Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232362e302f32342d3234203d3e20383334.roa
File:                     3138352e31332e3232362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OuXn2nbA0M9AZ5xOpa5kqiXkJAoaG3UOG3XpHkk6mJA=
Subject key identifier:   F5:20:92:59:B5:9F:17:BB:61:5C:62:CE:85:50:79:C9:A7:BB:FD:CF
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       58C7E856B92A02A3389943DABD0F562821992671
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232362e302f32342d3234203d3e20383334.roa
Signing time:             Sun 28 Jul 2024 00:00:27 +0000
ROA not before:           Sat 27 Jul 2024 23:55:27 +0000
ROA not after:            Sun 27 Jul 2025 00:00:27 +0000
asID:                     834
IP address blocks:        185.13.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c7:e8:56:b9:2a:02:a3:38:99:43:da:bd:0f:56:28:21:99:26:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jul 27 23:55:27 2024 GMT
            Not After : Jul 27 00:00:27 2025 GMT
        Subject: CN=F5209259B59F17BB615C62CE855079C9A7BBFDCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d5:30:e7:c1:60:d0:45:5a:76:5d:a2:f4:50:
                    dc:f5:00:2c:05:08:95:b1:23:c8:57:e6:4d:92:03:
                    7c:01:70:44:41:11:4e:b5:81:fc:6a:fc:2b:11:c0:
                    55:cd:0c:47:0d:00:e8:01:41:7a:e8:b9:1e:76:88:
                    cd:85:77:dd:fd:cd:de:29:9c:46:76:d7:28:5e:09:
                    08:32:a8:17:b1:d7:7d:d6:16:74:43:99:84:37:0b:
                    7e:c5:33:b2:53:f9:38:ab:cf:f8:8f:62:68:85:11:
                    a7:7f:fb:34:f1:67:b0:e9:1e:a7:ac:25:3e:eb:3c:
                    00:20:54:8f:03:b1:d7:2b:ae:e0:f7:db:9a:43:84:
                    63:ee:10:85:9c:5b:24:0c:14:80:49:7a:f1:0f:4e:
                    90:c8:e9:49:f6:af:4f:ec:5b:f1:bc:61:4b:c2:34:
                    d0:1d:28:51:e5:8e:77:10:d3:6f:a0:c8:70:ab:24:
                    58:36:3a:ab:e3:48:db:a0:ea:25:a6:f0:d0:ef:2c:
                    e4:0c:15:8c:c3:2f:54:3a:e0:81:af:8c:e1:08:b8:
                    f8:2a:30:ba:13:f8:6c:34:40:08:a7:fc:58:e2:21:
                    9a:ad:13:9a:3b:9e:f5:5c:8b:d8:d5:d0:95:0a:23:
                    ea:d7:1b:0a:6f:d8:aa:30:81:dc:b8:46:f7:45:56:
                    a1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:20:92:59:B5:9F:17:BB:61:5C:62:CE:85:50:79:C9:A7:BB:FD:CF
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:5f:a4:2d:07:d9:14:40:1b:ea:35:1b:1b:a8:8d:2e:43:a0:
         95:dc:9c:74:13:19:30:af:d0:d8:00:4e:c3:e1:25:d1:d0:03:
         f4:b0:00:1c:97:fb:c8:59:51:1e:77:30:39:9b:73:a9:79:67:
         0c:bf:86:e4:9d:e2:64:b6:a3:90:bf:15:c7:17:4a:6b:1b:06:
         a5:07:d7:6e:b5:d6:c7:f8:62:26:28:2c:11:19:92:a3:d6:11:
         0c:cd:c9:80:e9:a3:2a:98:f0:c4:af:a7:56:6f:51:77:3f:ec:
         a2:67:83:bf:6e:2e:52:dd:ba:2e:29:29:54:b6:60:9c:0b:d7:
         aa:d6:e4:37:8e:91:9c:ab:4f:1b:d6:28:dc:5e:3d:9a:97:63:
         87:df:d9:54:85:cc:98:df:0e:6a:04:0d:fe:17:71:71:b1:55:
         e5:67:de:24:29:1b:1c:ad:43:d9:ad:44:c7:b0:49:d2:3e:7e:
         67:3c:74:0a:2b:f8:c9:dd:86:ed:d8:35:ad:6e:cc:87:ca:9c:
         bc:26:ee:03:eb:da:31:a3:aa:95:c8:40:d8:23:c2:b0:de:3f:
         a2:38:71:f3:b2:b3:3b:81:9d:f4:50:a3:be:77:bc:01:18:be:
         e8:06:0a:07:75:0f:88:69:00:5e:fb:af:e5:46:2f:ed:ac:14:
         91:4f:62:7e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWMfoVrkqAqM4mUPavQ9WKCGZJnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDA3MjcyMzU1MjdaFw0yNTA3MjcwMDAwMjdaMDMxMTAvBgNV
BAMTKEY1MjA5MjU5QjU5RjE3QkI2MTVDNjJDRTg1NTA3OUM5QTdCQkZEQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+1TDnwWDQRVp2XaL0UNz1ACwF
CJWxI8hX5k2SA3wBcERBEU61gfxq/CsRwFXNDEcNAOgBQXrouR52iM2Fd939zd4p
nEZ21yheCQgyqBex133WFnRDmYQ3C37FM7JT+Tirz/iPYmiFEad/+zTxZ7DpHqes
JT7rPAAgVI8DsdcrruD325pDhGPuEIWcWyQMFIBJevEPTpDI6Un2r0/sW/G8YUvC
NNAdKFHljncQ02+gyHCrJFg2OqvjSNug6iWm8NDvLOQMFYzDL1Q64IGvjOEIuPgq
MLoT+Gw0QAin/FjiIZqtE5o7nvVci9jV0JUKI+rXGwpv2Kowgdy4RvdFVqFxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU9SCSWbWfF7thXGLOhVB5yae7/c8wHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzODM1MmUzMTMzMmUzMjMy
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5DeIw
DQYJKoZIhvcNAQELBQADggEBAK9fpC0H2RRAG+o1GxuojS5DoJXcnHQTGTCv0NgA
TsPhJdHQA/SwAByX+8hZUR53MDmbc6l5Zwy/huSd4mS2o5C/FccXSmsbBqUH1261
1sf4YiYoLBEZkqPWEQzNyYDpoyqY8MSvp1ZvUXc/7KJng79uLlLdui4pKVS2YJwL
16rW5DeOkZyrTxvWKNxePZqXY4ff2VSFzJjfDmoEDf4XcXGxVeVn3iQpGxytQ9mt
RMewSdI+fmc8dAor+Mndhu3YNa1uzIfKnLwm7gPr2jGjqpXIQNgjwrDeP6I4cfOy
szuBnfRQo753vAEYvugGCgd1D4hpAF77r+VGL+2sFJFPYn4=
-----END CERTIFICATE-----