: CN=D52B627AF48EF47F3190D8B7FCB91981B27D9499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f5:a4:23:30:fd:e2:90:78:dc:ac:95:c5:42:
                    39:25:91:c8:2d:f2:2f:c9:d0:f6:20:96:df:6b:4e:
                    c9:3f:67:44:2c:bf:c3:5a:33:61:ba:b3:b5:ac:ab:
                    4d:fd:8c:22:fe:fc:95:85:15:ed:02:c9:f2:82:f4:
                    de:5a:65:1b:db:79:1a:88:02:e4:66:8c:36:7a:63:
                    d1:da:ac:bf:47:7f:53:87:87:e4:3a:db:4e:ab:11:
                    eb:d0:60:be:83:49:45:c8:31:9f:a1:e6:73:e0:18:
                    46:3b:04:85:74:7c:d2:b5:67:4b:76:bc:86:c6:c5:
                    f3:54:b2:03:5b:5f:74:3a:51:c1:38:85:a0:d3:bc:
                    cb:2c:8d:4c:f6:07:1c:43:d1:28:69:cd:61:01:c8:
                    05:b8:c3:61:fb:e6:6a:88:07:5c:a2:c9:a3:e1:05:
                    7d:11:0f:f3:f8:03:f0:77:eb:89:d0:0a:f7:5f:e5:
                    1d:b8:2f:05:ac:f8:eb:20:34:4f:8d:18:3d:e7:45:
                    22:98:14:33:e0:7b:f7:ed:14:24:62:e9:a2:cf:aa:
                    ac:29:0e:e2:bd:a3:6b:2a:93:2e:8d:af:7c:f2:f2:
                    11:02:de:52:82:cc:a6:aa:94:6d:37:53:bf:26:cb:
                    7a:e3:df:0d:0e:eb:33:c8:3e:d9:98:76:dc:80:34:
                    02:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2B:62:7A:F4:8E:F4:7F:31:90:D8:B7:FC:B9:19:81:B2:7D:94:99
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231362e3230322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:bc:f4:8a:34:65:53:63:96:97:63:cf:f1:96:19:ae:05:21:
         9f:26:1c:84:7e:4b:84:33:ae:6b:f6:b3:6f:90:09:57:4d:57:
         e0:b2:fe:b3:df:cd:b5:65:31:b0:02:c3:f6:6f:9d:ac:ae:2a:
         7a:bd:c0:18:ac:68:ea:40:eb:6a:3b:17:13:93:16:ff:8f:fa:
         82:bf:60:41:f6:a8:68:8c:7a:0b:ef:e9:c2:82:e0:68:3b:b0:
         40:f9:b0:a0:1c:cb:52:e9:4b:bc:ee:50:89:2a:eb:ac:ce:59:
         a3:18:90:53:0e:d9:9d:97:e0:99:a4:ed:4b:68:8e:4e:82:30:
         0f:4b:05:01:c9:e5:fb:37:cb:6c:5d:39:33:b2:25:c0:56:35:
         1c:29:51:5e:f6:4b:2f:f0:ac:b7:4c:7f:e9:38:02:5b:57:1f:
         68:fa:d3:82:9c:45:41:11:bb:79:4f:c4:d0:75:34:65:36:5c:
         d5:0e:4d:0b:69:f8:de:44:69:2a:d3:a3:5d:ff:6a:b7:41:d9:
         ab:09:c7:a2:26:86:31:a3:20:25:a8:86:06:ea:fa:01:a2:a5:
         ed:bd:5e:da:6c:c0:59:ea:ed:f5:17:12:61:f8:12:f7:a2:f2:
         d6:79:78:c3:b9:84:ad:e3:f1:5e:2a:52:57:4c:a6:30:4b:d9:
         e6:3e:f4:73
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB4gUCOkblJYkbFl1t/Ces8Sr4eMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MDMwNzM3MDBaFw0yNDA5MDEwNzQyMDBaMDMxMTAvBgNV
BAMTKEQ1MkI2MjdBRjQ4RUY0N0YzMTkwRDhCN0ZDQjkxOTgxQjI3RDk0OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg9aQjMP3ikHjcrJXFQjklkcgt
8i/J0PYglt9rTsk/Z0Qsv8NaM2G6s7Wsq039jCL+/JWFFe0CyfKC9N5aZRvbeRqI
AuRmjDZ6Y9HarL9Hf1OHh+Q6206rEevQYL6DSUXIMZ+h5nPgGEY7BIV0fNK1Z0t2
vIbGxfNUsgNbX3Q6UcE4haDTvMssjUz2BxxD0ShpzWEByAW4w2H75mqIB1yiyaPh
BX0RD/P4A/B364nQCvdf5R24LwWs+OsgNE+NGD3nRSKYFDPge/ftFCRi6aLPqqwp
DuK9o2sqky6Nr3zy8hEC3lKCzKaqlG03U78my3rj3w0O6zPIPtmYdtyANAK7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1StievSO9H8xkNi3/LkZgbJ9lJkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzYyZTMy
MzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnY
yjANBgkqhkiG9w0BAQsFAAOCAQEAjLz0ijRlU2OWl2PP8ZYZrgUhnyYchH5LhDOu
a/azb5AJV01X4LL+s9/NtWUxsALD9m+drK4qer3AGKxo6kDrajsXE5MW/4/6gr9g
QfaoaIx6C+/pwoLgaDuwQPmwoBzLUulLvO5QiSrrrM5ZoxiQUw7ZnZfgmaTtS2iO
ToIwD0sFAcnl+zfLbF05M7IlwFY1HClRXvZLL/Cst0x/6TgCW1cfaPrTgpxFQRG7
eU/E0HU0ZTZc1Q5NC2n43kRpKtOjXf9qt0HZqwnHoiaGMaMgJaiGBur6AaKl7b1e
2mzAWert9RcSYfgS96Ly1nl4w7mErePxXipSV0ymMEvZ5j70cw==
-----END CERTIFICATE-----