Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2037303138.roa
File:                     3138352e3235302e34312e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          IzUHUbnVmdxueA4yZ0OMA1f3x+y7ydgNndOOV8ZDGq8=
Subject key identifier:   9D:E0:46:9C:6A:99:41:41:8B:D7:3D:3B:B6:2B:2E:22:46:79:13:BE
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       22D52BFB024E69FCB529E63336D74D727922DB0C
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2037303138.roa
Signing time:             Sun 17 Mar 2024 15:05:09 +0000
ROA not before:           Sun 17 Mar 2024 15:00:09 +0000
ROA not after:            Sun 16 Mar 2025 15:05:09 +0000
asID:                     7018
IP address blocks:        185.250.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d5:2b:fb:02:4e:69:fc:b5:29:e6:33:36:d7:4d:72:79:22:db:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar 17 15:00:09 2024 GMT
            Not After : Mar 16 15:05:09 2025 GMT
        Subject: CN=9DE0469C6A9941418BD73D3BB62B2E22467913BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:34:27:f2:93:84:c7:5e:c7:9e:16:74:6c:f9:
                    ab:75:a8:23:f4:79:89:fe:59:66:60:4b:69:a8:d9:
                    27:d2:f4:2f:34:4e:0a:29:6b:72:a8:41:80:1d:72:
                    da:4f:e9:99:35:1f:e7:4c:7e:3f:16:35:a3:cd:f5:
                    7f:50:3a:75:a6:08:29:1f:9b:60:bb:8a:29:45:0f:
                    a3:27:44:0a:74:55:1f:4e:66:be:c9:b6:1a:15:36:
                    03:47:d8:42:fd:c9:8e:5c:e2:17:da:4e:40:21:66:
                    69:71:04:52:63:d5:3a:87:30:98:4d:3a:70:2e:6b:
                    dc:ff:03:77:a0:71:eb:74:ff:ec:0f:fb:80:39:11:
                    19:c9:a2:54:1d:79:59:6b:d9:ca:4a:6c:02:8b:7d:
                    1c:f4:02:7f:d4:fd:4f:e5:6b:b2:4a:36:85:7e:27:
                    a4:cf:c7:e1:bd:b4:db:70:44:d4:f7:00:55:a8:e8:
                    61:80:d2:73:f5:bc:eb:fe:8b:19:c5:2b:1e:b0:16:
                    47:ee:11:6b:cd:40:17:10:af:e6:32:65:13:4d:ff:
                    be:88:08:af:20:8c:87:0f:6e:b1:af:b4:fe:b4:09:
                    6b:8a:c6:cd:94:c4:3e:3a:3c:c1:5c:e1:75:7e:34:
                    7f:5d:21:c2:63:a4:46:9e:8f:22:da:88:b3:24:f0:
                    a9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E0:46:9C:6A:99:41:41:8B:D7:3D:3B:B6:2B:2E:22:46:79:13:BE
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34312e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d9:83:2e:c7:d1:42:22:79:db:4e:ab:3a:c8:dc:94:db:b9:
         ba:2a:6a:e6:9d:37:94:e1:d4:62:6b:d4:23:8e:9a:de:21:2a:
         e5:1b:5d:50:d5:21:df:59:d9:52:bc:f9:69:e1:e5:8f:fb:0f:
         f1:0a:64:0a:bb:fa:a7:8b:5a:9e:31:fb:f1:52:e1:37:c6:2e:
         b3:e1:b5:ad:11:e6:c7:5c:6a:fc:03:84:96:c5:5d:22:c6:1b:
         e9:16:f2:8f:00:b7:3f:9f:3b:b7:91:17:21:3e:1b:15:6f:8d:
         4a:db:87:90:c9:bd:7b:3b:00:c5:20:52:95:ba:74:2e:fc:0c:
         c4:b2:ed:b9:f0:ec:97:60:a8:a0:07:25:1a:88:8d:31:f9:58:
         ac:41:a4:54:73:38:a0:c8:1a:ac:09:84:99:ef:47:cf:fe:50:
         00:64:9b:ff:b6:a0:6d:7f:60:fe:3e:fb:b0:9a:50:f1:ed:d1:
         45:11:a5:ea:e2:e1:7f:e3:f3:0d:48:13:12:e3:23:c5:f9:de:
         03:e9:05:ad:aa:94:1e:d4:28:9a:81:25:d6:7c:5e:a7:8d:30:
         91:1e:11:78:35:c6:bc:4b:3b:1c:f6:07:57:7b:e3:a6:f4:87:
         66:f4:3f:82:13:b2:4f:ee:14:b3:26:d9:0c:17:2e:a0:d6:e4:
         8a:14:3c:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUItUr+wJOafy1KeYzNtdNcnki2wwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDAzMTcxNTAwMDlaFw0yNTAzMTYxNTA1MDlaMDMxMTAvBgNV
BAMTKDlERTA0NjlDNkE5OTQxNDE4QkQ3M0QzQkI2MkIyRTIyNDY3OTEzQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkNCfyk4THXseeFnRs+at1qCP0
eYn+WWZgS2mo2SfS9C80Tgopa3KoQYAdctpP6Zk1H+dMfj8WNaPN9X9QOnWmCCkf
m2C7iilFD6MnRAp0VR9OZr7JthoVNgNH2EL9yY5c4hfaTkAhZmlxBFJj1TqHMJhN
OnAua9z/A3egcet0/+wP+4A5ERnJolQdeVlr2cpKbAKLfRz0An/U/U/la7JKNoV+
J6TPx+G9tNtwRNT3AFWo6GGA0nP1vOv+ixnFKx6wFkfuEWvNQBcQr+YyZRNN/76I
CK8gjIcPbrGvtP60CWuKxs2UxD46PMFc4XV+NH9dIcJjpEaejyLaiLMk8KmxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUneBGnGqZQUGL1z07tisuIkZ5E74wHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzEzODM1MmUzMjM1MzAyZTM0
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn6
KTANBgkqhkiG9w0BAQsFAAOCAQEAg9mDLsfRQiJ5206rOsjclNu5uipq5p03lOHU
YmvUI46a3iEq5RtdUNUh31nZUrz5aeHlj/sP8QpkCrv6p4tanjH78VLhN8Yus+G1
rRHmx1xq/AOElsVdIsYb6RbyjwC3P587t5EXIT4bFW+NStuHkMm9ezsAxSBSlbp0
LvwMxLLtufDsl2CooAclGoiNMflYrEGkVHM4oMgarAmEme9Hz/5QAGSb/7agbX9g
/j77sJpQ8e3RRRGl6uLhf+PzDUgTEuMjxfneA+kFraqUHtQomoEl1nxep40wkR4R
eDXGvEs7HPYHV3vjpvSHZvQ/ghOyT+4UsybZDBcuoNbkihQ8lg==
-----END CERTIFICATE-----