Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/3138352e33312e3230322e302f32342d3234203d3e2037303138.roa
File:                     3138352e33312e3230322e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          iL7YLdjFSsy+StKeV2OynMplvfVvVqa5nzn9JGMln1g=
Subject key identifier:   85:42:59:50:60:86:89:80:F5:1D:68:A1:B8:91:F2:B8:49:32:93:98
Certificate issuer:       /CN=6464045da5bed0687d15cbda67a04eb87a8fb03e
Certificate serial:       3AE3D81A1B778036AC2F5769707EBE0741727D87
Authority key identifier: 64:64:04:5D:A5:BE:D0:68:7D:15:CB:DA:67:A0:4E:B8:7A:8F:B0:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGQEXaW-0Gh9FcvaZ6BOuHqPsD4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/3138352e33312e3230322e302f32342d3234203d3e2037303138.roa
Signing time:             Fri 09 Aug 2024 15:57:09 +0000
ROA not before:           Fri 09 Aug 2024 15:52:09 +0000
ROA not after:            Fri 08 Aug 2025 15:57:09 +0000
asID:                     7018
IP address blocks:        185.31.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/6464045DA5BED0687D15CBDA67A04EB87A8FB03E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/6464045DA5BED0687D15CBDA67A04EB87A8FB03E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZGQEXaW-0Gh9FcvaZ6BOuHqPsD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 11:51:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:e3:d8:1a:1b:77:80:36:ac:2f:57:69:70:7e:be:07:41:72:7d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6464045da5bed0687d15cbda67a04eb87a8fb03e
        Validity
            Not Before: Aug  9 15:52:09 2024 GMT
            Not After : Aug  8 15:57:09 2025 GMT
        Subject: CN=8542595060868980F51D68A1B891F2B849329398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:01:1f:2c:0e:68:b8:d6:06:e8:11:39:33:5e:
                    f4:85:e3:52:54:d6:b7:c4:1c:c1:1b:08:ef:b3:28:
                    29:f5:b6:6a:8c:b0:a5:55:53:15:f0:48:19:73:c0:
                    1e:8b:a4:fb:bf:fa:6b:d3:1c:8e:a8:a2:93:f0:c2:
                    6d:e7:a6:de:10:2c:1d:2d:28:94:fc:23:c5:21:d6:
                    a3:ea:ea:ed:10:ad:89:f6:d2:b7:a5:f9:71:4c:1d:
                    c0:2a:52:1b:b8:98:c6:d3:a5:f3:fc:a5:54:db:36:
                    05:5d:80:45:00:09:80:fd:59:89:53:f4:16:b0:fe:
                    5a:4e:76:58:37:aa:b7:54:09:ac:92:48:89:77:e6:
                    c5:7b:ce:02:1a:e6:94:96:8f:ce:61:11:7b:6e:74:
                    9e:36:f9:94:bb:c4:89:5f:85:88:98:78:05:a9:2f:
                    45:c9:5a:e4:85:f7:24:be:b1:13:aa:d0:48:c3:87:
                    99:f9:70:38:92:d5:52:cb:2e:bb:7d:ee:a1:fb:b8:
                    fa:41:1c:e1:d1:88:f2:2b:ea:1b:85:18:1f:bb:ee:
                    79:b6:bb:b5:45:8d:6e:c3:b2:f8:11:92:a2:7a:74:
                    da:18:32:de:2e:17:b6:c2:93:05:64:16:40:65:25:
                    ee:1b:7a:82:05:61:89:97:76:9d:e4:ab:4f:47:db:
                    0e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:42:59:50:60:86:89:80:F5:1D:68:A1:B8:91:F2:B8:49:32:93:98
