Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230372e302f32342d3234203d3e203531303539.roa
File:                     3138352e322e3230372e302f32342d3234203d3e203531303539.roa (raw, json)
Hash identifier:          BTfImX353JFUgcIZ2jDRlZdLmp+KqSbtrCi6ArFxd6k=
Subject key identifier:   5F:EE:A1:03:7A:8A:B3:4F:12:C1:25:3F:88:F7:14:47:1E:42:AF:DE
Certificate issuer:       /CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
Certificate serial:       568B5B6B599D390DFE858C8930A98434AECC29CD
Authority key identifier: 45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230372e302f32342d3234203d3e203531303539.roa
Signing time:             Tue 08 Oct 2024 10:36:40 +0000
ROA not before:           Tue 08 Oct 2024 10:31:40 +0000
ROA not after:            Tue 07 Oct 2025 10:36:40 +0000
asID:                     51059
IP address blocks:        185.2.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 08:43:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:8b:5b:6b:59:9d:39:0d:fe:85:8c:89:30:a9:84:34:ae:cc:29:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4502e63ce01cad239ac397bc2bb5e6c347dceeea
        Validity
            Not Before: Oct  8 10:31:40 2024 GMT
            Not After : Oct  7 10:36:40 2025 GMT
        Subject: CN=5FEEA1037A8AB34F12C1253F88F714471E42AFDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:42:bd:12:b9:a9:80:41:c6:58:45:5f:7a:75:
                    63:df:d0:0c:2f:4a:0e:83:87:88:d5:e5:11:5c:52:
                    3d:83:09:25:0b:2e:7d:73:6d:f1:82:a4:2f:cb:af:
                    a0:e0:2e:cd:e1:8d:c2:fe:06:b3:99:fe:6c:08:d3:
                    06:7b:2a:96:62:a8:f9:be:f3:fc:4e:1d:ce:66:3d:
                    d7:83:63:0f:a1:e8:b3:ad:87:66:6d:f0:75:39:6e:
                    6c:91:d5:5b:de:42:1a:78:f7:e6:01:7d:71:1f:7b:
                    dc:89:d9:18:bc:bd:7b:1f:63:e4:e7:9d:fc:a8:75:
                    f1:79:e9:03:d7:52:1f:d7:1b:c4:55:ec:96:85:f3:
                    da:03:df:2f:3e:9a:de:e5:9d:3c:da:56:05:47:9b:
                    df:1e:db:91:5b:3b:c5:bc:87:e1:16:29:a4:7c:38:
                    9b:ce:d7:3d:3f:4d:d3:83:f5:ce:1c:d7:e8:f1:cd:
                    f8:f3:3b:6a:dd:53:4b:70:f0:85:f1:a3:ac:4c:99:
                    cd:d2:2a:53:8e:98:6d:00:75:2b:32:aa:8c:4e:49:
                    7b:bd:ea:68:76:93:58:49:c5:f6:e5:1f:7e:08:75:
                    09:c9:83:3c:a6:a2:90:31:83:e9:27:2b:36:40:1f:
                    97:0f:ec:e3:f3:70:2a:87:4d:fd:fa:24:6c:d6:37:
                    38:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:EE:A1:03:7A:8A:B3:4F:12:C1:25:3F:88:F7:14:47:1E:42:AF:DE
            X509v3 Authority Key Identifier:
