Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34302e302f32342d3234203d3e2037303138.roa
File:                     3138352e3235302e34302e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          w2qraU5y2QsBq1fVg3gY50SANpfvXrLX+eEcEhf4ce4=
Subject key identifier:   62:BF:74:3D:5E:F2:E0:D3:F8:D8:13:01:7C:94:52:99:5F:38:34:C3
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       334F4D5DE7699D6740BC4CCD539DEA6FEF0EBB31
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34302e302f32342d3234203d3e2037303138.roa
Signing time:             Sun 17 Mar 2024 15:05:08 +0000
ROA not before:           Sun 17 Mar 2024 15:00:08 +0000
ROA not after:            Sun 16 Mar 2025 15:05:08 +0000
asID:                     7018
IP address blocks:        185.250.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:4f:4d:5d:e7:69:9d:67:40:bc:4c:cd:53:9d:ea:6f:ef:0e:bb:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar 17 15:00:08 2024 GMT
            Not After : Mar 16 15:05:08 2025 GMT
        Subject: CN=62BF743D5EF2E0D3F8D813017C9452995F3834C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d1:79:26:94:1c:a0:67:ba:dd:3c:2c:66:80:
                    78:5e:a3:11:61:52:6c:00:52:d6:14:5f:08:2d:b9:
                    9d:80:e5:26:d7:25:a0:ee:49:8e:81:02:a6:ae:7c:
                    c4:e2:40:f1:2e:69:d3:47:be:b2:22:14:c4:7d:1b:
                    04:ba:90:45:60:d2:83:97:e1:52:86:24:0d:fe:1f:
                    9b:69:d3:04:5d:59:3d:22:6a:13:7a:66:26:58:09:
                    c5:b0:2f:b1:4f:f0:27:bc:34:25:3f:c5:18:10:db:
                    cf:b1:23:16:cd:bf:20:96:0d:99:6e:3b:2a:55:f2:
                    03:d2:18:a3:5e:09:ae:c6:47:b8:dc:d0:fc:fe:5a:
                    2d:1e:18:37:78:7e:78:88:e9:e3:a2:89:a7:99:4d:
                    1b:7c:90:15:16:50:92:47:5f:40:a3:bc:23:9d:dd:
                    9c:69:42:c9:6d:b6:34:ef:01:6a:09:7d:db:a3:54:
                    a1:e1:14:90:e1:4b:0a:71:6d:07:9f:7f:60:63:be:
                    13:c0:e3:af:fc:5d:ff:6c:4d:65:87:ef:0c:65:06:
                    fe:07:bb:4c:8f:98:c9:c5:ec:59:ec:3b:ef:a1:6a:
                    8e:d4:54:38:a4:66:b5:6c:f1:2e:d9:31:30:c9:54:
                    3e:37:f7:b6:12:ae:5c:7b:1c:8a:8f:2f:79:4b:46:
                    5f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:BF:74:3D:5E:F2:E0:D3:F8:D8:13:01:7C:94:52:99:5F:38:34:C3
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34302e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:85:13:e7:cd:c8:a9:83:f3:0a:60:5c:ff:00:91:30:63:0d:
         80:d8:0e:1b:b3:17:3f:6f:c2:e3:cd:8a:3d:27:ba:69:7f:37:
         f8:5c:64:2b:8b:61:2a:7c:db:fe:57:39:1e:85:3c:3a:59:d2:
         ef:07:67:f7:bc:9a:83:9c:1d:d6:25:42:f1:83:1e:e0:eb:47:
         ef:6e:c7:0e:b3:c5:eb:6f:24:d8:0e:8d:0e:a0:92:37:67:bb:
         be:eb:6e:79:99:61:17:2a:17:c7:cc:a4:a8:76:bc:15:7f:1c:
         8d:7c:79:6e:98:a9:02:0e:01:cb:a9:a4:e5:d1:06:74:64:6d:
         76:36:54:01:76:e8:2d:18:8e:3f:38:d0:ca:91:0a:bd:b3:a3:
         11:f3:98:a9:2e:f9:3a:08:13:02:3a:51:1c:f6:77:fe:97:54:
         0d:63:64:51:c0:db:21:d8:c7:89:52:31:80:3f:6d:21:df:e8:
         af:f2:8d:3d:5a:7c:45:bb:73:c3:e8:61:a0:1a:e5:f5:cc:59:
         f1:11:b1:c0:75:0b:f0:3b:09:26:d2:8c:09:38:ad:8d:91:a6:
         59:28:05:63:b4:03:35:2e:2e:5b:17:60:ba:74:2b:01:56:e6:
         64:9c:8b:81:68:5a:18:f4:ed:79:61:3b:6e:90:f1:b7:23:ca:
         f7:60:02:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUM09NXedpnWdAvEzNU53qb+8OuzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDAzMTcxNTAwMDhaFw0yNTAzMTYxNTA1MDhaMDMxMTAvBgNV
BAMTKDYyQkY3NDNENUVGMkUwRDNGOEQ4MTMwMTdDOTQ1Mjk5NUYzODM0QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN0XkmlBygZ7rdPCxmgHheoxFh
UmwAUtYUXwgtuZ2A5SbXJaDuSY6BAqaufMTiQPEuadNHvrIiFMR9GwS6kEVg0oOX
4VKGJA3+H5tp0wRdWT0iahN6ZiZYCcWwL7FP8Ce8NCU/xRgQ28+xIxbNvyCWDZlu
OypV8gPSGKNeCa7GR7jc0Pz+Wi0eGDd4fniI6eOiiaeZTRt8kBUWUJJHX0CjvCOd
3ZxpQslttjTvAWoJfdujVKHhFJDhSwpxbQeff2BjvhPA46/8Xf9sTWWH7wxlBv4H
u0yPmMnF7FnsO++hao7UVDikZrVs8S7ZMTDJVD4397YSrlx7HIqPL3lLRl8nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYr90PV7y4NP42BMBfJRSmV84NMMwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzEzODM1MmUzMjM1MzAyZTM0
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn6
KDANBgkqhkiG9w0BAQsFAAOCAQEAmYUT583IqYPzCmBc/wCRMGMNgNgOG7MXP2/C
482KPSe6aX83+FxkK4thKnzb/lc5HoU8OlnS7wdn97yag5wd1iVC8YMe4OtH727H
DrPF628k2A6NDqCSN2e7vutueZlhFyoXx8ykqHa8FX8cjXx5bpipAg4By6mk5dEG
dGRtdjZUAXboLRiOPzjQypEKvbOjEfOYqS75OggTAjpRHPZ3/pdUDWNkUcDbIdjH
iVIxgD9tId/or/KNPVp8Rbtzw+hhoBrl9cxZ8RGxwHUL8DsJJtKMCTitjZGmWSgF
Y7QDNS4uWxdgunQrAVbmZJyLgWhaGPTteWE7bpDxtyPK92AC/w==
-----END CERTIFICATE-----