            X509v3 Authority Key Identifier:
                keyid:64:64:04:5D:A5:BE:D0:68:7D:15:CB:DA:67:A0:4E:B8:7A:8F:B0:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/6464045DA5BED0687D15CBDA67A04EB87A8FB03E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGQEXaW-0Gh9FcvaZ6BOuHqPsD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ebc533f-7f31-4bd6-874d-e736e9fde5bd/0/3138352e33312e3230322e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:4a:8a:4a:31:bd:eb:17:f6:2b:72:f9:31:51:ed:bc:a4:67:
         bf:7f:78:ef:dc:6f:89:e1:03:10:29:76:0b:8a:27:e2:c6:79:
         8a:0d:d6:f8:bf:ab:b8:9a:eb:45:43:bc:6e:40:97:20:66:7e:
         56:c1:8a:2b:d3:26:57:1d:46:3c:87:a5:a2:81:9a:ec:c7:85:
         1f:7e:f2:5b:03:4f:c3:98:15:64:f8:5f:cd:ea:2a:10:2a:dd:
         e6:dc:a9:48:34:2c:0e:f6:1d:9d:dd:24:87:5e:93:7d:53:bd:
         c3:d7:20:8b:e8:c6:79:c9:10:9c:5b:36:55:26:ad:fb:40:72:
         0c:34:a5:43:c8:c1:ef:b1:15:32:02:a2:39:7a:66:e0:4d:49:
         ff:28:95:05:e8:af:34:d5:85:25:0d:3f:cc:1d:ac:3d:2f:1b:
         b8:24:a8:0d:3c:40:c5:5d:33:d5:96:54:82:23:d3:c4:7e:59:
         a7:de:d1:4a:d0:f1:ba:42:e3:9d:dd:5a:55:fe:8a:f1:d0:62:
         12:3a:09:b0:b3:7d:3b:30:39:1a:9b:bc:14:ea:80:17:81:ad:
         68:db:8b:3b:fb:57:ff:cf:3b:79:8a:89:97:f9:92:80:75:e5:
         2e:f4:b8:51:47:bb:3e:80:4a:56:17:6f:c6:13:dd:dc:de:73:
         ae:f7:8f:1a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOuPYGht3gDasL1dpcH6+B0FyfYcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjQ2NDA0NWRhNWJlZDA2ODdkMTVjYmRhNjdhMDRlYjg3
YThmYjAzZTAeFw0yNDA4MDkxNTUyMDlaFw0yNTA4MDgxNTU3MDlaMDMxMTAvBgNV
BAMTKDg1NDI1OTUwNjA4Njg5ODBGNTFENjhBMUI4OTFGMkI4NDkzMjkzOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaAR8sDmi41gboETkzXvSF41JU
1rfEHMEbCO+zKCn1tmqMsKVVUxXwSBlzwB6LpPu/+mvTHI6oopPwwm3npt4QLB0t
KJT8I8Uh1qPq6u0QrYn20rel+XFMHcAqUhu4mMbTpfP8pVTbNgVdgEUACYD9WYlT
9Baw/lpOdlg3qrdUCaySSIl35sV7zgIa5pSWj85hEXtudJ42+ZS7xIlfhYiYeAWp
L0XJWuSF9yS+sROq0EjDh5n5cDiS1VLLLrt97qH7uPpBHOHRiPIr6huFGB+77nm2
u7VFjW7DsvgRkqJ6dNoYMt4uF7bCkwVkFkBlJe4beoIFYYmXdp3kq09H2w5DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhUJZUGCGiYD1HWihuJHyuEkyk5gwHwYDVR0j
BBgwFoAUZGQEXaW+0Gh9FcvaZ6BOuHqPsD4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ViYzUzM2YtN2YzMS00YmQ2LTg3NGQtZTczNmU5ZmRl
NWJkLzAvNjQ2NDA0NURBNUJFRDA2ODdEMTVDQkRBNjdBMDRFQjg3QThGQjAzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pHUUVYYVctMEdoOUZjdmFaNkJPdUhx
UHNENC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2ViYzUzM2Yt
N2YzMS00YmQ2LTg3NGQtZTczNmU5ZmRlNWJkLzAvMzEzODM1MmUzMzMxMmUzMjMw
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkf
yjANBgkqhkiG9w0BAQsFAAOCAQEAFkqKSjG96xf2K3L5MVHtvKRnv39479xvieED
ECl2C4on4sZ5ig3W+L+ruJrrRUO8bkCXIGZ+VsGKK9MmVx1GPIelooGa7MeFH37y
WwNPw5gVZPhfzeoqECrd5typSDQsDvYdnd0kh16TfVO9w9cgi+jGeckQnFs2VSat
+0ByDDSlQ8jB77EVMgKiOXpm4E1J/yiVBeivNNWFJQ0/zB2sPS8buCSoDTxAxV0z
1ZZUgiPTxH5Zp97RStDxukLjnd1aVf6K8dBiEjoJsLN9OzA5Gpu8FOqAF4GtaNuL
O/tX/887eYqJl/mSgHXlLvS4UUe7PoBKVhdvxhPd3N5zrvePGg==
-----END CERTIFICATE-----