Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e203631333137.roa
File:                     3138352e3138312e302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Ynfi8cdCyu4++VFoig0QieWTWymlGRjNoJkfvQHT2L4=
Subject key identifier:   EA:2F:23:38:68:1C:47:48:72:6A:2E:1F:18:39:AA:7D:93:90:A5:AD
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       2EFD3AD30CB6CCE7E1A7CCD7BBA70077FDAC299B
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 25 Apr 2024 09:48:17 +0000
ROA not before:           Thu 25 Apr 2024 09:43:17 +0000
ROA not after:            Thu 24 Apr 2025 09:48:17 +0000
asID:                     61317
IP address blocks:        185.181.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:fd:3a:d3:0c:b6:cc:e7:e1:a7:cc:d7:bb:a7:00:77:fd:ac:29:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 25 09:43:17 2024 GMT
            Not After : Apr 24 09:48:17 2025 GMT
        Subject: CN=EA2F2338681C4748726A2E1F1839AA7D9390A5AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5f:40:89:bb:66:be:7d:62:8e:5c:cc:0e:03:
                    c9:95:09:ef:d2:a4:1d:8f:da:32:6c:ac:62:fe:29:
                    1a:24:31:ce:df:7c:ad:14:31:f7:a2:4c:d7:df:25:
                    ab:6c:8e:5e:8a:01:ff:e4:6f:6d:0a:39:51:67:fe:
                    e4:38:e3:6c:38:8b:a6:29:48:5f:98:51:e8:5a:b0:
                    3c:2d:be:43:30:35:03:60:4b:c4:bb:db:89:06:1c:
                    dd:5d:f1:ff:be:19:10:4a:db:6e:7c:6f:8a:eb:9a:
                    d8:81:c9:eb:b8:58:04:4d:8b:8d:14:de:7d:c2:0f:
                    e7:04:ac:9b:39:de:81:67:9f:bc:80:e6:68:fc:97:
                    25:c7:57:2c:06:33:7c:db:73:b1:c1:dd:c7:c1:3d:
                    5b:ff:d1:38:4f:da:00:f2:5b:60:25:82:05:8b:97:
                    be:b8:1c:70:18:08:5d:dd:34:e4:70:a4:5e:26:b6:
                    5b:c5:60:66:df:ab:9d:1a:01:27:55:51:18:b8:12:
                    e5:4b:ab:7f:31:35:66:e7:63:16:23:9a:be:62:2f:
                    b0:81:54:16:15:6c:99:9a:7d:ae:45:62:b4:b0:ee:
                    57:c7:7b:77:c3:54:06:72:6e:64:9b:92:8f:f5:23:
                    5b:77:62:cc:14:22:d8:24:56:64:ea:dd:6a:53:08:
                    a2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2F:23:38:68:1C:47:48:72:6A:2E:1F:18:39:AA:7D:93:90:A5:AD
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b8:13:03:e0:ba:fc:30:2d:39:fa:6e:13:da:5b:2d:a3:95:
         46:ed:7c:2e:7d:99:91:68:cc:e6:51:1a:0c:28:05:7e:8b:4f:
         92:2a:33:52:1a:e3:62:32:e7:08:78:2c:4c:e0:b5:92:14:36:
         b3:9e:de:62:6b:9f:c3:41:58:f2:98:84:52:0c:07:87:92:57:
         20:b9:eb:32:56:93:c7:41:92:62:6f:5f:9b:99:95:22:1c:ce:
         07:92:55:d0:88:9c:9f:60:a0:71:68:ad:c0:bd:a5:a1:0b:21:
         03:64:36:38:e6:bf:72:17:2d:26:84:a1:f6:8d:e3:38:90:d3:
         0d:e4:29:01:98:53:d8:13:2d:34:da:fd:88:81:2d:91:c2:cb:
         a2:2c:55:a0:f8:a0:49:4e:47:c3:4e:24:7b:73:78:9a:c6:db:
         a1:bd:8f:24:ce:56:3e:7b:57:7b:19:c7:4c:e7:ad:6a:24:be:
         d0:37:b0:40:d1:11:89:71:8e:e7:38:2f:f0:19:82:7b:46:ed:
         6b:f4:89:74:49:9f:24:38:3f:0f:4c:e2:f8:9a:bf:cc:76:23:
         0c:85:d7:91:f4:89:1d:62:1a:b6:0a:b4:3b:24:69:b9:1c:39:
         3f:77:71:94:7c:58:be:33:ac:9e:17:01:de:bd:d3:ca:48:15:
         a2:2b:5c:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULv060wy2zOfhp8zXu6cAd/2sKZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MjUwOTQzMTdaFw0yNTA0MjQwOTQ4MTdaMDMxMTAvBgNV
BAMTKEVBMkYyMzM4NjgxQzQ3NDg3MjZBMkUxRjE4MzlBQTdEOTM5MEE1QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZX0CJu2a+fWKOXMwOA8mVCe/S
pB2P2jJsrGL+KRokMc7ffK0UMfeiTNffJatsjl6KAf/kb20KOVFn/uQ442w4i6Yp
SF+YUehasDwtvkMwNQNgS8S724kGHN1d8f++GRBK2258b4rrmtiByeu4WARNi40U
3n3CD+cErJs53oFnn7yA5mj8lyXHVywGM3zbc7HB3cfBPVv/0ThP2gDyW2AlggWL
l764HHAYCF3dNORwpF4mtlvFYGbfq50aASdVURi4EuVLq38xNWbnYxYjmr5iL7CB
VBYVbJmafa5FYrSw7lfHe3fDVAZybmSbko/1I1t3YswUItgkVmTq3WpTCKKlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6i8jOGgcR0hyai4fGDmqfZOQpa0wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm1
ADANBgkqhkiG9w0BAQsFAAOCAQEAbLgTA+C6/DAtOfpuE9pbLaOVRu18Ln2ZkWjM
5lEaDCgFfotPkiozUhrjYjLnCHgsTOC1khQ2s57eYmufw0FY8piEUgwHh5JXILnr
MlaTx0GSYm9fm5mVIhzOB5JV0Iicn2CgcWitwL2loQshA2Q2OOa/chctJoSh9o3j
OJDTDeQpAZhT2BMtNNr9iIEtkcLLoixVoPigSU5Hw04ke3N4msbbob2PJM5WPntX
exnHTOetaiS+0DewQNERiXGO5zgv8BmCe0bta/SJdEmfJDg/D0zi+Jq/zHYjDIXX
kfSJHWIatgq0OyRpuRw5P3dxlHxYvjOsnhcB3r3TykgVoitc8A==
-----END CERTIFICATE-----