Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e203233343730.roa
File:                     3138352e322e3136322e302f32332d3234203d3e203233343730.roa (raw, json)
Hash identifier:          BaNMtijhViF+Bla+nFfkE6LPu/fLazY0/tBmFu9zjrc=
Subject key identifier:   7F:35:B1:8F:E8:66:C6:78:DA:E6:54:FD:52:7E:9C:93:EB:82:A1:69
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       4D17557F0372D927D6253F5E4D4AE9B0D81B7DFE
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e203233343730.roa
Signing time:             Mon 02 Dec 2024 16:56:59 +0000
ROA not before:           Mon 02 Dec 2024 16:51:59 +0000
ROA not after:            Mon 01 Dec 2025 16:56:59 +0000
asID:                     23470
IP address blocks:        185.2.162.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:17:55:7f:03:72:d9:27:d6:25:3f:5e:4d:4a:e9:b0:d8:1b:7d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Dec  2 16:51:59 2024 GMT
            Not After : Dec  1 16:56:59 2025 GMT
        Subject: CN=7F35B18FE866C678DAE654FD527E9C93EB82A169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:92:a3:8f:02:bc:a2:c8:66:bd:45:23:b7:
                    1e:cd:ba:fe:95:93:2c:88:55:34:26:af:81:7e:8c:
                    3b:d3:ac:af:52:7b:83:af:13:30:d1:71:1c:de:e8:
                    db:f8:69:ed:c4:17:96:c4:83:e0:a3:71:50:c3:c4:
                    9a:7f:96:76:41:88:02:2c:b0:d4:a0:c4:dc:13:6f:
                    b3:34:e2:99:40:bc:93:84:3e:f5:81:f1:0a:9d:02:
                    d5:53:57:7a:29:1a:62:54:3c:a0:70:cd:a2:9f:4d:
                    33:62:bf:ca:45:22:91:48:8b:85:f7:3d:d5:bb:bb:
                    14:d0:00:4a:8b:84:ae:da:0a:a3:ab:dd:ee:b6:eb:
                    31:b6:c9:1e:1b:8c:fe:73:61:f0:a2:37:dc:18:9a:
                    40:f0:27:54:cd:ed:3f:f0:2a:0d:b0:d4:bf:c2:6d:
                    4b:7a:c6:ad:b9:f4:99:e7:ed:64:a6:95:e0:b4:1a:
                    18:7c:48:dd:cb:be:7f:a0:a8:67:6a:7f:4b:ef:96:
                    f3:2a:9b:2f:3e:d2:d7:34:4e:3b:74:cd:6e:8e:42:
                    80:c1:31:ac:47:73:f8:5d:5f:fc:c1:f5:b1:44:6b:
                    5e:df:3d:02:a0:31:31:a9:a2:09:ad:f5:14:1d:87:
                    81:65:47:bb:d7:38:ca:4b:b1:1b:89:6d:98:12:5c:
                    79:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:35:B1:8F:E8:66:C6:78:DA:E6:54:FD:52:7E:9C:93:EB:82:A1:69
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e203233343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:39:6b:0d:8d:c7:65:d1:34:81:e4:bc:d0:b1:eb:71:1f:cf:
         ee:3e:47:d2:6d:43:2b:a9:fa:c1:7e:e2:a6:b4:38:fa:73:57:
         2f:59:f8:19:8a:d2:c0:2b:3d:4f:d1:2c:2f:32:75:7b:c1:74:
         09:2b:64:2f:9b:1d:5e:04:76:d5:5d:eb:62:d3:6b:7b:02:73:
         fe:69:a3:36:65:69:5c:a7:e5:2d:95:1c:cf:54:01:d8:01:7f:
         ee:19:89:b2:9d:70:70:5d:22:27:56:45:fc:fc:fc:64:6b:59:
         7d:38:22:51:93:9c:8d:2d:eb:d4:67:71:5d:c2:3a:07:10:37:
         b3:f1:48:7c:39:4b:2b:1c:ce:bf:93:30:aa:92:78:62:02:74:
         dd:fa:2b:1d:40:4b:12:a0:08:27:70:6c:22:b7:21:09:99:f2:
         99:08:cd:63:61:8c:9e:45:bc:cc:21:5d:ab:25:64:4f:da:12:
         30:c9:4c:1c:68:0e:47:12:af:58:26:2f:b4:2e:4b:19:d8:b3:
         e8:29:06:f2:37:04:45:31:68:9c:86:48:dd:9b:7e:e3:11:f0:
         86:b3:77:e6:01:2e:51:88:46:73:b6:56:b7:59:b9:96:05:bd:
         0b:95:9a:77:22:22:59:74:74:29:33:5a:0e:be:f8:f0:4e:66:
         9b:48:97:d4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTRdVfwNy2SfWJT9eTUrpsNgbff4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDEyMDIxNjUxNTlaFw0yNTEyMDExNjU2NTlaMDMxMTAvBgNV
BAMTKDdGMzVCMThGRTg2NkM2NzhEQUU2NTRGRDUyN0U5QzkzRUI4MkExNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgEpKjjwK8oshmvUUjtx7Nuv6V
kyyIVTQmr4F+jDvTrK9Se4OvEzDRcRze6Nv4ae3EF5bEg+CjcVDDxJp/lnZBiAIs
sNSgxNwTb7M04plAvJOEPvWB8QqdAtVTV3opGmJUPKBwzaKfTTNiv8pFIpFIi4X3
PdW7uxTQAEqLhK7aCqOr3e626zG2yR4bjP5zYfCiN9wYmkDwJ1TN7T/wKg2w1L/C
bUt6xq259Jnn7WSmleC0Ghh8SN3Lvn+gqGdqf0vvlvMqmy8+0tc0Tjt0zW6OQoDB
MaxHc/hdX/zB9bFEa17fPQKgMTGpogmt9RQdh4FlR7vXOMpLsRuJbZgSXHmfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfzWxj+hmxnja5lT9Un6ck+uCoWkwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzODM1MmUzMjJlMzEzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzIzMzM0MzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbkC
ojANBgkqhkiG9w0BAQsFAAOCAQEAJDlrDY3HZdE0geS80LHrcR/P7j5H0m1DK6n6
wX7iprQ4+nNXL1n4GYrSwCs9T9EsLzJ1e8F0CStkL5sdXgR21V3rYtNrewJz/mmj
NmVpXKflLZUcz1QB2AF/7hmJsp1wcF0iJ1ZF/Pz8ZGtZfTgiUZOcjS3r1GdxXcI6
BxA3s/FIfDlLKxzOv5MwqpJ4YgJ03forHUBLEqAIJ3BsIrchCZnymQjNY2GMnkW8
zCFdqyVkT9oSMMlMHGgORxKvWCYvtC5LGdiz6CkG8jcERTFonIZI3Zt+4xHwhrN3
5gEuUYhGc7ZWt1m5lgW9C5WadyIiWXR0KTNaDr748E5mm0iX1A==
-----END CERTIFICATE-----