Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa
File:                     3138352e342e3232312e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          5RNM550oluFZgYJdeem/80eZxp7JXn2wyp24h/Brx44=
Subject key identifier:   08:30:EA:A9:A8:8C:F4:D1:F8:7E:59:5A:F8:AB:67:BB:E1:8B:A6:7C
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       41F68FB4749973B6BC977E8A0E7944985CFFD12B
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa
Signing time:             Thu 23 Jan 2025 10:58:30 +0000
ROA not before:           Thu 23 Jan 2025 10:53:30 +0000
ROA not after:            Thu 22 Jan 2026 10:58:30 +0000
asID:                     20473
IP address blocks:        185.4.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f6:8f:b4:74:99:73:b6:bc:97:7e:8a:0e:79:44:98:5c:ff:d1:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Jan 23 10:53:30 2025 GMT
            Not After : Jan 22 10:58:30 2026 GMT
        Subject: CN=0830EAA9A88CF4D1F87E595AF8AB67BBE18BA67C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3b:89:75:88:16:b2:60:2d:3b:3b:aa:cb:9b:
                    23:3f:a9:46:b6:90:69:35:c7:63:26:b8:89:85:ae:
                    87:62:95:84:9a:10:e5:77:1a:c6:a6:5a:a6:42:55:
                    26:73:3c:a5:c5:f8:6d:e1:50:58:23:07:07:3b:4a:
                    fd:c7:c1:a8:af:21:ae:39:38:b4:88:83:03:07:9d:
                    e1:6d:ce:84:5e:ee:b5:f8:50:0f:ba:0c:19:4f:bb:
                    19:5c:44:1a:2a:8b:22:8f:0c:a7:52:35:c8:cc:55:
                    ca:f7:76:1a:15:2a:d7:f4:76:0d:bb:06:97:b4:83:
                    63:f4:c5:0b:93:70:80:3c:6e:19:a4:e3:b7:56:e8:
                    ca:0d:3b:87:45:00:84:e4:81:d9:35:a4:d9:f2:53:
                    16:78:e9:e9:f1:48:88:5b:53:71:ee:7c:f4:d9:9b:
                    e4:18:f2:9f:4b:0f:fa:64:e8:2f:6f:ce:be:93:7c:
                    1f:60:e2:27:af:fe:1f:b9:91:65:b1:0b:f3:c9:6c:
                    6e:fb:03:f1:5f:d4:e7:a9:5e:04:f8:9b:0a:d4:59:
                    b4:09:9a:85:4d:1e:83:67:08:bd:77:2c:64:02:d6:
                    3c:ca:75:c0:9a:39:81:47:4a:53:db:19:6c:8d:d2:
                    3e:22:a6:25:cb:b7:98:cf:b2:c4:b3:e6:eb:4b:cc:
                    79:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:30:EA:A9:A8:8C:F4:D1:F8:7E:59:5A:F8:AB:67:BB:E1:8B:A6:7C
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:fc:f0:b1:45:04:bd:23:f0:05:5f:cb:0e:39:f0:5f:11:52:
         43:0c:a7:5d:8b:72:fc:e5:1d:8f:ff:6c:5c:a7:85:58:10:c5:
         30:4d:bb:74:47:fc:57:21:63:17:5c:42:35:e1:4e:e9:bd:72:
         ff:32:0a:7c:f2:fe:80:45:2b:c3:b9:c5:32:81:69:90:2b:6a:
         c2:ec:8e:71:35:6a:ed:4c:91:e7:fe:95:17:b7:47:36:4e:82:
         53:04:0c:82:fb:24:6f:07:64:fa:66:a8:d5:1f:4f:0c:85:80:
         d2:cd:2d:bb:38:e7:7a:7c:ac:d7:50:d8:94:8f:4a:90:ae:cb:
         d5:46:9c:ca:91:29:5e:0e:ea:9a:11:a3:a2:ac:03:75:68:39:
         52:21:7a:06:92:0e:e0:10:16:bf:a2:68:8b:18:69:55:d7:4f:
         7b:f9:0f:2d:56:1f:06:a3:91:2f:b3:7d:e0:95:8a:da:bc:71:
         9c:ce:ae:ef:09:c1:22:e1:9a:fc:2c:3c:39:10:d3:bf:96:fa:
         a3:fc:68:ec:61:65:03:2a:11:ff:94:5a:f3:c8:25:72:bf:60:
         ef:a0:da:a0:34:8d:ff:fa:e3:69:4c:31:00:1c:88:bb:28:bf:
         a8:1a:d2:e0:c5:d6:e8:49:4c:1b:c7:99:f6:7f:fa:70:87:7c:
         41:10:6c:84
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQfaPtHSZc7a8l36KDnlEmFz/0SswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNTAxMjMxMDUzMzBaFw0yNjAxMjIxMDU4MzBaMDMxMTAvBgNV
BAMTKDA4MzBFQUE5QTg4Q0Y0RDFGODdFNTk1QUY4QUI2N0JCRTE4QkE2N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTO4l1iBayYC07O6rLmyM/qUa2
kGk1x2MmuImFrodilYSaEOV3GsamWqZCVSZzPKXF+G3hUFgjBwc7Sv3HwaivIa45
OLSIgwMHneFtzoRe7rX4UA+6DBlPuxlcRBoqiyKPDKdSNcjMVcr3dhoVKtf0dg27
Bpe0g2P0xQuTcIA8bhmk47dW6MoNO4dFAITkgdk1pNnyUxZ46enxSIhbU3HufPTZ
m+QY8p9LD/pk6C9vzr6TfB9g4iev/h+5kWWxC/PJbG77A/Ff1OepXgT4mwrUWbQJ
moVNHoNnCL13LGQC1jzKdcCaOYFHSlPbGWyN0j4ipiXLt5jPssSz5utLzHnbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCDDqqaiM9NH4flla+Ktnu+GLpnwwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3TANBgkqhkiG9w0BAQsFAAOCAQEAHvzwsUUEvSPwBV/LDjnwXxFSQwynXYty/OUd
j/9sXKeFWBDFME27dEf8VyFjF1xCNeFO6b1y/zIKfPL+gEUrw7nFMoFpkCtqwuyO
cTVq7UyR5/6VF7dHNk6CUwQMgvskbwdk+mao1R9PDIWA0s0tuzjnenys11DYlI9K
kK7L1UacypEpXg7qmhGjoqwDdWg5UiF6BpIO4BAWv6JoixhpVddPe/kPLVYfBqOR
L7N94JWK2rxxnM6u7wnBIuGa/Cw8ORDTv5b6o/xo7GFlAyoR/5Ra88glcr9g76Da
oDSN//rjaUwxAByIuyi/qBrS4MXW6ElMG8eZ9n/6cId8QRBshA==
-----END CERTIFICATE-----