Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34322e302f32332d3234203d3e2039303837.roa
File:                     3138352e3235302e34322e302f32332d3234203d3e2039303837.roa (raw, json)
Hash identifier:          SigLvrwGQ4zx2Wup7gT6fp+M6Jqm46Q9QYQmi7OG1Nw=
Subject key identifier:   00:66:B2:FB:EC:BE:03:A2:B6:7B:E9:42:BE:3D:17:FB:5C:CA:83:D6
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       5461F9C7659E4D84003162C11930B74424397DCA
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34322e302f32332d3234203d3e2039303837.roa
Signing time:             Sat 23 Sep 2023 17:20:49 +0000
ROA not before:           Sat 23 Sep 2023 17:15:49 +0000
ROA not after:            Sat 21 Sep 2024 17:20:49 +0000
asID:                     9087
IP address blocks:        185.250.42.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:61:f9:c7:65:9e:4d:84:00:31:62:c1:19:30:b7:44:24:39:7d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 23 17:15:49 2023 GMT
            Not After : Sep 21 17:20:49 2024 GMT
        Subject: CN=0066B2FBECBE03A2B67BE942BE3D17FB5CCA83D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:85:81:a7:a8:61:52:c5:6a:7d:4b:60:c0:
                    10:68:d1:e5:87:a2:5f:50:3f:16:fe:74:d0:c9:5b:
                    75:62:59:fc:b2:13:93:c3:f8:bb:ee:a1:8a:e9:79:
                    05:29:bc:d0:b2:35:d2:df:8f:8b:2f:07:f0:6d:f4:
                    b6:46:af:2d:89:55:08:20:bd:52:c7:94:57:f8:bd:
                    34:30:48:fa:b4:75:52:a7:8f:a9:4c:74:d2:c1:bb:
                    ea:12:db:ff:5a:0e:e5:9a:d6:a5:b2:0d:78:11:a2:
                    a3:f1:47:d9:f7:c2:8c:a3:86:0b:5d:43:7f:f8:38:
                    34:46:f8:1d:1a:44:b2:a9:8a:d9:87:1a:ea:c9:90:
                    98:84:04:62:e0:ec:18:a2:97:36:c3:9e:6c:4d:dd:
                    a5:aa:4f:1a:2a:5a:3e:3f:09:ef:78:c0:72:19:c3:
                    f5:c2:1a:ba:6c:1b:fa:3a:46:a6:42:c8:8d:42:6b:
                    90:a5:d7:09:d0:8d:78:56:3a:67:f8:37:9b:1f:9f:
                    46:07:3b:f0:b7:8c:bd:03:de:09:9a:3a:22:4b:74:
                    dc:17:0f:0c:ad:f9:b1:eb:ba:99:df:6a:b1:ce:43:
                    d8:7f:f8:77:9f:e5:2a:3c:2a:16:00:c7:66:9b:bc:
                    cf:db:d3:af:3a:e1:11:fd:d6:a4:e4:27:44:16:aa:
                    e8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:66:B2:FB:EC:BE:03:A2:B6:7B:E9:42:BE:3D:17:FB:5C:CA:83:D6
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/3138352e3235302e34322e302f32332d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:03:f4:9c:04:85:cd:f8:0c:20:3a:22:ec:a3:c0:7b:a3:f2:
         88:9f:f3:2c:a8:e4:71:b3:f5:61:e4:b3:b5:6e:eb:b9:90:59:
         48:09:e2:2a:8f:37:1c:a2:a3:eb:05:4e:fa:3a:2c:ec:fd:2a:
         76:54:0a:cb:be:1c:65:65:f5:a6:57:59:2b:4c:c5:0a:cf:91:
         bd:0b:05:46:5c:e7:8a:d0:07:08:8f:28:cf:35:a2:76:84:99:
         8c:68:40:10:74:60:ca:62:4d:94:15:55:8a:64:9a:6c:38:63:
         b5:f5:8a:f3:43:0a:67:8a:6a:66:d9:fb:6a:9d:a1:37:33:ad:
         4f:62:6f:eb:d4:98:50:07:90:c4:58:d4:59:cb:26:6c:cc:59:
         e0:f0:70:66:6e:0d:f2:0a:7e:a8:23:b8:7b:3e:2e:38:9b:38:
         a8:35:39:28:60:0d:13:24:96:4e:e6:d6:42:aa:35:b0:7d:17:
         f9:66:89:44:9c:df:b7:90:20:82:9a:cb:45:91:5d:df:23:a6:
         db:4e:ac:e2:30:97:f3:57:84:66:15:de:c5:16:06:5d:0e:92:
         42:92:9a:6b:cb:cf:3a:68:31:fd:89:f4:2d:2e:0d:70:88:04:
         a5:d8:68:97:84:3b:14:86:6f:88:66:36:fc:87:29:05:64:47:
         65:d1:30:9c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVGH5x2WeTYQAMWLBGTC3RCQ5fcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjMxNzE1NDlaFw0yNDA5MjExNzIwNDlaMDMxMTAvBgNV
BAMTKDAwNjZCMkZCRUNCRTAzQTJCNjdCRTk0MkJFM0QxN0ZCNUNDQTgzRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn8YWBp6hhUsVqfUtgwBBo0eWH
ol9QPxb+dNDJW3ViWfyyE5PD+LvuoYrpeQUpvNCyNdLfj4svB/Bt9LZGry2JVQgg
vVLHlFf4vTQwSPq0dVKnj6lMdNLBu+oS2/9aDuWa1qWyDXgRoqPxR9n3woyjhgtd
Q3/4ODRG+B0aRLKpitmHGurJkJiEBGLg7BiilzbDnmxN3aWqTxoqWj4/Ce94wHIZ
w/XCGrpsG/o6RqZCyI1Ca5Cl1wnQjXhWOmf4N5sfn0YHO/C3jL0D3gmaOiJLdNwX
Dwyt+bHrupnfarHOQ9h/+Hef5So8KhYAx2abvM/b06864RH91qTkJ0QWqujHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAGay++y+A6K2e+lCvj0X+1zKg9YwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzEzODM1MmUzMjM1MzAyZTM0
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzOTMwMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbn6
KjANBgkqhkiG9w0BAQsFAAOCAQEAPAP0nASFzfgMIDoi7KPAe6PyiJ/zLKjkcbP1
YeSztW7ruZBZSAniKo83HKKj6wVO+jos7P0qdlQKy74cZWX1pldZK0zFCs+RvQsF
RlznitAHCI8ozzWidoSZjGhAEHRgymJNlBVVimSabDhjtfWK80MKZ4pqZtn7ap2h
NzOtT2Jv69SYUAeQxFjUWcsmbMxZ4PBwZm4N8gp+qCO4ez4uOJs4qDU5KGANEySW
TubWQqo1sH0X+WaJRJzft5AggprLRZFd3yOm206s4jCX81eEZhXexRYGXQ6SQpKa
a8vPOmgx/Yn0LS4NcIgEpdhol4Q7FIZviGY2/IcpBWRHZdEwnA==
-----END CERTIFICATE-----