Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa
File:                     3138352e342e3232312e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          ivs5KOf14ooXz5e1OWlVjDH4qYbUur/+wU6gOPxw27o=
Subject key identifier:   BB:CF:F0:34:DF:D9:7E:03:06:C7:8E:7D:C6:9A:BD:82:CA:7B:36:D8
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       10983A5958A1661B3F8D81D5CEAA5E843BE64322
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa
Signing time:             Sun 23 Jun 2024 13:47:34 +0000
ROA not before:           Sun 23 Jun 2024 13:42:34 +0000
ROA not after:            Sun 22 Jun 2025 13:47:34 +0000
asID:                     20473
IP address blocks:        185.4.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 02:53:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:98:3a:59:58:a1:66:1b:3f:8d:81:d5:ce:aa:5e:84:3b:e6:43:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Jun 23 13:42:34 2024 GMT
            Not After : Jun 22 13:47:34 2025 GMT
        Subject: CN=BBCFF034DFD97E0306C78E7DC69ABD82CA7B36D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:f5:c3:e8:c4:54:b5:c6:02:09:28:1c:84:
                    5f:e0:d4:10:63:1f:2c:a0:09:b3:6c:37:38:21:17:
                    8d:bd:7a:e8:d3:82:a0:e9:f8:0b:b7:b7:12:4e:d2:
                    7c:45:63:d6:b0:c3:00:c6:a6:e3:7e:2b:aa:44:f5:
                    12:d7:48:d0:49:ab:b2:61:6a:23:34:69:66:ae:eb:
                    5f:07:a8:50:5b:11:7a:ea:9f:3f:eb:37:7b:2e:6a:
                    b6:13:3c:a8:ed:c3:2d:55:3a:88:6b:f2:4b:6d:d3:
                    68:7d:43:a9:be:aa:23:c7:8e:f9:cb:b6:aa:8e:b6:
                    9f:7b:b3:f3:d8:51:cb:9d:6f:a8:ad:06:ea:54:99:
                    d9:91:20:c4:de:fc:bb:ca:e4:c6:fb:26:55:8f:86:
                    30:58:ff:5d:13:90:df:14:a9:75:6c:a6:29:84:2f:
                    c4:0a:82:2c:73:71:89:d3:e6:94:76:6c:8a:ba:56:
                    66:82:6d:a4:0d:7a:b0:0c:12:d5:13:ff:0d:4a:c0:
                    fa:77:6b:e0:63:d9:ce:2d:48:3d:46:36:9d:a2:3c:
                    80:55:fd:30:55:01:e9:2b:4f:58:80:95:c2:ea:a9:
                    99:a5:4b:cd:54:ce:35:98:cb:07:14:a3:54:3e:5c:
                    89:f7:7d:54:52:4e:e5:85:7a:98:c0:97:08:7d:6a:
                    c3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:CF:F0:34:DF:D9:7E:03:06:C7:8E:7D:C6:9A:BD:82:CA:7B:36:D8
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:3a:a9:fa:00:b5:3d:e7:a5:45:0b:9f:61:57:c2:bf:28:49:
         5f:81:e2:25:07:da:4b:9e:a2:c6:37:d1:cb:4a:34:e9:74:d9:
         04:ba:77:3c:dc:c2:aa:78:a6:d6:d9:f6:90:07:60:28:a3:50:
         e9:d2:22:fb:35:01:89:13:41:bb:8e:3b:11:e7:c9:51:7b:42:
         07:e0:a6:a9:be:ca:43:6e:3a:b3:33:ec:3b:58:72:84:f1:ee:
         8e:7c:0e:1c:02:51:22:7b:2b:41:39:e1:be:d6:2b:56:4c:a8:
         b0:75:bc:36:00:dc:cb:69:07:30:c6:6e:03:67:4c:f0:f7:85:
         f2:a0:1a:b6:85:2d:d4:07:e9:e8:16:02:4f:ea:e3:10:af:4f:
         5c:af:31:ed:e2:25:f7:a1:38:52:4b:81:89:d1:4f:89:52:04:
         59:10:b8:f9:95:08:ec:d3:9c:45:17:70:77:37:5e:9a:61:aa:
         d7:6c:d0:4a:e0:58:55:5a:46:ec:6c:52:91:a8:a9:73:41:db:
         e8:16:c0:ee:07:99:54:c7:06:31:af:52:a5:c1:13:3a:0b:1a:
         4e:ef:2d:a1:56:60:81:9c:d1:d7:6f:2c:3a:bb:47:85:84:0a:
         bb:90:63:c4:b9:ec:3f:02:d8:51:af:da:53:4c:34:5c:c4:81:
         b0:f1:de:25
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEJg6WVihZhs/jYHVzqpehDvmQyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA2MjMxMzQyMzRaFw0yNTA2MjIxMzQ3MzRaMDMxMTAvBgNV
BAMTKEJCQ0ZGMDM0REZEOTdFMDMwNkM3OEU3REM2OUFCRDgyQ0E3QjM2RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EvXD6MRUtcYCCSgchF/g1BBj
HyygCbNsNzghF429eujTgqDp+Au3txJO0nxFY9awwwDGpuN+K6pE9RLXSNBJq7Jh
aiM0aWau618HqFBbEXrqnz/rN3suarYTPKjtwy1VOohr8ktt02h9Q6m+qiPHjvnL
tqqOtp97s/PYUcudb6itBupUmdmRIMTe/LvK5Mb7JlWPhjBY/10TkN8UqXVspimE
L8QKgixzcYnT5pR2bIq6VmaCbaQNerAMEtUT/w1KwPp3a+Bj2c4tSD1GNp2iPIBV
/TBVAekrT1iAlcLqqZmlS81UzjWYywcUo1Q+XIn3fVRSTuWFepjAlwh9asNTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUu8/wNN/ZfgMGx459xpq9gsp7NtgwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3TANBgkqhkiG9w0BAQsFAAOCAQEATjqp+gC1PeelRQufYVfCvyhJX4HiJQfaS56i
xjfRy0o06XTZBLp3PNzCqnim1tn2kAdgKKNQ6dIi+zUBiRNBu447EefJUXtCB+Cm
qb7KQ246szPsO1hyhPHujnwOHAJRInsrQTnhvtYrVkyosHW8NgDcy2kHMMZuA2dM
8PeF8qAatoUt1Afp6BYCT+rjEK9PXK8x7eIl96E4UkuBidFPiVIEWRC4+ZUI7NOc
RRdwdzdemmGq12zQSuBYVVpG7GxSkaipc0Hb6BbA7geZVMcGMa9SpcETOgsaTu8t
oVZggZzR128sOrtHhYQKu5BjxLnsPwLYUa/aU0w0XMSBsPHeJQ==
-----END CERTIFICATE-----