Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3139302e3134312e302f32342d3234203d3e20383334.roa
File:                     3138352e3139302e3134312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          t6STcl4piEed35mWHRT86VI8fMXh9REeG1m5UwhZt+c=
Subject key identifier:   AB:D8:C7:95:17:42:A9:64:D7:5D:06:29:FA:06:E3:72:64:F5:7E:9D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E4778FCD80F0707A0DA8113CF8875038B2CC0F9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3139302e3134312e302f32342d3234203d3e20383334.roa
Signing time:             Fri 03 Nov 2023 18:41:15 +0000
ROA not before:           Fri 03 Nov 2023 18:36:15 +0000
ROA not after:            Fri 01 Nov 2024 18:41:15 +0000
asID:                     834
IP address blocks:        185.190.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:47:78:fc:d8:0f:07:07:a0:da:81:13:cf:88:75:03:8b:2c:c0:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  3 18:36:15 2023 GMT
            Not After : Nov  1 18:41:15 2024 GMT
        Subject: CN=ABD8C7951742A964D75D0629FA06E37264F57E9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:74:a6:9a:74:fc:05:af:e4:29:1b:b4:f5:7e:
                    ca:75:bc:67:cc:01:3c:8e:5f:bc:fa:8b:8d:1d:1e:
                    75:a6:ea:7d:cb:77:d6:33:ba:a3:b8:4c:97:0e:5b:
                    7c:70:a1:64:cf:92:e1:1a:45:4c:c2:88:45:bc:75:
                    8c:72:fc:a1:20:7e:08:4d:f9:53:08:b9:96:18:a0:
                    9b:02:d0:72:2c:9d:c5:9f:85:a2:04:cb:59:12:f8:
                    3f:e3:23:13:88:8c:93:0e:b5:66:9b:ea:40:52:88:
                    4b:8a:46:a7:26:9f:62:32:ae:a7:dd:15:3e:50:b2:
                    b4:4b:b4:ba:8f:bf:e6:11:52:da:42:7e:a8:9d:fb:
                    11:eb:07:18:1d:74:28:98:aa:5d:3b:a7:01:9a:86:
                    ee:0b:9b:b8:07:ba:a2:41:56:77:f9:75:64:33:c9:
                    67:71:25:8f:e7:5e:39:20:88:8b:3b:b5:54:6a:e9:
                    91:b3:b8:19:4e:8a:92:a5:ee:c8:a4:c2:36:e0:ea:
                    4e:2c:a2:f5:51:e9:f0:6f:4d:ea:8c:25:9c:3f:aa:
                    92:44:b9:59:1b:68:7e:ab:fe:db:a3:dd:57:61:f2:
                    a0:a5:68:81:31:1c:69:21:33:97:58:f3:48:bb:51:
                    3b:5e:df:f6:8b:cd:a1:29:c2:e1:86:8b:e4:3a:d1:
                    e5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D8:C7:95:17:42:A9:64:D7:5D:06:29:FA:06:E3:72:64:F5:7E:9D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3139302e3134312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:c0:fb:9a:62:0e:d6:87:b1:7c:12:b2:85:d0:0b:8c:7c:07:
         2d:d5:18:43:29:b3:0c:0a:6a:91:df:a4:8c:63:f9:84:bb:79:
         13:c5:23:53:32:e2:5e:c8:33:a6:81:4d:92:0b:9a:9c:d4:32:
         2f:aa:c1:7c:38:cf:72:12:ab:e0:c9:f9:fa:87:77:94:7e:a8:
         06:28:fe:36:f3:e1:27:28:60:6c:c1:02:f6:80:07:5a:a4:ba:
         19:95:1a:3c:d9:85:70:05:0a:14:a1:eb:f8:14:f6:9f:7f:e9:
         51:f1:7a:92:4c:14:eb:e3:c3:82:44:c6:25:b1:bd:56:3d:ab:
         6e:59:5d:fe:05:bc:5d:04:e0:f3:f6:f0:77:ad:9e:7b:cf:ef:
         8e:0b:8f:3f:f5:70:b2:38:d7:44:68:7f:6c:22:8e:d7:09:2b:
         a4:5a:57:14:96:61:8e:37:52:82:d3:0a:38:ea:a8:ae:75:38:
         12:e6:54:85:f9:af:32:14:8e:ed:b6:da:c0:a3:56:83:c9:98:
         b3:30:ec:61:9a:a1:e6:b1:c9:ea:17:06:45:20:a7:7d:33:f1:
         27:f0:36:64:e4:1e:87:97:f5:b1:e3:99:f0:99:cf:c5:a9:16:
         4c:2c:67:e3:47:98:c5:d1:bc:ab:cb:ac:5c:41:55:b3:e7:17:
         7b:54:2a:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbkd4/NgPBweg2oETz4h1A4sswPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzExMDMxODM2MTVaFw0yNDExMDExODQxMTVaMDMxMTAvBgNV
BAMTKEFCRDhDNzk1MTc0MkE5NjRENzVEMDYyOUZBMDZFMzcyNjRGNTdFOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzdKaadPwFr+QpG7T1fsp1vGfM
ATyOX7z6i40dHnWm6n3Ld9YzuqO4TJcOW3xwoWTPkuEaRUzCiEW8dYxy/KEgfghN
+VMIuZYYoJsC0HIsncWfhaIEy1kS+D/jIxOIjJMOtWab6kBSiEuKRqcmn2Iyrqfd
FT5QsrRLtLqPv+YRUtpCfqid+xHrBxgddCiYql07pwGahu4Lm7gHuqJBVnf5dWQz
yWdxJY/nXjkgiIs7tVRq6ZGzuBlOipKl7sikwjbg6k4sovVR6fBvTeqMJZw/qpJE
uVkbaH6r/tuj3Vdh8qClaIExHGkhM5dY80i7UTte3/aLzaEpwuGGi+Q60eUtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUq9jHlRdCqWTXXQYp+gbjcmT1fp0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTM5MzAyZTMx
MzQzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm+
jTANBgkqhkiG9w0BAQsFAAOCAQEADMD7mmIO1oexfBKyhdALjHwHLdUYQymzDApq
kd+kjGP5hLt5E8UjUzLiXsgzpoFNkguanNQyL6rBfDjPchKr4Mn5+od3lH6oBij+
NvPhJyhgbMEC9oAHWqS6GZUaPNmFcAUKFKHr+BT2n3/pUfF6kkwU6+PDgkTGJbG9
Vj2rblld/gW8XQTg8/bwd62ee8/vjguPP/VwsjjXRGh/bCKO1wkrpFpXFJZhjjdS
gtMKOOqornU4EuZUhfmvMhSO7bbawKNWg8mYszDsYZqh5rHJ6hcGRSCnfTPxJ/A2
ZOQeh5f1seOZ8JnPxakWTCxn40eYxdG8q8usXEFVs+cXe1QqHA==
-----END CERTIFICATE-----