Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa
File:                     3138352e342e3232302e302f32342d3234203d3e203630393439.roa (raw, json)
Hash identifier:          2CE9thvw4csBQkbk/fvwqYeiwSpW2foRY6SKe7dQmO0=
Subject key identifier:   58:D8:7A:D6:C8:FB:EB:53:12:71:B5:D9:6F:31:99:06:87:B2:80:D2
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       48016A3A468B80FC87A439B33CE17354E6A9C2C0
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa
Signing time:             Tue 29 Oct 2024 18:43:26 +0000
ROA not before:           Tue 29 Oct 2024 18:38:26 +0000
ROA not after:            Tue 28 Oct 2025 18:43:26 +0000
asID:                     60949
IP address blocks:        185.4.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:01:6a:3a:46:8b:80:fc:87:a4:39:b3:3c:e1:73:54:e6:a9:c2:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Oct 29 18:38:26 2024 GMT
            Not After : Oct 28 18:43:26 2025 GMT
        Subject: CN=58D87AD6C8FBEB531271B5D96F31990687B280D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ea:6a:4d:55:b2:d2:a9:3f:a3:d0:b5:28:d9:
                    67:29:1c:cd:b2:82:67:e1:22:78:5e:67:df:af:62:
                    6d:d7:2f:23:35:45:28:0d:2c:1d:bd:75:ac:d6:f3:
                    7e:db:83:80:9f:89:bf:ad:99:56:6a:2d:c2:50:8c:
                    f3:05:3b:36:98:d5:4f:6c:8a:0e:55:a4:b9:fa:ad:
                    54:f3:c0:07:38:a8:6f:29:79:71:95:5f:94:a1:77:
                    b0:d0:15:ab:05:2f:76:30:68:82:d1:21:37:37:6a:
                    e4:9e:17:d8:0b:d0:f8:17:52:d3:e0:e0:5e:c1:f9:
                    87:ac:cd:cd:7b:38:a6:ec:6c:1e:ac:91:ce:c6:68:
                    51:f2:4f:63:63:db:cd:e2:ff:a8:8a:bb:97:2d:39:
                    78:ed:1c:3f:f7:59:6d:c9:c7:ad:5d:df:37:a8:f3:
                    53:0e:5f:ca:6f:28:a2:4b:23:09:6b:58:86:f6:db:
                    ca:d4:67:e7:d0:c7:44:af:0a:00:e4:52:b3:5d:98:
                    9d:bb:a8:03:57:52:be:78:b6:b4:6b:b9:de:db:94:
                    ce:84:9b:11:14:3a:cd:f1:2e:06:0a:ec:df:13:7d:
                    fb:23:6a:39:dc:f7:59:89:d5:ec:47:be:7b:80:29:
                    b5:83:3b:c0:95:3c:38:bf:a6:4d:ee:a5:e8:21:b0:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D8:7A:D6:C8:FB:EB:53:12:71:B5:D9:6F:31:99:06:87:B2:80:D2
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:fb:12:92:41:98:31:a7:b1:58:95:96:cf:f4:28:cd:53:c2:
         42:de:e4:0d:65:74:04:8f:66:ea:57:cf:76:8b:54:d9:f1:27:
         1a:13:f3:37:81:4b:ac:c3:90:06:14:a6:a9:35:a8:7f:e0:2a:
         4a:55:5f:a9:62:1b:f8:26:2b:7e:2f:f6:cc:3b:6d:bc:4f:43:
         e2:e9:84:d7:53:b6:fb:cd:4f:31:14:f5:91:1c:a4:0f:15:2d:
         59:22:1a:3b:3b:c2:3c:63:4a:3f:0a:ea:70:9c:3b:b6:0a:f4:
         ce:09:f2:74:b7:44:82:ac:aa:ef:42:3e:ba:73:e7:aa:07:de:
         f8:98:1d:eb:4c:12:27:91:84:cc:39:68:0f:33:40:83:af:08:
         94:76:ad:88:43:26:a2:0c:58:c8:5e:0e:e5:0f:3e:6b:ec:d6:
         26:0c:be:63:ab:be:03:8d:51:52:20:3f:28:25:a5:37:f7:65:
         ca:46:f0:2d:c2:e1:68:17:6d:a9:f2:4c:50:45:66:73:22:4e:
         5f:99:fd:e6:72:f9:c2:ae:77:94:30:8a:12:16:07:30:18:f9:
         9e:19:e5:dd:92:16:52:56:aa:31:b1:57:3a:c0:93:73:78:9f:
         53:3d:00:64:23:98:80:a7:f1:46:3d:dd:71:01:80:72:be:3f:
         3e:32:7f:ad
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSAFqOkaLgPyHpDmzPOFzVOapwsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDEwMjkxODM4MjZaFw0yNTEwMjgxODQzMjZaMDMxMTAvBgNV
BAMTKDU4RDg3QUQ2QzhGQkVCNTMxMjcxQjVEOTZGMzE5OTA2ODdCMjgwRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs6mpNVbLSqT+j0LUo2WcpHM2y
gmfhInheZ9+vYm3XLyM1RSgNLB29dazW837bg4Cfib+tmVZqLcJQjPMFOzaY1U9s
ig5VpLn6rVTzwAc4qG8peXGVX5Shd7DQFasFL3YwaILRITc3auSeF9gL0PgXUtPg
4F7B+Yeszc17OKbsbB6skc7GaFHyT2Nj283i/6iKu5ctOXjtHD/3WW3Jx61d3zeo
81MOX8pvKKJLIwlrWIb228rUZ+fQx0SvCgDkUrNdmJ27qANXUr54trRrud7blM6E
mxEUOs3xLgYK7N8Tffsjajnc91mJ1exHvnuAKbWDO8CVPDi/pk3upeghsIdzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWNh61sj761MScbXZbzGZBoeygNIwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM5MzQzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3DANBgkqhkiG9w0BAQsFAAOCAQEAd/sSkkGYMaexWJWWz/QozVPCQt7kDWV0BI9m
6lfPdotU2fEnGhPzN4FLrMOQBhSmqTWof+AqSlVfqWIb+CYrfi/2zDttvE9D4umE
11O2+81PMRT1kRykDxUtWSIaOzvCPGNKPwrqcJw7tgr0zgnydLdEgqyq70I+unPn
qgfe+Jgd60wSJ5GEzDloDzNAg68IlHatiEMmogxYyF4O5Q8+a+zWJgy+Y6u+A41R
UiA/KCWlN/dlykbwLcLhaBdtqfJMUEVmcyJOX5n95nL5wq53lDCKEhYHMBj5nhnl
3ZIWUlaqMbFXOsCTc3ifUz0AZCOYgKfxRj3dcQGAcr4/PjJ/rQ==
-----END CERTIFICATE-----