Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e20383334.roa
File:                     3138352e3138312e312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          gIppViKpsPuLvsABsPL4wyUZRM+fEwpfGFRuuQcoQ+M=
Subject key identifier:   6A:93:A5:78:6D:55:7B:C9:27:67:19:20:1B:3A:99:6C:5E:89:3F:F9
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       3F5C4158069BA5C6E5810B3FB1F1D26580F4A220
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e20383334.roa
Signing time:             Thu 25 Apr 2024 09:49:14 +0000
ROA not before:           Thu 25 Apr 2024 09:44:14 +0000
ROA not after:            Thu 24 Apr 2025 09:49:14 +0000
asID:                     834
IP address blocks:        185.181.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:5c:41:58:06:9b:a5:c6:e5:81:0b:3f:b1:f1:d2:65:80:f4:a2:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr 25 09:44:14 2024 GMT
            Not After : Apr 24 09:49:14 2025 GMT
        Subject: CN=6A93A5786D557BC9276719201B3A996C5E893FF9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a3:f0:b7:7d:24:ff:b0:27:cc:84:8b:4b:1e:
                    1c:8a:e6:98:7d:2b:50:fa:67:25:fe:d0:77:32:b1:
                    03:2f:ff:4a:f2:ab:0f:1b:17:d4:28:40:e5:ee:6e:
                    47:07:21:5b:1e:6f:b4:93:fd:7b:22:b3:3a:c9:d0:
                    4a:cc:72:76:cc:0b:e2:0e:2e:ad:16:89:bd:60:b8:
                    1f:02:b0:61:23:e2:15:be:d4:a7:96:d3:ef:b9:d1:
                    8e:21:6f:a9:db:1a:ef:5c:18:2c:a2:b8:d8:a4:ac:
                    32:4f:e7:d1:d1:0c:1c:92:16:5d:e8:9f:37:02:66:
                    7f:73:72:0c:b1:30:db:c9:83:df:16:05:87:aa:07:
                    14:7b:00:f3:84:1c:80:ad:98:79:eb:f4:95:af:2b:
                    f4:46:c3:67:07:42:99:0e:65:e8:f1:ba:b6:f9:5e:
                    b7:72:60:92:1c:3f:b4:5c:3d:41:23:12:86:95:a8:
                    9a:6e:17:6b:a0:9b:9b:8a:a1:ab:0d:78:30:f2:7e:
                    94:29:47:ef:fa:83:f5:9e:0a:69:3a:db:2a:49:3f:
                    f0:d5:4c:b3:42:e0:ac:9f:e9:a3:c4:40:b5:da:19:
                    b8:22:74:02:cc:b4:a3:19:2a:d7:ba:7c:45:55:33:
                    eb:cf:b2:ff:17:23:94:1d:eb:eb:7d:cf:60:5c:e0:
                    bd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:93:A5:78:6D:55:7B:C9:27:67:19:20:1B:3A:99:6C:5E:89:3F:F9
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:c5:10:f3:f6:9f:28:60:2f:8e:27:5d:fa:c3:08:8b:76:a4:
         96:ca:6d:c5:70:10:81:07:8e:6f:ff:9f:3e:43:db:34:ea:d7:
         6f:ec:ca:dd:89:7a:49:21:48:c2:2c:18:b1:9a:c5:97:80:8f:
         ce:8c:9c:d1:db:d2:02:ac:48:fa:9b:7a:b4:a3:1f:ac:f8:3b:
         34:39:d2:fc:8d:e7:c2:3e:ed:b9:1c:64:0a:f8:03:ee:fb:d2:
         04:43:10:72:cd:41:06:a7:46:80:f0:1e:23:b4:fc:1b:ac:f1:
         e4:79:56:22:b4:bc:b7:41:20:14:30:90:5a:07:d6:55:d6:46:
         15:d9:61:6e:9e:62:6a:78:5f:e8:82:e8:d5:19:4f:48:90:7f:
         60:ee:46:b3:2b:3a:af:1f:dd:3b:12:bc:16:b8:ec:b1:91:4c:
         1d:d5:fe:17:3e:cf:c9:5d:f8:45:aa:7f:9f:c5:b2:bd:f1:42:
         af:67:15:db:a8:4c:0a:52:d5:1b:e4:98:87:03:fa:92:6a:34:
         dc:00:ab:2a:0e:b5:54:8d:f3:8f:8a:4e:4b:d5:d6:99:43:fd:
         34:96:97:4b:59:f3:d7:fa:5e:1d:77:1d:09:a5:50:40:e5:76:
         b3:b5:c8:ca:f9:af:5e:59:0e:2d:1c:1c:78:2c:14:0d:07:4c:
         f9:0f:50:0e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUP1xBWAabpcblgQs/sfHSZYD0oiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA0MjUwOTQ0MTRaFw0yNTA0MjQwOTQ5MTRaMDMxMTAvBgNV
BAMTKDZBOTNBNTc4NkQ1NTdCQzkyNzY3MTkyMDFCM0E5OTZDNUU4OTNGRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7o/C3fST/sCfMhItLHhyK5ph9
K1D6ZyX+0HcysQMv/0ryqw8bF9QoQOXubkcHIVseb7ST/XsiszrJ0ErMcnbMC+IO
Lq0Wib1guB8CsGEj4hW+1KeW0++50Y4hb6nbGu9cGCyiuNikrDJP59HRDBySFl3o
nzcCZn9zcgyxMNvJg98WBYeqBxR7APOEHICtmHnr9JWvK/RGw2cHQpkOZejxurb5
XrdyYJIcP7RcPUEjEoaVqJpuF2ugm5uKoasNeDDyfpQpR+/6g/WeCmk62ypJP/DV
TLNC4Kyf6aPEQLXaGbgidALMtKMZKte6fEVVM+vPsv8XI5Qd6+t9z2Bc4L2BAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUapOleG1Ve8knZxkgGzqZbF6JP/kwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubUBMA0G
CSqGSIb3DQEBCwUAA4IBAQCxxRDz9p8oYC+OJ136wwiLdqSWym3FcBCBB45v/58+
Q9s06tdv7MrdiXpJIUjCLBixmsWXgI/OjJzR29ICrEj6m3q0ox+s+Ds0OdL8jefC
Pu25HGQK+APu+9IEQxByzUEGp0aA8B4jtPwbrPHkeVYitLy3QSAUMJBaB9ZV1kYV
2WFunmJqeF/ogujVGU9IkH9g7kazKzqvH907ErwWuOyxkUwd1f4XPs/JXfhFqn+f
xbK98UKvZxXbqEwKUtUb5JiHA/qSajTcAKsqDrVUjfOPik5L1daZQ/00lpdLWfPX
+l4ddx0JpVBA5XaztcjK+a9eWQ4tHBx4LBQNB0z5D1AO
-----END CERTIFICATE-----