Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230342e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          aKmrndl9lTv2GWQd+9qoP8HY5aUcpC8vFQNex5RBfBw=
Subject key identifier:   1A:14:11:2B:30:76:A6:BE:3F:1A:AD:2F:18:EA:46:3C:C1:38:23:EB
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       505684262CFDF4996A17BA03CE9A3A4E4C5E5805
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 07 Nov 2023 09:46:56 +0000
ROA not before:           Tue 07 Nov 2023 09:41:56 +0000
ROA not after:            Tue 05 Nov 2024 09:46:56 +0000
asID:                     51059
IP address blocks:        185.2.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:56:84:26:2c:fd:f4:99:6a:17:ba:03:ce:9a:3a:4e:4c:5e:58:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Nov  7 09:41:56 2023 GMT
            Not After : Nov  5 09:46:56 2024 GMT
        Subject: CN=1A14112B3076A6BE3F1AAD2F18EA463CC13823EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d9:c2:75:58:cf:9b:19:43:e9:6e:e4:51:5a:
                    31:7c:51:41:9b:88:ad:31:12:12:2f:43:35:56:74:
                    af:4b:5b:b7:b2:c7:a4:47:13:6f:1f:97:0d:cd:fb:
                    04:b7:55:b2:fa:83:bb:2d:49:7e:07:b9:96:f4:7b:
                    12:f8:4c:b6:89:40:a1:86:5a:95:72:d2:2d:e5:98:
                    9a:49:73:b2:af:8f:ae:52:80:dd:48:ef:2e:86:df:
                    f9:5b:13:f1:29:20:37:71:4e:4b:2d:91:e0:8c:94:
                    dd:e9:5d:06:a5:4c:f5:bf:df:64:6e:e1:f4:29:44:
                    39:5d:84:60:f7:94:81:02:31:ed:90:87:59:12:ba:
                    d5:fc:6f:55:a8:98:64:e5:9a:16:8c:a8:da:cd:c0:
                    f4:8c:02:5d:eb:05:ef:45:5f:80:fc:13:91:83:d1:
                    9c:fe:60:b0:12:cc:9f:33:ed:5d:6c:6c:e5:6a:f8:
                    79:00:4d:c6:a5:54:8d:1d:44:b8:52:07:af:d7:a9:
                    14:02:66:a0:24:87:f9:f3:c7:a4:1e:2a:83:00:77:
                    16:1f:f5:37:11:26:4c:e9:15:5b:6f:03:ea:7b:0e:
                    bd:a9:a6:66:b5:e7:87:51:8f:d4:05:7b:c8:58:16:
                    a9:b6:cd:07:9a:77:b0:a6:85:e5:32:e3:d3:e4:c8:
                    7c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:14:11:2B:30:76:A6:BE:3F:1A:AD:2F:18:EA:46:3C:C1:38:23:EB
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c7:71:03:9a:3c:04:1a:81:cf:13:aa:b0:fd:f7:c2:52:7b:
         12:a4:bd:e4:e4:cd:bb:8c:17:ba:73:ae:a5:d8:b3:03:eb:dc:
         26:3c:ac:03:6d:53:07:cf:11:88:95:a7:3d:27:9b:1f:35:82:
         3c:bd:c5:d8:ef:c8:d9:63:05:bd:3d:4d:92:9f:d5:e1:0c:70:
         c4:11:ff:03:bf:d8:54:6d:a9:49:8c:3a:45:c3:e0:2b:11:8e:
         08:1c:b8:00:74:7f:a7:64:11:32:7c:cf:65:ae:92:b0:c4:00:
         1d:d5:5b:04:cc:5a:df:97:69:24:c8:d9:e9:09:e3:d2:09:16:
         4f:4c:71:90:3c:be:6c:14:de:91:ec:78:20:6f:55:0a:7e:4d:
         00:84:4f:ba:fb:b3:58:20:80:8e:54:bf:7f:5e:26:f5:f6:73:
         60:b9:06:d0:b8:51:fb:93:76:43:70:17:bd:7c:a5:81:f2:64:
         01:9a:e4:62:e0:30:d5:cd:56:3f:f7:c0:be:98:95:fd:46:fc:
         cb:34:8b:dd:2a:4d:49:46:de:e9:95:54:25:a6:6c:c0:4f:b4:
         fb:38:35:3e:f1:9c:89:c3:9a:fa:37:f5:74:08:16:85:e3:70:
         ab:1f:2c:65:38:83:4e:62:ff:3c:02:12:ff:60:b6:9f:60:83:
         ea:23:d0:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUFaEJiz99JlqF7oDzpo6TkxeWAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yMzExMDcwOTQxNTZaFw0yNDExMDUwOTQ2NTZaMDMxMTAvBgNV
BAMTKDFBMTQxMTJCMzA3NkE2QkUzRjFBQUQyRjE4RUE0NjNDQzEzODIzRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf2cJ1WM+bGUPpbuRRWjF8UUGb
iK0xEhIvQzVWdK9LW7eyx6RHE28flw3N+wS3VbL6g7stSX4HuZb0exL4TLaJQKGG
WpVy0i3lmJpJc7Kvj65SgN1I7y6G3/lbE/EpIDdxTkstkeCMlN3pXQalTPW/32Ru
4fQpRDldhGD3lIECMe2Qh1kSutX8b1WomGTlmhaMqNrNwPSMAl3rBe9FX4D8E5GD
0Zz+YLASzJ8z7V1sbOVq+HkATcalVI0dRLhSB6/XqRQCZqAkh/nzx6QeKoMAdxYf
9TcRJkzpFVtvA+p7Dr2ppma154dRj9QFe8hYFqm2zQead7CmheUy49PkyHxnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGhQRKzB2pr4/Gq0vGOpGPME4I+swHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zDANBgkqhkiG9w0BAQsFAAOCAQEAVMdxA5o8BBqBzxOqsP33wlJ7EqS95OTNu4wX
unOupdizA+vcJjysA21TB88RiJWnPSebHzWCPL3F2O/I2WMFvT1Nkp/V4QxwxBH/
A7/YVG2pSYw6RcPgKxGOCBy4AHR/p2QRMnzPZa6SsMQAHdVbBMxa35dpJMjZ6Qnj
0gkWT0xxkDy+bBTekex4IG9VCn5NAIRPuvuzWCCAjlS/f14m9fZzYLkG0LhR+5N2
Q3AXvXylgfJkAZrkYuAw1c1WP/fAvpiV/Ub8yzSL3SpNSUbe6ZVUJaZswE+0+zg1
PvGcicOa+jf1dAgWheNwqx8sZTiDTmL/PAIS/2C2n2CD6iPQ4A==
-----END CERTIFICATE-----