Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20383334.roa
File:                     3138352e3131312e3135372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          vWUYNsg+80h4aOmVgH8aOhCzFGwG1vUIySBRal0QQNU=
Subject key identifier:   E7:EB:55:C4:F7:93:3B:3B:BB:F0:5D:81:C8:C3:28:0E:57:E2:DC:68
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7CC561AFFC23CCBF882B90823377CC2F70DC8B43
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20383334.roa
Signing time:             Fri 10 May 2024 13:28:45 +0000
ROA not before:           Fri 10 May 2024 13:23:45 +0000
ROA not after:            Fri 09 May 2025 13:28:45 +0000
asID:                     834
IP address blocks:        185.111.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:c5:61:af:fc:23:cc:bf:88:2b:90:82:33:77:cc:2f:70:dc:8b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 10 13:23:45 2024 GMT
            Not After : May  9 13:28:45 2025 GMT
        Subject: CN=E7EB55C4F7933B3BBBF05D81C8C3280E57E2DC68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:99:be:68:b2:30:1e:99:66:85:d4:b7:33:ca:
                    25:3e:9d:65:b3:93:ea:54:e8:11:8c:e4:ab:35:b1:
                    6d:20:cf:0c:c9:46:f0:0a:d2:cf:4c:19:54:ba:5a:
                    1e:af:0e:ac:5a:79:7c:7d:3c:af:68:c7:3d:d7:9b:
                    d1:f1:b0:09:e2:a6:d7:3c:93:09:e3:9e:c1:f6:42:
                    ef:b9:38:22:b5:00:c2:26:a1:c7:77:6b:cb:8a:f1:
                    65:81:79:45:aa:f4:d6:7d:d7:20:b5:d3:eb:02:37:
                    ca:3a:67:75:f2:5d:f8:f5:cc:62:a5:5a:d4:9c:35:
                    3a:52:4a:e6:02:d8:41:7c:3c:87:dc:2f:2e:94:d4:
                    b4:f9:c8:e3:eb:4f:a0:1b:ee:3a:bc:7f:e2:31:e4:
                    25:a8:f9:de:40:79:ed:64:88:c0:45:69:95:4a:ec:
                    2c:d4:c7:2a:52:e9:34:4b:46:f3:a2:22:74:0a:49:
                    47:a7:77:3e:5d:40:64:ea:ec:e1:4e:27:7b:76:62:
                    27:5b:6b:21:bf:9e:72:c0:de:f1:3d:e3:79:d3:32:
                    c9:6c:51:36:3f:70:1c:b3:58:92:a5:64:48:16:45:
                    24:09:be:88:18:dd:f5:c8:af:9a:52:80:ac:8a:ff:
                    68:13:c6:07:6c:8f:39:68:2d:b6:87:36:e9:cd:60:
                    8f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:EB:55:C4:F7:93:3B:3B:BB:F0:5D:81:C8:C3:28:0E:57:E2:DC:68
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:90:39:ac:93:31:ad:89:c3:92:eb:e1:41:7a:0f:c2:ac:10:
         1d:ce:a0:56:4e:ec:2c:82:9b:a7:94:d3:c6:28:dd:60:70:7a:
         c1:fc:84:f7:ff:a3:76:b9:6c:7f:9f:ff:68:88:1a:8f:19:5f:
         60:7a:5b:bb:cd:22:f5:90:eb:a6:9a:56:73:a7:7a:c8:d4:64:
         cd:f1:73:28:4a:97:af:26:70:6f:63:f7:f4:68:a9:d6:47:57:
         fb:d6:e9:35:bc:60:76:86:64:6f:f8:a0:b8:bd:10:60:ca:73:
         c1:ca:d8:c5:69:b4:8a:75:8e:1f:58:72:63:36:ac:c1:68:c9:
         54:99:f7:c5:f5:ce:fd:94:3b:8e:01:65:c9:0b:b2:3c:e4:e6:
         88:f8:60:6d:9f:bc:f9:ce:b5:67:b8:6c:67:e8:b1:65:46:89:
         3e:56:21:a2:6c:8c:d8:fc:27:04:2d:b1:36:4c:8a:14:a7:46:
         ab:aa:19:e5:bd:16:eb:08:52:49:33:6b:b4:57:ef:8d:a0:1f:
         de:e9:1c:93:b2:1d:ab:c7:06:a5:23:0e:92:74:73:88:3e:25:
         6a:4a:80:3d:b0:cb:ac:6f:5f:19:de:29:16:b7:03:4e:06:55:
         b0:f5:b3:27:6c:81:b4:a2:87:06:be:e2:15:48:7c:e9:58:14:
         88:3c:53:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfMVhr/wjzL+IK5CCM3fML3Dci0MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MTAxMzIzNDVaFw0yNTA1MDkxMzI4NDVaMDMxMTAvBgNV
BAMTKEU3RUI1NUM0Rjc5MzNCM0JCQkYwNUQ4MUM4QzMyODBFNTdFMkRDNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxmb5osjAemWaF1LczyiU+nWWz
k+pU6BGM5Ks1sW0gzwzJRvAK0s9MGVS6Wh6vDqxaeXx9PK9oxz3Xm9HxsAniptc8
kwnjnsH2Qu+5OCK1AMImocd3a8uK8WWBeUWq9NZ91yC10+sCN8o6Z3XyXfj1zGKl
WtScNTpSSuYC2EF8PIfcLy6U1LT5yOPrT6Ab7jq8f+Ix5CWo+d5Aee1kiMBFaZVK
7CzUxypS6TRLRvOiInQKSUendz5dQGTq7OFOJ3t2YidbayG/nnLA3vE943nTMsls
UTY/cByzWJKlZEgWRSQJvogY3fXIr5pSgKyK/2gTxgdsjzloLbaHNunNYI8vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5+tVxPeTOzu78F2ByMMoDlfi3GgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTMxMzEyZTMx
MzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlv
nTANBgkqhkiG9w0BAQsFAAOCAQEAKJA5rJMxrYnDkuvhQXoPwqwQHc6gVk7sLIKb
p5TTxijdYHB6wfyE9/+jdrlsf5//aIgajxlfYHpbu80i9ZDrpppWc6d6yNRkzfFz
KEqXryZwb2P39Gip1kdX+9bpNbxgdoZkb/iguL0QYMpzwcrYxWm0inWOH1hyYzas
wWjJVJn3xfXO/ZQ7jgFlyQuyPOTmiPhgbZ+8+c61Z7hsZ+ixZUaJPlYhomyM2Pwn
BC2xNkyKFKdGq6oZ5b0W6whSSTNrtFfvjaAf3ukck7Idq8cGpSMOknRziD4lakqA
PbDLrG9fGd4pFrcDTgZVsPWzJ2yBtKKHBr7iFUh86VgUiDxTgQ==
-----END CERTIFICATE-----