Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa
File:                     3138352e3138312e312e302f32342d3234203d3e203232313638.roa (raw, json)
Hash identifier:          PRTTOxbeXI2/gRZPeKbPFH7+pJEKtXVlCe5sAgzgvR0=
Subject key identifier:   5D:87:BF:AC:3F:3B:5D:D5:97:BF:3A:47:3F:6F:1F:37:7D:07:BE:95
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       65E8F7F8FBD17EEF1C26E13C9213AC983B1F62CF
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa
Signing time:             Thu 25 Apr 2024 12:08:51 +0000
ROA not before:           Thu 25 Apr 2024 12:03:51 +0000
ROA not after:            Thu 24 Apr 2025 12:08:51 +0000
asID:                     22168
IP address blocks:        185.181.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:e8:f7:f8:fb:d1:7e:ef:1c:26:e1:3c:92:13:ac:98:3b:1f:62:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 25 12:03:51 2024 GMT
            Not After : Apr 24 12:08:51 2025 GMT
        Subject: CN=5D87BFAC3F3B5DD597BF3A473F6F1F377D07BE95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:36:5a:cf:96:f0:48:2f:3f:1e:15:08:e7:75:
                    36:dd:f6:ee:33:4a:00:77:90:a0:f2:fb:99:a0:60:
                    cb:c6:c8:02:e6:69:69:d2:05:33:20:46:91:fd:13:
                    51:11:1a:52:3b:31:1c:25:fc:95:dd:30:b6:ed:c7:
                    56:f8:83:80:9b:dd:ec:df:f2:6c:96:29:29:e6:19:
                    50:20:00:da:3c:83:df:d1:e0:46:86:f7:31:78:9a:
                    2d:c5:f4:63:8f:ed:1b:ad:d6:2f:40:a2:dc:ba:c2:
                    fb:04:95:f3:1b:48:fe:75:3d:30:e2:30:e4:5a:f1:
                    3e:52:37:ad:cd:6b:28:dc:e6:b5:5e:45:d4:30:1d:
                    eb:82:89:01:46:f0:ec:67:72:0f:2b:01:3e:3a:ee:
                    1e:8d:04:6a:93:72:31:07:89:6e:91:a1:b2:6f:60:
                    65:bc:46:66:b9:74:da:fd:f9:ec:31:3a:2c:27:f6:
                    6d:aa:bd:4d:1f:e2:b5:da:07:57:f7:f4:0c:75:bf:
                    31:54:02:26:32:e2:e4:5e:c2:1b:4e:71:b1:fa:72:
                    1f:43:a4:64:b8:94:36:79:b4:08:f6:ac:4e:f8:a0:
                    87:a8:12:79:0e:53:02:a5:25:65:e3:02:7c:79:74:
                    43:00:e9:35:1a:56:9d:e7:cb:77:d1:41:da:c9:c6:
                    ca:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:87:BF:AC:3F:3B:5D:D5:97:BF:3A:47:3F:6F:1F:37:7D:07:BE:95
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e203232313638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:bb:90:68:b8:ea:c3:ca:f7:d7:b1:4d:74:79:32:09:dd:8c:
         29:a5:94:4b:3c:81:2d:cb:68:b0:21:92:47:77:b4:58:dc:71:
         b3:56:c9:59:a4:49:9c:a9:89:6c:fb:27:92:90:dc:b7:a0:d4:
         d0:36:bb:99:c4:f1:82:4a:c6:c0:37:4f:3f:4b:49:ba:d6:49:
         2f:98:f5:de:9a:be:70:da:6e:20:0d:aa:33:22:7f:ff:42:87:
         bb:6d:f3:f9:06:6c:b6:92:61:73:dc:9a:c6:40:ab:b8:1e:e2:
         2a:5c:2b:c1:51:60:5a:55:51:bd:bd:65:ec:30:b5:1a:e2:f6:
         2a:4e:82:b4:5e:f1:aa:93:cc:58:28:6b:d2:69:a3:cc:c0:bb:
         16:7d:93:24:88:eb:57:62:42:a2:c9:17:ab:0a:b7:e1:eb:26:
         36:42:aa:80:f9:f5:9a:4a:51:fa:4e:ec:41:49:ff:d6:79:c4:
         44:3a:6a:98:06:c1:34:7a:4c:2b:e9:5f:e5:3f:ab:d4:0c:d4:
         6a:ed:21:54:33:9d:3c:da:a6:f4:4b:db:2d:5f:12:05:9e:3e:
         8d:fb:51:12:10:d6:d6:5c:31:3e:50:9b:75:6b:20:10:79:c4:
         8b:fe:fb:e6:a1:c6:a1:d3:df:4d:64:57:ea:27:f7:0a:66:7b:
         4b:e2:4e:90
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZej3+PvRfu8cJuE8khOsmDsfYs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MjUxMjAzNTFaFw0yNTA0MjQxMjA4NTFaMDMxMTAvBgNV
BAMTKDVEODdCRkFDM0YzQjVERDU5N0JGM0E0NzNGNkYxRjM3N0QwN0JFOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NlrPlvBILz8eFQjndTbd9u4z
SgB3kKDy+5mgYMvGyALmaWnSBTMgRpH9E1ERGlI7MRwl/JXdMLbtx1b4g4Cb3ezf
8myWKSnmGVAgANo8g9/R4EaG9zF4mi3F9GOP7Rut1i9Aoty6wvsElfMbSP51PTDi
MORa8T5SN63Nayjc5rVeRdQwHeuCiQFG8Oxncg8rAT467h6NBGqTcjEHiW6RobJv
YGW8Rma5dNr9+ewxOiwn9m2qvU0f4rXaB1f39Ax1vzFUAiYy4uRewhtOcbH6ch9D
pGS4lDZ5tAj2rE74oIeoEnkOUwKlJWXjAnx5dEMA6TUaVp3ny3fRQdrJxsp1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXYe/rD87XdWXvzpHP28fN30HvpUwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMjMxMzYzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm1
ATANBgkqhkiG9w0BAQsFAAOCAQEAkLuQaLjqw8r317FNdHkyCd2MKaWUSzyBLcto
sCGSR3e0WNxxs1bJWaRJnKmJbPsnkpDct6DU0Da7mcTxgkrGwDdPP0tJutZJL5j1
3pq+cNpuIA2qMyJ//0KHu23z+QZstpJhc9yaxkCruB7iKlwrwVFgWlVRvb1l7DC1
GuL2Kk6CtF7xqpPMWChr0mmjzMC7Fn2TJIjrV2JCoskXqwq34esmNkKqgPn1mkpR
+k7sQUn/1nnERDpqmAbBNHpMK+lf5T+r1AzUau0hVDOdPNqm9EvbLV8SBZ4+jftR
EhDW1lwxPlCbdWsgEHnEi/775qHGodPfTWRX6if3CmZ7S+JOkA==
-----END CERTIFICATE-----