Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203239383032.roa
File:                     3138352e342e3232312e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          38r/D4dQjMIIgN1pA/Al4C6aRhTM01j5arxJGQz5a5Q=
Subject key identifier:   00:1D:53:F6:D0:79:AE:75:47:00:C8:09:F4:71:BC:9B:44:1F:F2:49
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       72FBDE5487172B56A566FE5EF78008BAE201078D
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203239383032.roa
Signing time:             Thu 18 Apr 2024 20:15:08 +0000
ROA not before:           Thu 18 Apr 2024 20:10:08 +0000
ROA not after:            Thu 17 Apr 2025 20:15:08 +0000
asID:                     29802
IP address blocks:        185.4.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:fb:de:54:87:17:2b:56:a5:66:fe:5e:f7:80:08:ba:e2:01:07:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Apr 18 20:10:08 2024 GMT
            Not After : Apr 17 20:15:08 2025 GMT
        Subject: CN=001D53F6D079AE754700C809F471BC9B441FF249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:02:d6:18:97:c8:94:8f:eb:6d:c8:6e:a6:cf:
                    22:1d:22:a1:87:3c:60:7c:09:92:1e:e2:4c:82:52:
                    4a:7c:76:90:de:44:4e:bb:ed:36:3e:45:0f:86:a9:
                    bc:af:fb:5f:c4:df:76:8b:12:fc:e3:1e:11:58:c5:
                    f6:55:79:06:03:7d:09:39:15:f3:f2:37:6a:99:f2:
                    ab:3e:d2:8e:b0:5e:48:33:f4:55:7d:d6:89:63:c5:
                    53:b7:8b:72:6c:67:a3:b9:04:db:6c:88:e3:01:a1:
                    db:63:77:2c:5b:26:01:d4:16:ec:1f:70:3d:62:ea:
                    1a:8b:62:70:2e:a1:e7:19:0e:e3:fa:68:26:3a:ab:
                    04:07:ff:d3:93:3f:42:c8:a1:84:b0:c3:1d:15:54:
                    91:b4:e6:22:38:10:ff:62:54:39:ae:f9:e7:74:0e:
                    76:44:98:c7:60:84:9b:d5:34:c8:42:33:f5:d3:0a:
                    af:12:db:29:cf:e2:25:1f:1b:7f:09:e3:9f:77:4d:
                    8c:34:14:c9:39:26:eb:f4:b3:e7:86:75:32:d8:22:
                    20:a9:8e:92:0c:9f:17:03:2f:df:66:13:84:36:7a:
                    76:b9:59:6a:17:71:79:ba:a7:45:2f:ff:74:47:35:
                    82:47:37:ad:d7:7d:66:77:1c:5b:42:49:52:45:90:
                    7d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:1D:53:F6:D0:79:AE:75:47:00:C8:09:F4:71:BC:9B:44:1F:F2:49
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232312e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:33:38:b5:40:12:22:94:c9:27:53:59:99:14:be:fe:43:d0:
         5d:57:37:84:f4:0b:4d:8e:9e:da:40:1f:15:6c:78:d0:98:a4:
         39:4f:67:1c:7d:ad:41:f1:ce:16:03:6e:84:af:36:32:1d:6d:
         1c:02:15:80:2a:26:6e:fb:2a:c5:83:3f:83:e6:b1:c5:ab:90:
         69:eb:41:36:d5:56:4e:03:78:6f:38:52:a6:07:ab:28:4a:94:
         a0:c4:30:67:4c:9d:e4:bb:b1:05:1e:ed:ca:1f:4c:30:e0:4b:
         c1:57:62:de:d5:28:76:7c:60:36:4c:3a:80:9d:74:b1:ba:9c:
         41:16:29:d4:16:7b:df:5c:c6:d2:ec:55:4c:ef:61:35:d1:b0:
         88:10:66:d8:fa:b9:28:50:62:b3:59:32:dd:28:c9:9f:a1:f9:
         f2:11:c3:18:87:a3:d1:65:1f:76:d9:c9:33:c4:67:7c:c9:9b:
         1e:a8:9b:d3:ef:11:9f:a0:a2:13:a1:9e:32:d1:cd:bc:55:93:
         3b:cf:dc:a8:f9:60:24:7b:32:03:bc:7f:30:37:e9:06:6f:d9:
         cc:e0:f5:17:a9:06:ed:53:09:be:fc:87:72:58:a1:46:55:9e:
         fb:e4:fe:08:14:03:18:37:28:fd:4d:7c:ed:9d:91:28:80:6e:
         18:72:58:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcvveVIcXK1alZv5e94AIuuIBB40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA0MTgyMDEwMDhaFw0yNTA0MTcyMDE1MDhaMDMxMTAvBgNV
BAMTKDAwMUQ1M0Y2RDA3OUFFNzU0NzAwQzgwOUY0NzFCQzlCNDQxRkYyNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKAtYYl8iUj+ttyG6mzyIdIqGH
PGB8CZIe4kyCUkp8dpDeRE677TY+RQ+Gqbyv+1/E33aLEvzjHhFYxfZVeQYDfQk5
FfPyN2qZ8qs+0o6wXkgz9FV91oljxVO3i3JsZ6O5BNtsiOMBodtjdyxbJgHUFuwf
cD1i6hqLYnAuoecZDuP6aCY6qwQH/9OTP0LIoYSwwx0VVJG05iI4EP9iVDmu+ed0
DnZEmMdghJvVNMhCM/XTCq8S2ynP4iUfG38J4593TYw0FMk5Juv0s+eGdTLYIiCp
jpIMnxcDL99mE4Q2ena5WWoXcXm6p0Uv/3RHNYJHN63XfWZ3HFtCSVJFkH21AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAB1T9tB5rnVHAMgJ9HG8m0Qf8kkwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3TANBgkqhkiG9w0BAQsFAAOCAQEAlzM4tUASIpTJJ1NZmRS+/kPQXVc3hPQLTY6e
2kAfFWx40JikOU9nHH2tQfHOFgNuhK82Mh1tHAIVgCombvsqxYM/g+axxauQaetB
NtVWTgN4bzhSpgerKEqUoMQwZ0yd5LuxBR7tyh9MMOBLwVdi3tUodnxgNkw6gJ10
sbqcQRYp1BZ731zG0uxVTO9hNdGwiBBm2Pq5KFBis1ky3SjJn6H58hHDGIej0WUf
dtnJM8RnfMmbHqib0+8Rn6CiE6GeMtHNvFWTO8/cqPlgJHsyA7x/MDfpBm/ZzOD1
F6kG7VMJvvyHclihRlWe++T+CBQDGDco/U187Z2RKIBuGHJYQg==
-----END CERTIFICATE-----