Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232372e302f32342d3234203d3e20383334.roa
File:                     3138352e31332e3232372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          oc4uAy14mlVA47t6e+M90RSRJn5v5hTnthmAuT1VRlw=
Subject key identifier:   D1:89:DF:52:29:E3:6D:AA:FB:77:9A:D7:8B:15:32:0C:DE:A2:80:4F
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       710799C46920C5F2D3F23D341573CFA78CE481B1
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232372e302f32342d3234203d3e20383334.roa
Signing time:             Sun 31 Mar 2024 00:03:21 +0000
ROA not before:           Sat 30 Mar 2024 23:58:21 +0000
ROA not after:            Sun 30 Mar 2025 00:03:21 +0000
asID:                     834
IP address blocks:        185.13.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 12:48:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:07:99:c4:69:20:c5:f2:d3:f2:3d:34:15:73:cf:a7:8c:e4:81:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Mar 30 23:58:21 2024 GMT
            Not After : Mar 30 00:03:21 2025 GMT
        Subject: CN=D189DF5229E36DAAFB779AD78B15320CDEA2804F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1f:af:a6:08:87:f9:07:3e:a9:0a:f3:7c:12:
                    fc:e3:e7:8c:ae:13:32:e9:20:21:c8:31:94:9b:1a:
                    38:91:a6:91:a2:7f:c4:db:0f:b4:f0:d8:95:1d:f2:
                    66:8e:cf:d4:38:1e:be:86:f7:5f:01:e3:bd:d0:e3:
                    76:7c:8f:a6:a3:67:fc:2d:be:7a:15:a4:3e:e5:57:
                    07:9a:55:56:bc:d0:77:2c:c1:45:9f:5d:bb:ad:a8:
                    58:a5:40:d6:75:9b:c1:78:aa:a1:cd:cc:42:ee:04:
                    1c:97:af:46:61:c3:18:43:29:6b:07:c5:d0:ad:36:
                    e4:8b:c7:a3:ea:62:9e:c8:89:2d:bf:38:3f:a1:31:
                    ee:a4:17:db:92:2b:1c:7a:d4:59:7e:dd:21:f5:d2:
                    0d:a9:6c:55:2a:5d:09:22:13:13:08:12:07:2c:61:
                    ce:0c:a6:46:5e:a1:86:94:29:dc:df:86:7b:b0:c3:
                    02:1d:59:cd:85:d7:d3:bf:d4:7d:b2:91:aa:f8:d9:
                    ba:a5:20:72:45:4a:73:7e:4a:d5:87:8e:a5:8c:75:
                    df:3c:54:29:c0:af:5d:32:00:75:d3:c7:c0:3b:a1:
                    e1:97:3b:64:6b:de:f2:47:19:61:3f:95:7f:06:f6:
                    c2:d9:25:a7:c8:80:ef:1d:de:77:69:eb:e1:58:6d:
                    14:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:89:DF:52:29:E3:6D:AA:FB:77:9A:D7:8B:15:32:0C:DE:A2:80:4F
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3138352e31332e3232372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:15:6e:d5:be:20:f6:ae:8e:79:d8:a7:95:a3:ec:01:2c:e6:
         39:6c:b6:16:55:f2:28:2a:c3:b8:2d:67:f0:9d:ff:e2:d9:26:
         f5:a3:86:7b:fd:41:00:38:cc:3b:75:37:c0:0e:2a:6d:7a:01:
         92:ec:c6:ae:2c:65:df:16:28:7b:81:14:2c:49:31:87:8d:35:
         f4:d0:af:1e:26:23:a0:15:00:8f:38:26:23:e1:26:5e:35:4e:
         df:8d:0b:76:cf:b8:e7:49:44:6e:d4:92:9b:40:76:29:3c:7a:
         f6:9e:8b:1b:b8:49:0f:01:be:09:09:f0:34:db:44:f4:95:d0:
         05:d9:e5:1a:93:0a:55:5c:fd:34:30:0d:a9:0a:bf:93:bd:81:
         c9:c6:56:1c:83:53:7c:e3:dc:8f:08:9c:3b:d0:9d:0a:15:54:
         10:0d:e0:30:a7:c6:80:b4:15:f3:60:da:9e:37:68:d7:b9:6b:
         7f:d4:35:c2:f8:a0:14:12:36:bd:f3:b9:43:af:8c:ec:29:93:
         e6:15:e4:2c:1c:7e:58:1d:13:5a:83:e5:dd:3e:b4:8f:1d:50:
         dd:8b:d0:f7:a7:d6:28:ff:33:3f:bd:e6:c2:9c:4a:4c:d2:20:
         8f:a6:1b:f6:55:64:32:5f:9e:63:52:dd:e2:14:a6:b9:69:f6:
         62:79:8a:96
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcQeZxGkgxfLT8j00FXPPp4zkgbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAzMzAyMzU4MjFaFw0yNTAzMzAwMDAzMjFaMDMxMTAvBgNV
BAMTKEQxODlERjUyMjlFMzZEQUFGQjc3OUFENzhCMTUzMjBDREVBMjgwNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKH6+mCIf5Bz6pCvN8Evzj54yu
EzLpICHIMZSbGjiRppGif8TbD7Tw2JUd8maOz9Q4Hr6G918B473Q43Z8j6ajZ/wt
vnoVpD7lVweaVVa80HcswUWfXbutqFilQNZ1m8F4qqHNzELuBByXr0ZhwxhDKWsH
xdCtNuSLx6PqYp7IiS2/OD+hMe6kF9uSKxx61Fl+3SH10g2pbFUqXQkiExMIEgcs
Yc4MpkZeoYaUKdzfhnuwwwIdWc2F19O/1H2ykar42bqlIHJFSnN+StWHjqWMdd88
VCnAr10yAHXTx8A7oeGXO2Rr3vJHGWE/lX8G9sLZJafIgO8d3ndp6+FYbRS5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0YnfUinjbar7d5rXixUyDN6igE8wHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzODM1MmUzMTMzMmUzMjMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5DeMw
DQYJKoZIhvcNAQELBQADggEBADcVbtW+IPaujnnYp5Wj7AEs5jlsthZV8igqw7gt
Z/Cd/+LZJvWjhnv9QQA4zDt1N8AOKm16AZLsxq4sZd8WKHuBFCxJMYeNNfTQrx4m
I6AVAI84JiPhJl41Tt+NC3bPuOdJRG7UkptAdik8evaeixu4SQ8BvgkJ8DTbRPSV
0AXZ5RqTClVc/TQwDakKv5O9gcnGVhyDU3zj3I8InDvQnQoVVBAN4DCnxoC0FfNg
2p43aNe5a3/UNcL4oBQSNr3zuUOvjOwpk+YV5CwcflgdE1qD5d0+tI8dUN2L0Pen
1ij/Mz+95sKcSkzSII+mG/ZVZDJfnmNS3eIUprlp9mJ5ipY=
-----END CERTIFICATE-----