Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa
File:                     3138352e38392e37362e302f32342d3234203d3e203536353430.roa (raw, json)
Hash identifier:          fxKhHbKeESFq3kbEg8Cx4F8jqO7wEOW0abeEnovteXY=
Subject key identifier:   31:4A:31:34:0B:97:B1:83:1D:FA:B0:84:6B:6B:8D:5B:CD:1C:8A:E8
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       5CF4A3FAFF174112AEBA1BADD510C084EFA9B8A2
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa
Signing time:             Tue 27 Feb 2024 00:32:32 +0000
ROA not before:           Tue 27 Feb 2024 00:27:32 +0000
ROA not after:            Tue 25 Feb 2025 00:32:32 +0000
asID:                     56540
IP address blocks:        185.89.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:f4:a3:fa:ff:17:41:12:ae:ba:1b:ad:d5:10:c0:84:ef:a9:b8:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb 27 00:27:32 2024 GMT
            Not After : Feb 25 00:32:32 2025 GMT
        Subject: CN=314A31340B97B1831DFAB0846B6B8D5BCD1C8AE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8e:35:dc:6b:09:8e:1a:a3:13:aa:65:6b:72:
                    73:dc:28:a3:c7:38:28:57:fe:e0:c2:4b:03:04:18:
                    5a:88:76:4c:50:23:e8:98:73:03:ca:2b:a1:01:68:
                    e1:81:c3:16:e5:d9:32:72:75:47:91:3a:e1:93:6a:
                    02:ae:d8:89:b4:bf:fd:1a:82:4c:e4:35:0b:03:d3:
                    bc:49:75:55:43:08:bc:0e:ec:fd:93:79:82:03:be:
                    f3:a9:4e:45:06:75:69:24:66:9e:23:c4:8b:bf:84:
                    08:c3:68:8f:65:bf:ab:b6:bd:52:cf:90:b2:86:97:
                    24:12:b5:22:28:b4:b6:0b:0a:43:f3:49:14:f7:49:
                    a6:1c:34:0f:f3:88:c8:96:69:6b:d9:41:39:75:0a:
                    11:1e:6b:4c:6b:a6:13:76:d0:bb:6c:b2:66:bc:8e:
                    94:bd:a3:22:50:e0:88:ef:83:85:5c:4b:d1:bb:49:
                    6e:c7:fe:c0:46:b1:9d:02:80:06:9e:f7:7b:e2:4a:
                    e5:dc:7f:fc:56:ad:83:cb:3e:b0:36:0d:26:e5:aa:
                    72:56:bd:86:19:12:a8:57:9d:00:38:04:a7:a1:12:
                    de:81:d9:de:54:80:bb:42:29:3b:17:b5:3b:70:44:
                    08:9b:f4:93:f2:9a:fe:37:67:4d:40:07:a4:46:a2:
                    1d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4A:31:34:0B:97:B1:83:1D:FA:B0:84:6B:6B:8D:5B:CD:1C:8A:E8
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e38392e37362e302f32342d3234203d3e203536353430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:61:e8:09:36:9a:7b:7c:d7:7a:be:1d:38:66:92:c5:51:6a:
         0b:17:ac:37:50:51:5f:f3:02:68:84:60:d6:5a:1c:e4:36:ef:
         ca:06:ba:47:23:ab:ba:dd:19:5f:8e:7c:20:c7:09:73:44:19:
         e2:ec:d4:13:4a:db:7d:d6:48:b1:6b:28:f9:da:74:8b:26:22:
         cf:e9:68:a1:dc:ed:18:3a:fb:da:9f:a1:29:9c:73:ef:ce:86:
         e5:4b:01:a7:98:7e:76:9d:3b:a4:db:44:14:33:e9:85:bb:0c:
         ff:be:eb:b3:57:41:07:7f:fe:f4:fa:09:2a:4c:67:cf:2b:b1:
         79:d8:6e:ef:47:41:f2:74:e1:4d:4a:cb:65:98:7b:04:61:a0:
         08:fd:a4:28:21:83:b4:2d:dd:53:d3:ad:ee:be:f9:e9:0b:0a:
         70:87:cb:7a:aa:9e:05:fd:72:f3:e0:7c:ba:16:39:08:70:3f:
         44:c0:26:32:cb:55:d2:26:6c:60:f4:51:d7:8c:43:ee:bc:bf:
         79:c7:27:2e:9f:1d:fe:5a:a9:6e:7d:e4:b7:e1:47:4b:90:4a:
         6f:12:ff:0a:fa:e7:7d:2b:fe:06:76:f4:dc:7c:4f:09:40:c9:
         22:05:f3:e3:d3:22:22:aa:8e:1f:a0:61:a0:ae:b8:20:fd:83:
         70:65:d8:f5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXPSj+v8XQRKuuhut1RDAhO+puKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDAyMjcwMDI3MzJaFw0yNTAyMjUwMDMyMzJaMDMxMTAvBgNV
BAMTKDMxNEEzMTM0MEI5N0IxODMxREZBQjA4NDZCNkI4RDVCQ0QxQzhBRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWjjXcawmOGqMTqmVrcnPcKKPH
OChX/uDCSwMEGFqIdkxQI+iYcwPKK6EBaOGBwxbl2TJydUeROuGTagKu2Im0v/0a
gkzkNQsD07xJdVVDCLwO7P2TeYIDvvOpTkUGdWkkZp4jxIu/hAjDaI9lv6u2vVLP
kLKGlyQStSIotLYLCkPzSRT3SaYcNA/ziMiWaWvZQTl1ChEea0xrphN20Ltssma8
jpS9oyJQ4Ijvg4VcS9G7SW7H/sBGsZ0CgAae93viSuXcf/xWrYPLPrA2DSblqnJW
vYYZEqhXnQA4BKehEt6B2d5UgLtCKTsXtTtwRAib9JPymv43Z01AB6RGoh2rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMUoxNAuXsYMd+rCEa2uNW80ciugwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzODM5MmUzNzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNjM1MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlZ
TDANBgkqhkiG9w0BAQsFAAOCAQEARmHoCTaae3zXer4dOGaSxVFqCxesN1BRX/MC
aIRg1loc5Dbvyga6RyOrut0ZX458IMcJc0QZ4uzUE0rbfdZIsWso+dp0iyYiz+lo
odztGDr72p+hKZxz786G5UsBp5h+dp07pNtEFDPphbsM/77rs1dBB3/+9PoJKkxn
zyuxedhu70dB8nThTUrLZZh7BGGgCP2kKCGDtC3dU9Ot7r756QsKcIfLeqqeBf1y
8+B8uhY5CHA/RMAmMstV0iZsYPRR14xD7ry/eccnLp8d/lqpbn3kt+FHS5BKbxL/
CvrnfSv+Bnb03HxPCUDJIgXz49MiIqqOH6BhoK64IP2DcGXY9Q==
-----END CERTIFICATE-----