Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3138362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9ijXrwBI4IuiUl0C0ao9mze+IS50dkbrT3eB8VEi5DU=
Subject key identifier:   27:47:1C:B5:6D:C0:1B:D4:63:27:59:3A:83:1B:31:38:1F:55:E5:4C
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       2B7F0685C05C3572E9AF1912573F7E018EDFD3A5
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e20383334.roa
Signing time:             Sun 21 Apr 2024 00:02:29 +0000
ROA not before:           Sat 20 Apr 2024 23:57:29 +0000
ROA not after:            Sun 20 Apr 2025 00:02:29 +0000
asID:                     834
IP address blocks:        109.110.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:7f:06:85:c0:5c:35:72:e9:af:19:12:57:3f:7e:01:8e:df:d3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Apr 20 23:57:29 2024 GMT
            Not After : Apr 20 00:02:29 2025 GMT
        Subject: CN=27471CB56DC01BD46327593A831B31381F55E54C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0d:9a:b3:7e:f5:19:ae:35:20:5a:41:70:8d:
                    f7:61:b6:37:ff:b9:f6:ad:fc:3b:f0:0a:6c:0c:3d:
                    0e:d1:a4:eb:d0:38:25:8c:e3:88:bc:e2:e0:cf:4d:
                    ba:a9:03:1b:55:3d:22:9c:c2:45:4a:72:3b:ae:9b:
                    2a:45:5f:4d:93:fd:d9:36:96:f9:c1:52:09:a6:cb:
                    5c:b8:86:4d:8e:e0:27:b6:75:18:23:8e:25:50:e6:
                    1f:e6:72:f3:b8:d6:2e:5f:44:e1:c7:66:28:01:07:
                    42:db:62:2c:bd:b4:c0:69:68:6a:66:a1:40:2a:98:
                    a3:db:30:95:75:07:89:0a:6a:af:f2:f4:ab:57:18:
                    6d:2c:5b:7c:13:c9:f8:e7:da:9b:3e:dd:8b:96:bd:
                    19:1a:a3:d3:3a:ca:88:e5:3d:0f:5d:e2:76:5b:2a:
                    40:ab:38:4c:d8:09:0b:4d:54:6a:11:a1:66:e3:ba:
                    db:9d:8b:e3:2c:ec:fd:de:0b:01:82:ce:cf:de:19:
                    21:d4:d6:7e:7c:5b:ca:cc:ec:f7:fb:0c:5b:e9:cf:
                    f8:15:89:a1:45:a7:f2:96:09:88:41:7b:f0:08:45:
                    cb:3d:7d:c4:1b:b5:e7:14:99:51:cb:0d:fc:2e:51:
                    55:05:fc:f1:3e:19:0c:ed:0d:26:aa:e5:91:54:e2:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:47:1C:B5:6D:C0:1B:D4:63:27:59:3A:83:1B:31:38:1F:55:E5:4C
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:18:a4:44:53:ca:b4:9a:9f:ac:f3:14:ea:03:45:a7:03:21:
         f0:ab:f9:0e:a3:2c:69:75:5a:1a:94:13:1a:13:33:2c:b3:52:
         17:c4:f5:e3:de:a0:b8:74:bc:8b:f7:2d:f2:9a:dc:26:5e:f4:
         a9:97:ba:ee:8b:51:0c:38:f6:ef:8c:ae:92:7f:32:06:6e:97:
         05:a2:77:92:a6:05:7a:6e:87:69:70:dc:df:6c:d1:4b:d7:4d:
         86:dd:9b:c1:f8:f6:61:5f:ac:99:45:81:6e:20:07:d5:ec:93:
         4e:36:cd:a9:60:cb:ee:05:d9:17:37:26:cf:f5:38:d0:b9:ee:
         f9:9b:e6:58:e7:a6:19:71:a4:ec:bd:cc:e5:c9:85:49:07:24:
         80:8c:70:61:cb:83:19:a9:f9:df:40:f9:cd:e1:64:21:1a:94:
         76:08:91:5f:a1:20:30:d6:55:28:bf:fc:1d:78:b4:07:a1:a2:
         e4:b2:2f:fa:7a:64:0d:f1:db:28:d9:63:b7:e0:53:fc:e0:e8:
         c1:e6:bd:ca:45:db:fb:3f:93:49:a6:5a:f4:b4:87:13:53:13:
         7f:12:d7:bf:2d:5f:91:7f:4f:bb:f4:12:bf:2d:b5:09:9e:ab:
         6b:d3:d9:32:6a:e7:8b:9a:94:69:10:30:86:a2:0d:ff:c1:a8:
         a6:4a:34:9a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK38GhcBcNXLprxkSVz9+AY7f06UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA0MjAyMzU3MjlaFw0yNTA0MjAwMDAyMjlaMDMxMTAvBgNV
BAMTKDI3NDcxQ0I1NkRDMDFCRDQ2MzI3NTkzQTgzMUIzMTM4MUY1NUU1NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrDZqzfvUZrjUgWkFwjfdhtjf/
ufat/DvwCmwMPQ7RpOvQOCWM44i84uDPTbqpAxtVPSKcwkVKcjuumypFX02T/dk2
lvnBUgmmy1y4hk2O4Ce2dRgjjiVQ5h/mcvO41i5fROHHZigBB0LbYiy9tMBpaGpm
oUAqmKPbMJV1B4kKaq/y9KtXGG0sW3wTyfjn2ps+3YuWvRkao9M6yojlPQ9d4nZb
KkCrOEzYCQtNVGoRoWbjutudi+Ms7P3eCwGCzs/eGSHU1n58W8rM7Pf7DFvpz/gV
iaFFp/KWCYhBe/AIRcs9fcQbtecUmVHLDfwuUVUF/PE+GQztDSaq5ZFU4lUzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJ0cctW3AG9RjJ1k6gxsxOB9V5UwwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzgzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
ujANBgkqhkiG9w0BAQsFAAOCAQEAXhikRFPKtJqfrPMU6gNFpwMh8Kv5DqMsaXVa
GpQTGhMzLLNSF8T1496guHS8i/ct8prcJl70qZe67otRDDj274yukn8yBm6XBaJ3
kqYFem6HaXDc32zRS9dNht2bwfj2YV+smUWBbiAH1eyTTjbNqWDL7gXZFzcmz/U4
0Lnu+ZvmWOemGXGk7L3M5cmFSQckgIxwYcuDGan530D5zeFkIRqUdgiRX6EgMNZV
KL/8HXi0B6Gi5LIv+npkDfHbKNljt+BT/ODowea9ykXb+z+TSaZa9LSHE1MTfxLX
vy1fkX9Pu/QSvy21CZ6ra9PZMmrni5qUaRAwhqIN/8Gopko0mg==
-----END CERTIFICATE-----