Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32342e302f32342d3234203d3e20383334.roa
File:                     3138352e3133392e32342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rW+27m0/zNye0OxdG99P3R/L34sCJTiVQi0UU439Jq4=
Subject key identifier:   CC:91:68:4C:E7:BD:FB:CF:9C:2F:C5:5A:A2:29:12:CC:02:FC:C9:DE
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       606850281F8436C8DCC274383DBA57375A95E357
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 30 Apr 2024 00:05:09 +0000
ROA not before:           Tue 30 Apr 2024 00:00:09 +0000
ROA not after:            Tue 29 Apr 2025 00:05:09 +0000
asID:                     834
IP address blocks:        185.139.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:68:50:28:1f:84:36:c8:dc:c2:74:38:3d:ba:57:37:5a:95:e3:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Apr 30 00:00:09 2024 GMT
            Not After : Apr 29 00:05:09 2025 GMT
        Subject: CN=CC91684CE7BDFBCF9C2FC55AA22912CC02FCC9DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1e:1e:43:ef:5d:4f:b1:27:af:00:4d:65:3f:
                    07:25:ef:38:33:63:ca:8f:d5:47:49:5b:00:f3:af:
                    b0:f3:bb:b0:3d:16:4d:6d:53:6b:96:be:09:f7:cd:
                    86:41:4a:35:ac:3e:a3:6a:49:6a:cf:05:57:cd:93:
                    cc:0e:70:7a:34:6d:09:3d:ad:b5:0a:cf:2b:b1:00:
                    25:b8:a2:d2:20:eb:74:4d:d6:89:66:35:88:20:c9:
                    67:1f:ae:b0:c1:91:43:81:cf:b9:79:bb:e5:c1:11:
                    a1:58:45:63:7b:6d:b8:96:1a:2f:e1:a8:82:4e:b9:
                    7d:ef:9a:a8:a7:dc:b9:44:f0:82:8b:4e:90:f4:59:
                    a6:0c:41:1e:de:38:1e:b3:78:b0:e2:14:0f:ec:ba:
                    36:77:02:70:98:f4:b2:0a:08:54:be:76:6c:6d:47:
                    2d:7f:50:e7:7c:36:3c:a5:20:6f:99:7a:21:17:68:
                    3b:0b:bb:f8:1d:6b:10:7e:ea:06:f6:8e:21:87:e2:
                    cb:1e:3f:82:35:d7:05:f9:35:b4:96:ea:57:4e:c9:
                    7d:69:d9:fd:77:62:dd:8b:4e:0b:eb:2f:69:fe:3b:
                    ff:20:6b:0c:d2:8d:3d:dc:9a:70:8f:68:46:52:d3:
                    94:ce:6f:57:ea:d4:07:a2:3c:28:87:7f:01:92:eb:
                    47:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:91:68:4C:E7:BD:FB:CF:9C:2F:C5:5A:A2:29:12:CC:02:FC:C9:DE
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e3133392e32342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3d:02:6c:4d:ae:1c:6e:57:e1:ae:0b:6d:5c:3d:99:16:69:
         5a:16:7e:ef:f0:ee:8a:47:20:9b:b6:e5:bc:6f:54:94:e7:72:
         17:37:c3:95:bb:55:48:be:51:e9:c0:c2:1e:39:8b:ee:57:d7:
         7b:b4:fc:b1:b7:c7:7b:c2:23:9e:50:e1:dc:04:70:7d:97:6f:
         c2:f0:ce:41:a3:41:b7:c3:91:e6:ce:54:3d:45:e0:f9:07:bf:
         b3:9b:ac:d5:8d:02:51:22:ea:5b:0b:b6:70:a3:7c:a9:dd:2a:
         2a:53:56:ba:c4:7a:4c:ca:10:41:5e:60:84:c1:81:a4:ba:e6:
         35:4f:10:6f:47:8e:ed:20:0e:e3:3c:63:1a:1b:97:07:6f:6d:
         71:49:50:3b:73:7c:04:53:70:8a:c0:f9:3a:79:64:e4:98:3c:
         f7:0c:77:20:53:c5:df:94:dc:b4:40:47:99:cc:f7:e4:4a:d7:
         bf:97:f6:97:27:7b:96:fe:f9:cf:6d:8b:6b:cd:4d:32:c0:b6:
         e0:be:19:3d:f2:00:20:96:35:78:a4:af:66:3f:61:01:11:cf:
         9c:1b:f7:a1:35:f2:e5:d4:b9:84:9e:f3:47:37:1d:99:3f:f4:
         42:d9:d8:d8:c2:73:84:3a:ce:b8:3a:b9:39:d4:0c:49:39:12:
         07:41:f9:62
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYGhQKB+ENsjcwnQ4PbpXN1qV41cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA0MzAwMDAwMDlaFw0yNTA0MjkwMDA1MDlaMDMxMTAvBgNV
BAMTKENDOTE2ODRDRTdCREZCQ0Y5QzJGQzU1QUEyMjkxMkNDMDJGQ0M5REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsHh5D711PsSevAE1lPwcl7zgz
Y8qP1UdJWwDzr7Dzu7A9Fk1tU2uWvgn3zYZBSjWsPqNqSWrPBVfNk8wOcHo0bQk9
rbUKzyuxACW4otIg63RN1olmNYggyWcfrrDBkUOBz7l5u+XBEaFYRWN7bbiWGi/h
qIJOuX3vmqin3LlE8IKLTpD0WaYMQR7eOB6zeLDiFA/sujZ3AnCY9LIKCFS+dmxt
Ry1/UOd8NjylIG+ZeiEXaDsLu/gdaxB+6gb2jiGH4sseP4I11wX5NbSW6ldOyX1p
2f13Yt2LTgvrL2n+O/8gawzSjT3cmnCPaEZS05TOb1fq1AeiPCiHfwGS60chAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUzJFoTOe9+8+cL8VaoikSzAL8yd4wHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzMTMzMzkyZTMy
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ixgw
DQYJKoZIhvcNAQELBQADggEBADw9AmxNrhxuV+GuC21cPZkWaVoWfu/w7opHIJu2
5bxvVJTnchc3w5W7VUi+UenAwh45i+5X13u0/LG3x3vCI55Q4dwEcH2Xb8LwzkGj
QbfDkebOVD1F4PkHv7ObrNWNAlEi6lsLtnCjfKndKipTVrrEekzKEEFeYITBgaS6
5jVPEG9Hju0gDuM8YxoblwdvbXFJUDtzfARTcIrA+Tp5ZOSYPPcMdyBTxd+U3LRA
R5nM9+RK17+X9pcne5b++c9ti2vNTTLAtuC+GT3yACCWNXikr2Y/YQERz5wb96E1
8uXUuYSe80c3HZk/9ELZ2NjCc4Q6zrg6uTnUDEk5EgdB+WI=
-----END CERTIFICATE-----