Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e2037303138.roa
File:                     3138352e39332e33332e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          K2koc9krP6gYkOrev9jMQfn+gwjrJATUYFTxZ1MOIh8=
Subject key identifier:   06:B4:9B:A1:B3:BD:DA:63:53:F3:D1:49:B9:2B:05:D8:16:7A:D2:14
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       30C04F9ABCF64D913CD12ABC6C8651FA09DC5169
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e2037303138.roa
Signing time:             Wed 09 Oct 2024 09:43:24 +0000
ROA not before:           Wed 09 Oct 2024 09:38:24 +0000
ROA not after:            Wed 08 Oct 2025 09:43:24 +0000
asID:                     7018
IP address blocks:        185.93.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:c0:4f:9a:bc:f6:4d:91:3c:d1:2a:bc:6c:86:51:fa:09:dc:51:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:24 2024 GMT
            Not After : Oct  8 09:43:24 2025 GMT
        Subject: CN=06B49BA1B3BDDA6353F3D149B92B05D8167AD214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ca:08:fb:e3:2b:cf:f1:a2:a9:ca:f7:b9:a4:
                    ae:f2:7c:a1:af:7c:8f:fc:2e:64:8d:39:d6:9a:8a:
                    c7:2d:b4:34:5a:b0:72:aa:f0:61:ac:f0:3d:52:66:
                    48:1f:ad:6b:ae:43:25:52:8a:be:57:fc:f9:22:a1:
                    fb:23:20:0f:6d:fe:65:ce:a9:20:5a:50:30:9a:22:
                    fb:e9:ad:0b:a2:0f:f8:90:7f:40:d7:b3:09:f2:67:
                    df:ef:10:03:51:a6:a1:e2:c4:a9:c7:d0:6e:1a:e7:
                    48:5b:c7:78:75:81:f6:bf:64:e4:f2:6f:6a:42:8d:
                    3a:34:2e:fc:3c:cb:ea:4c:11:93:0a:0b:01:bc:c0:
                    5c:89:b5:fa:bb:3d:75:4a:78:29:c9:02:6c:8c:b4:
                    d2:4d:78:92:68:37:9f:98:9f:3e:5f:aa:d6:d6:e4:
                    ae:64:2c:0e:df:f0:cb:1e:0a:28:f9:17:02:c2:41:
                    9b:20:cc:24:d3:1c:fa:7a:22:6a:a6:e8:90:6a:d4:
                    30:6f:f0:80:39:1b:11:2b:0a:de:e1:17:e1:1d:54:
                    43:d7:89:25:59:09:32:61:1e:80:ab:ef:88:e9:09:
                    36:8d:45:cf:05:29:e7:5b:27:8d:f0:9b:8f:62:85:
                    f0:fe:53:db:4e:9a:d5:50:9b:91:47:63:cf:2e:61:
                    88:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B4:9B:A1:B3:BD:DA:63:53:F3:D1:49:B9:2B:05:D8:16:7A:D2:14
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33332e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:db:fc:66:dc:81:6a:77:9b:58:21:c4:a5:ee:6f:7a:0c:03:
         90:1b:d8:a2:b4:2a:fa:37:a9:16:17:a7:cd:e1:0f:56:17:ec:
         d4:7c:82:e0:fa:76:58:8d:da:16:1b:bb:b2:d3:9f:73:70:da:
         ba:b2:8d:a0:cd:26:ec:18:6f:91:ab:aa:9e:28:69:02:13:30:
         62:a2:03:46:5a:e9:77:e4:a7:5f:67:30:d6:36:d7:55:34:a4:
         e3:81:20:c1:9b:1b:e5:cb:d7:a3:3d:58:5a:ad:3e:26:2b:58:
         d6:b4:b2:b5:51:4d:73:05:21:e0:41:10:92:c9:c1:43:7f:2a:
         8b:2b:24:93:8d:d3:e8:3b:5f:65:c1:c1:49:21:e7:eb:af:1e:
         30:e1:2a:16:bd:68:06:24:48:da:8d:e8:73:e2:40:fd:f6:0c:
         48:fc:72:7a:a6:07:61:36:5d:61:10:f3:82:c0:d6:93:d2:d6:
         75:c1:48:3c:ff:0a:f0:97:c1:5a:5a:89:04:ec:2b:7a:a5:39:
         06:9b:19:57:1f:fd:4c:ba:d2:7c:fa:d2:e5:a5:be:4c:6a:10:
         69:68:d2:48:77:45:d6:e5:c8:43:bc:1f:17:3d:cc:98:0a:3f:
         d1:90:64:8e:69:b2:e1:c0:26:fa:96:f0:50:2b:a2:d8:06:b8:
         5d:fd:be:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMMBPmrz2TZE80Sq8bIZR+gncUWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjRaFw0yNTEwMDgwOTQzMjRaMDMxMTAvBgNV
BAMTKDA2QjQ5QkExQjNCRERBNjM1M0YzRDE0OUI5MkIwNUQ4MTY3QUQyMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLygj74yvP8aKpyve5pK7yfKGv
fI/8LmSNOdaaiscttDRasHKq8GGs8D1SZkgfrWuuQyVSir5X/PkiofsjIA9t/mXO
qSBaUDCaIvvprQuiD/iQf0DXswnyZ9/vEANRpqHixKnH0G4a50hbx3h1gfa/ZOTy
b2pCjTo0Lvw8y+pMEZMKCwG8wFyJtfq7PXVKeCnJAmyMtNJNeJJoN5+Ynz5fqtbW
5K5kLA7f8MseCij5FwLCQZsgzCTTHPp6Imqm6JBq1DBv8IA5GxErCt7hF+EdVEPX
iSVZCTJhHoCr74jpCTaNRc8FKedbJ43wm49ihfD+U9tOmtVQm5FHY88uYYi/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBrSbobO92mNT89FJuSsF2BZ60hQwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzOTMzMmUzMzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5XSEw
DQYJKoZIhvcNAQELBQADggEBADzb/GbcgWp3m1ghxKXub3oMA5Ab2KK0Kvo3qRYX
p83hD1YX7NR8guD6dliN2hYbu7LTn3Nw2rqyjaDNJuwYb5Grqp4oaQITMGKiA0Za
6Xfkp19nMNY211U0pOOBIMGbG+XL16M9WFqtPiYrWNa0srVRTXMFIeBBEJLJwUN/
KosrJJON0+g7X2XBwUkh5+uvHjDhKha9aAYkSNqN6HPiQP32DEj8cnqmB2E2XWEQ
84LA1pPS1nXBSDz/CvCXwVpaiQTsK3qlOQabGVcf/Uy60nz60uWlvkxqEGlo0kh3
RdblyEO8Hxc9zJgKP9GQZI5psuHAJvqW8FArotgGuF39vho=
-----END CERTIFICATE-----