Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e203230343733.roa
File:                     3138352e342e3232332e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          5llxyGtvvGAHmWCKh/0VKOyganPAGLRHhON8VJ+WyPQ=
Subject key identifier:   EE:D7:36:67:4C:10:B6:42:45:1E:29:11:71:71:7D:D4:03:B9:0A:D3
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       3A233A4DBC4839569AEA42668D05F5D37854E11B
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e203230343733.roa
Signing time:             Fri 18 Oct 2024 03:19:23 +0000
ROA not before:           Fri 18 Oct 2024 03:14:23 +0000
ROA not after:            Fri 17 Oct 2025 03:19:23 +0000
asID:                     20473
IP address blocks:        185.4.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:23:3a:4d:bc:48:39:56:9a:ea:42:66:8d:05:f5:d3:78:54:e1:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Oct 18 03:14:23 2024 GMT
            Not After : Oct 17 03:19:23 2025 GMT
        Subject: CN=EED736674C10B642451E291171717DD403B90AD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:10:ff:4a:c3:01:e3:cd:e1:cf:28:1d:53:00:
                    63:5b:e5:a3:c2:b3:5e:1b:a5:18:bf:c6:ba:28:7d:
                    32:f3:e8:ac:04:ff:01:b4:04:63:b2:c6:c3:79:10:
                    3f:b1:78:9a:b1:53:df:80:57:90:6c:59:5c:36:56:
                    3e:86:f9:6d:9c:ed:13:da:0a:bf:cb:d3:68:e0:44:
                    f7:a9:b4:c9:89:7b:fb:79:86:da:ee:17:8f:89:ff:
                    0f:76:50:3e:c8:0c:36:d8:a6:19:ef:66:fd:01:3a:
                    ea:b9:7a:d7:84:48:64:4e:9c:a8:1f:de:b4:d5:47:
                    1b:ee:07:86:f8:55:66:82:fa:8c:22:a5:99:93:56:
                    ef:61:9f:24:f1:42:ee:db:80:56:bc:0f:4c:5b:ee:
                    4c:c5:07:13:4c:4e:6f:4b:d2:54:08:e6:b3:ab:be:
                    5e:37:15:2a:00:a2:65:8d:12:59:10:d1:b1:74:fb:
                    7d:a2:4e:2c:fa:c6:82:dc:39:77:30:73:4e:fc:3f:
                    e7:ff:67:71:df:eb:6f:04:8c:d5:1d:ce:8d:fe:82:
                    0a:0a:c0:76:e9:32:bd:6a:7b:b7:d0:e4:bb:78:7a:
                    b9:b6:cd:5f:35:62:5f:7b:28:ce:03:01:df:d0:a8:
                    6f:5a:df:35:53:69:5b:7e:db:46:92:1a:f2:ef:d3:
                    06:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:D7:36:67:4C:10:B6:42:45:1E:29:11:71:71:7D:D4:03:B9:0A:D3
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:11:1c:62:e1:94:61:e0:4d:93:d1:2a:a0:5f:9b:dd:ed:03:
         5e:35:fa:ef:43:19:91:79:66:f0:46:5b:d2:0e:99:9b:14:69:
         39:b6:8f:39:2d:d3:90:8a:4a:71:2c:f5:94:94:e3:48:40:c0:
         d3:c7:fc:9f:71:47:5d:13:03:19:51:25:80:ed:2a:ce:de:10:
         40:58:93:d5:ef:26:22:f4:a9:89:3f:cf:68:12:cd:b7:9f:74:
         ed:e4:05:08:45:3e:ab:ca:cd:8e:79:c3:3e:32:b2:5f:46:de:
         1c:33:ac:a6:38:dd:21:f7:97:e7:4f:52:dd:c1:31:73:86:2f:
         cd:a7:99:ed:16:00:1e:8f:2d:5c:83:21:cb:4e:99:42:c7:d0:
         26:77:e6:de:5f:bb:52:7b:09:6f:78:2c:6a:b9:5b:34:06:ff:
         34:0e:09:c2:49:df:89:ea:1b:1c:aa:0e:37:9b:2c:f8:f8:4a:
         48:8c:87:8b:c0:78:bf:bc:5f:4c:c5:83:99:ec:6a:bb:a6:53:
         ac:19:1a:40:ce:e1:a9:c0:65:b1:eb:57:b2:b9:8f:3b:97:4f:
         69:2d:3e:6f:b2:c8:35:ce:05:1d:f9:ef:3b:1b:4b:91:86:96:
         71:61:2a:f2:d3:85:5b:8a:18:13:3a:cf:af:78:87:6f:d3:0e:
         7a:a2:e4:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOiM6TbxIOVaa6kJmjQX103hU4RswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDEwMTgwMzE0MjNaFw0yNTEwMTcwMzE5MjNaMDMxMTAvBgNV
BAMTKEVFRDczNjY3NEMxMEI2NDI0NTFFMjkxMTcxNzE3REQ0MDNCOTBBRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsEP9KwwHjzeHPKB1TAGNb5aPC
s14bpRi/xroofTLz6KwE/wG0BGOyxsN5ED+xeJqxU9+AV5BsWVw2Vj6G+W2c7RPa
Cr/L02jgRPeptMmJe/t5htruF4+J/w92UD7IDDbYphnvZv0BOuq5eteESGROnKgf
3rTVRxvuB4b4VWaC+owipZmTVu9hnyTxQu7bgFa8D0xb7kzFBxNMTm9L0lQI5rOr
vl43FSoAomWNElkQ0bF0+32iTiz6xoLcOXcwc078P+f/Z3Hf628EjNUdzo3+ggoK
wHbpMr1qe7fQ5Lt4erm2zV81Yl97KM4DAd/QqG9a3zVTaVt+20aSGvLv0wahAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7tc2Z0wQtkJFHikRcXF91AO5CtMwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3zANBgkqhkiG9w0BAQsFAAOCAQEAMxEcYuGUYeBNk9EqoF+b3e0DXjX670MZkXlm
8EZb0g6ZmxRpObaPOS3TkIpKcSz1lJTjSEDA08f8n3FHXRMDGVElgO0qzt4QQFiT
1e8mIvSpiT/PaBLNt5907eQFCEU+q8rNjnnDPjKyX0beHDOspjjdIfeX509S3cEx
c4YvzaeZ7RYAHo8tXIMhy06ZQsfQJnfm3l+7UnsJb3gsarlbNAb/NA4Jwknfieob
HKoON5ss+PhKSIyHi8B4v7xfTMWDmexqu6ZTrBkaQM7hqcBlsetXsrmPO5dPaS0+
b7LINc4FHfnvOxtLkYaWcWEq8tOFW4oYEzrPr3iHb9MOeqLkUg==
-----END CERTIFICATE-----