Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa
File:                     3138352e302e33322e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          GEEkFnLLD5YdT7e3gZhcbzhghm9btIME32fG3fAo/to=
Subject key identifier:   E1:7E:2E:E1:C3:2E:73:5F:CE:45:21:7D:97:2A:5F:24:12:6A:53:F7
Certificate issuer:       /CN=600579021287ea6495d7f934a6ded30ee2a5bb38
Certificate serial:       5F8B70705FECF8BA07837A7B5A23F31CCC0AEDAF
Authority key identifier: 60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa
Signing time:             Thu 28 Dec 2023 21:56:08 +0000
ROA not before:           Thu 28 Dec 2023 21:51:08 +0000
ROA not after:            Thu 26 Dec 2024 21:56:08 +0000
asID:                     0
IP address blocks:        185.0.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:8b:70:70:5f:ec:f8:ba:07:83:7a:7b:5a:23:f3:1c:cc:0a:ed:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=600579021287ea6495d7f934a6ded30ee2a5bb38
        Validity
            Not Before: Dec 28 21:51:08 2023 GMT
            Not After : Dec 26 21:56:08 2024 GMT
        Subject: CN=E17E2EE1C32E735FCE45217D972A5F24126A53F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:47:63:c8:f4:4c:6f:9f:2e:cb:49:0c:da:98:
                    33:8a:46:4b:35:e2:18:25:d6:cb:7e:17:6e:14:5a:
                    38:96:2a:27:25:df:cc:ce:2f:57:a8:c4:22:3c:f6:
                    9b:7b:7f:36:4b:8a:7a:3e:8f:c5:93:75:98:d6:b6:
                    25:0f:f6:2f:e3:c1:27:f7:97:e3:57:c1:54:96:2e:
                    21:8f:50:3b:54:78:d1:e1:fd:55:8f:5d:dd:fb:f0:
                    5e:39:20:68:8f:27:1c:27:f9:87:92:0d:eb:84:f8:
                    35:ea:f4:44:e6:bf:39:c7:ea:e2:5e:60:da:64:ee:
                    3b:ed:f8:6c:41:98:6d:39:22:0b:b3:87:14:d4:7f:
                    ab:48:71:12:3f:f9:2c:40:0a:39:63:7d:d2:32:1c:
                    c1:cf:cd:0c:1e:85:b1:a6:1a:d5:24:ad:0a:02:36:
                    07:a6:a5:c2:6e:58:aa:e5:d6:35:c9:c3:24:36:1b:
                    c7:a4:dc:a7:4a:9f:ee:ca:eb:8d:91:f5:7f:92:ae:
                    94:95:8e:d1:b2:f7:14:fe:11:65:bb:c3:c6:24:03:
                    f3:a7:ce:b2:44:8c:d2:c5:c8:bb:d4:98:27:9e:6c:
                    dd:87:9a:af:d6:92:67:0f:85:b8:9d:79:18:23:9e:
                    04:ba:91:8d:1b:64:db:ac:45:fc:dd:49:0c:64:b5:
                    db:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7E:2E:E1:C3:2E:73:5F:CE:45:21:7D:97:2A:5F:24:12:6A:53:F7
            X509v3 Authority Key Identifier:
                keyid:60:05:79:02:12:87:EA:64:95:D7:F9:34:A6:DE:D3:0E:E2:A5:BB:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/600579021287EA6495D7F934A6DED30EE2A5BB38.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAV5AhKH6mSV1_k0pt7TDuKluzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48fa/0/3138352e302e33322e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:3f:20:07:30:8b:87:f9:4c:6e:a7:41:d1:da:99:a3:e6:c1:
