Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230342e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          Dcvv1Ul0JGTxvGw2Ps2/e001gxa3ZWx5ttvSXeBWQh0=
Subject key identifier:   13:C4:B1:0A:F0:47:D3:D1:E8:C9:52:F0:42:F6:21:D5:2E:26:76:FC
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       0AEDE6D09164B2DCB03ED3373C510134734CD3FB
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 08 Oct 2024 10:36:39 +0000
ROA not before:           Tue 08 Oct 2024 10:31:39 +0000
ROA not after:            Tue 07 Oct 2025 10:36:39 +0000
asID:                     51059
IP address blocks:        185.2.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 08:43:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ed:e6:d0:91:64:b2:dc:b0:3e:d3:37:3c:51:01:34:73:4c:d3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Oct  8 10:31:39 2024 GMT
            Not After : Oct  7 10:36:39 2025 GMT
        Subject: CN=13C4B10AF047D3D1E8C952F042F621D52E2676FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6b:0b:22:6e:79:1a:a2:5c:e6:5d:09:30:82:
                    d7:69:ff:79:c7:05:da:d5:c4:91:18:94:8b:be:cd:
                    e7:de:32:fd:63:59:35:0b:cb:cb:f0:17:4f:1e:5d:
                    4e:06:d2:90:5a:2e:69:6c:a4:6b:83:9d:e2:07:2c:
                    db:66:3c:68:67:e6:98:a4:56:02:d8:90:d6:e5:09:
                    d8:d6:ba:63:ac:10:6b:23:16:91:ba:66:e1:e6:e8:
                    1f:24:32:d3:e7:c7:0e:c5:f3:7f:14:4e:af:2d:0b:
                    c7:1f:fc:66:0f:f5:d0:f8:cd:60:ef:07:f0:48:dc:
                    ab:c4:48:47:c8:26:f6:b1:25:34:a9:78:51:87:47:
                    56:2b:21:fa:ae:a8:7a:6a:8e:29:ca:4e:64:40:3b:
                    5e:c2:55:6d:29:89:03:d5:39:70:0a:7b:1d:ff:09:
                    3a:90:48:09:82:82:fc:24:e7:96:b3:41:66:f6:9b:
                    b5:06:b7:5c:3e:a5:a8:23:f7:f9:06:e6:a8:0f:67:
                    0f:6b:d8:91:6c:82:a2:77:15:d7:a0:5a:3b:1d:11:
                    2f:78:a8:97:18:e9:43:7c:3c:ed:91:1e:03:5f:e4:
                    d6:24:44:c2:90:9a:1e:bc:f3:8c:2c:7c:d3:4d:76:
                    da:3a:1b:fc:5f:89:75:96:51:f3:0a:ad:97:85:fc:
                    76:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C4:B1:0A:F0:47:D3:D1:E8:C9:52:F0:42:F6:21:D5:2E:26:76:FC
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230342e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:27:46:b5:ff:1d:3c:b4:c3:70:9b:d6:b2:f8:8c:aa:1f:8f:
         03:ef:46:12:72:81:99:92:bb:f0:77:49:fa:59:6c:ba:bd:71:
         fb:4f:37:70:6a:dd:79:4c:1c:ad:c0:cf:df:02:d3:8a:1c:5e:
         08:9b:24:f1:16:1a:17:2b:fa:72:de:c2:85:bc:12:ec:93:3a:
         b3:e9:17:65:0b:84:25:68:42:45:c5:d2:82:f1:af:3f:99:69:
         fd:5a:bd:30:eb:a8:c3:5b:b4:0a:f9:13:07:34:5d:da:85:53:
         d5:cd:37:1e:c2:df:ff:87:68:0f:85:4d:da:8e:18:8e:bd:5f:
         f1:f7:85:69:e2:44:17:8f:ef:61:cf:51:c2:e1:ec:b3:e7:6f:
         28:03:17:e3:00:1f:17:54:ed:f7:f5:fc:b0:55:5d:1c:b4:53:
         14:fc:8b:a7:d0:d9:ec:31:6f:ea:bb:86:24:49:63:f8:76:f9:
         0d:4a:ba:79:dd:e2:8f:1c:ae:18:2e:72:c5:05:e9:5f:10:e4:
         7a:4b:2b:ea:90:47:5e:43:55:a8:ae:df:43:8f:68:72:86:e7:
         15:71:d4:34:17:d8:af:13:b5:87:84:49:20:98:5a:b6:39:dc:
         8d:aa:73:61:44:63:ee:1b:09:51:d6:4e:1a:d7:be:4d:eb:94:
         e6:16:3b:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCu3m0JFkstywPtM3PFEBNHNM0/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yNDEwMDgxMDMxMzlaFw0yNTEwMDcxMDM2MzlaMDMxMTAvBgNV
BAMTKDEzQzRCMTBBRjA0N0QzRDFFOEM5NTJGMDQyRjYyMUQ1MkUyNjc2RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXawsibnkaolzmXQkwgtdp/3nH
BdrVxJEYlIu+zefeMv1jWTULy8vwF08eXU4G0pBaLmlspGuDneIHLNtmPGhn5pik
VgLYkNblCdjWumOsEGsjFpG6ZuHm6B8kMtPnxw7F838UTq8tC8cf/GYP9dD4zWDv
B/BI3KvESEfIJvaxJTSpeFGHR1YrIfquqHpqjinKTmRAO17CVW0piQPVOXAKex3/
CTqQSAmCgvwk55azQWb2m7UGt1w+pagj9/kG5qgPZw9r2JFsgqJ3FdegWjsdES94
qJcY6UN8PO2RHgNf5NYkRMKQmh6884wsfNNNdto6G/xfiXWWUfMKrZeF/HYXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUE8SxCvBH09HoyVLwQvYh1S4mdvwwHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zDANBgkqhkiG9w0BAQsFAAOCAQEACidGtf8dPLTDcJvWsviMqh+PA+9GEnKBmZK7
8HdJ+llsur1x+083cGrdeUwcrcDP3wLTihxeCJsk8RYaFyv6ct7ChbwS7JM6s+kX
ZQuEJWhCRcXSgvGvP5lp/Vq9MOuow1u0CvkTBzRd2oVT1c03HsLf/4doD4VN2o4Y
jr1f8feFaeJEF4/vYc9RwuHss+dvKAMX4wAfF1Tt9/X8sFVdHLRTFPyLp9DZ7DFv
6ruGJElj+Hb5DUq6ed3ijxyuGC5yxQXpXxDkeksr6pBHXkNVqK7fQ49ocobnFXHU
NBfYrxO1h4RJIJhatjncjapzYURj7hsJUdZOGte+TeuU5hY7pA==
-----END CERTIFICATE-----