                keyid:45:02:E6:3C:E0:1C:AD:23:9A:C3:97:BC:2B:B5:E6:C3:47:DC:EE:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/3138352e322e3230372e302f32342d3234203d3e203531303539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:57:a8:80:c5:91:7e:bd:53:11:3e:3f:5a:3a:48:3e:6e:d9:
         4f:42:bc:b4:f6:6d:ef:d7:63:70:4b:90:28:ea:43:84:1c:de:
         57:cd:1c:1f:a7:83:c9:38:a6:cf:38:2c:61:48:56:47:13:c4:
         c1:fa:ba:8a:13:26:9c:ea:c9:f5:0e:4c:a3:06:9c:45:80:35:
         ba:61:52:0e:37:04:a5:22:52:01:6f:2a:57:b2:37:1c:d2:69:
         a4:fc:37:24:4c:e4:e5:50:93:db:26:89:21:ae:ed:36:ee:1d:
         49:94:11:6f:86:1d:4c:34:8a:95:3b:2d:19:c3:25:ed:64:02:
         6f:6d:ca:dc:99:6e:32:68:1d:c5:16:5e:56:a3:4e:59:07:12:
         21:f9:71:c8:16:e3:f9:bd:e0:0b:00:7d:07:69:e6:a7:03:de:
         56:fd:2d:74:5e:49:5a:dc:59:4e:dc:dd:9c:d1:8e:24:39:55:
         c7:ec:d5:10:3b:36:da:02:3c:fd:81:3e:89:9b:df:1e:81:e4:
         ac:30:98:e6:ac:55:3a:a1:7e:77:a0:11:d9:33:7c:6c:a4:a8:
         26:83:bc:27:09:27:78:e1:14:44:06:81:e5:58:9f:86:c4:54:
         fa:f4:c6:04:ce:69:a0:22:c3:ea:da:5d:53:5c:d4:d1:d6:c0:
         b0:d4:14:78
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVotba1mdOQ3+hYyJMKmENK7MKc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUwMmU2M2NlMDFjYWQyMzlhYzM5N2JjMmJiNWU2YzM0
N2RjZWVlYTAeFw0yNDEwMDgxMDMxNDBaFw0yNTEwMDcxMDM2NDBaMDMxMTAvBgNV
BAMTKDVGRUVBMTAzN0E4QUIzNEYxMkMxMjUzRjg4RjcxNDQ3MUU0MkFGREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+Qr0SuamAQcZYRV96dWPf0Awv
Sg6Dh4jV5RFcUj2DCSULLn1zbfGCpC/Lr6DgLs3hjcL+BrOZ/mwI0wZ7KpZiqPm+
8/xOHc5mPdeDYw+h6LOth2Zt8HU5bmyR1VveQhp49+YBfXEfe9yJ2Ri8vXsfY+Tn
nfyodfF56QPXUh/XG8RV7JaF89oD3y8+mt7lnTzaVgVHm98e25FbO8W8h+EWKaR8
OJvO1z0/TdOD9c4c1+jxzfjzO2rdU0tw8IXxo6xMmc3SKlOOmG0AdSsyqoxOSXu9
6mh2k1hJxfblH34IdQnJgzymopAxg+knKzZAH5cP7OPzcCqHTf36JGzWNzjHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX+6hA3qKs08SwSU/iPcURx5Cr94wHwYDVR0j
BBgwFoAURQLmPOAcrSOaw5e8K7Xmw0fc7uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWRmMzNhNTctN2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUx
MWI0LzAvNDUwMkU2M0NFMDFDQUQyMzlBQzM5N0JDMkJCNUU2QzM0N0RDRUVFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JRTG1QT0FjclNPYXc1ZThLN1htdzBm
Yzd1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOWRmMzNhNTct
N2U0Zi00ODQ0LTg0ZTItYjcxNTNiNTUxMWI0LzAvMzEzODM1MmUzMjJlMzIzMDM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkC
zzANBgkqhkiG9w0BAQsFAAOCAQEAlFeogMWRfr1TET4/WjpIPm7ZT0K8tPZt79dj
cEuQKOpDhBzeV80cH6eDyTimzzgsYUhWRxPEwfq6ihMmnOrJ9Q5MowacRYA1umFS
DjcEpSJSAW8qV7I3HNJppPw3JEzk5VCT2yaJIa7tNu4dSZQRb4YdTDSKlTstGcMl
7WQCb23K3JluMmgdxRZeVqNOWQcSIflxyBbj+b3gCwB9B2nmpwPeVv0tdF5JWtxZ
TtzdnNGOJDlVx+zVEDs22gI8/YE+iZvfHoHkrDCY5qxVOqF+d6AR2TN8bKSoJoO8
JwkneOEURAaB5VifhsRU+vTGBM5poCLD6tpdU1zU0dbAsNQUeA==
-----END CERTIFICATE-----