         38:f3:d7:9f:20:a7:0c:c9:f8:5b:b9:00:17:f1:74:97:8b:10:
         32:9a:3c:d9:42:15:8e:1c:58:86:9d:e2:72:2a:9e:d2:d5:45:
         5b:a1:80:25:aa:ad:f8:6c:49:15:7c:00:cd:3b:b4:23:ee:21:
         72:88:5c:20:06:ec:89:99:93:34:c4:3e:fc:95:dd:9c:be:86:
         f3:30:62:da:8c:2f:60:96:9e:f1:d2:cf:4c:41:7b:73:b1:2f:
         d2:06:4e:7a:aa:7a:d5:03:27:7f:d9:4b:43:17:c1:79:61:73:
         4b:8a:b0:ea:95:3e:5c:be:6f:dd:2e:20:e6:31:72:4d:6b:29:
         3b:1a:14:9b:bd:a7:cb:bb:98:e5:23:35:31:0e:0f:ba:0a:d0:
         9b:e1:44:ab:4f:4a:1d:d6:18:ec:34:12:82:01:a7:e9:6b:02:
         ef:17:4f:3e:79:f5:d3:96:21:b7:a9:3e:0c:de:ea:8b:85:38:
         de:3f:35:58:b6:03:98:15:71:c7:9e:35:0d:e2:01:e1:07:77:
         ec:a8:6d:a0:42:85:f8:d4:ab:c7:eb:53:a1:6d:11:85:39:ab:
         ab:57:94:e6:b9:30:65:5c:c9:3e:ec:f3:af:07:8d:65:bb:63:
         2e:75:61:97
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUX4twcF/s+LoHg3p7WiPzHMwK7a8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAwNTc5MDIxMjg3ZWE2NDk1ZDdmOTM0YTZkZWQzMGVl
MmE1YmIzODAeFw0yMzEyMjgyMTUxMDhaFw0yNDEyMjYyMTU2MDhaMDMxMTAvBgNV
BAMTKEUxN0UyRUUxQzMyRTczNUZDRTQ1MjE3RDk3MkE1RjI0MTI2QTUzRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIR2PI9Exvny7LSQzamDOKRks1
4hgl1st+F24UWjiWKicl38zOL1eoxCI89pt7fzZLino+j8WTdZjWtiUP9i/jwSf3
l+NXwVSWLiGPUDtUeNHh/VWPXd378F45IGiPJxwn+YeSDeuE+DXq9ETmvznH6uJe
YNpk7jvt+GxBmG05IguzhxTUf6tIcRI/+SxACjljfdIyHMHPzQwehbGmGtUkrQoC
NgempcJuWKrl1jXJwyQ2G8ek3KdKn+7K642R9X+SrpSVjtGy9xT+EWW7w8YkA/On
zrJEjNLFyLvUmCeebN2Hmq/WkmcPhbideRgjngS6kY0bZNusRfzdSQxktdvlAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQU4X4u4cMuc1/ORSF9lypfJBJqU/cwHwYDVR0j
BBgwFoAUYAV5AhKH6mSV1/k0pt7TDuKluzgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUtMmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0
OGZhLzAvNjAwNTc5MDIxMjg3RUE2NDk1RDdGOTM0QTZERUQzMEVFMkE1QkIzOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lBVjVBaEtINm1TVjFfazBwdDdURHVL
bHV6Zy5jZXIwgaEGCCsGAQUFBwELBIGUMIGRMIGOBggrBgEFBQcwC4aBgXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTk3OWYwMTUt
MmQ2OS00OGYxLWJiNTItMzU4MWM0ZGY0OGZhLzAvMzEzODM1MmUzMDJlMzMzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQAgMA0GCSqGSIb3
DQEBCwUAA4IBAQACPyAHMIuH+Uxup0HR2pmj5sE489efIKcMyfhbuQAX8XSXixAy
mjzZQhWOHFiGneJyKp7S1UVboYAlqq34bEkVfADNO7Qj7iFyiFwgBuyJmZM0xD78
ld2cvobzMGLajC9glp7x0s9MQXtzsS/SBk56qnrVAyd/2UtDF8F5YXNLirDqlT5c
vm/dLiDmMXJNayk7GhSbvafLu5jlIzUxDg+6CtCb4USrT0od1hjsNBKCAafpawLv
F08+efXTliG3qT4M3uqLhTjePzVYtgOYFXHHnjUN4gHhB3fsqG2gQoX41KvH61Oh
bRGFOaurV5TmuTBlXMk+7POvB41lu2MudWGX
-----END CERTIFICATE-----