Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa
File:                     3138352e3230352e3139342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          SJU0psfHB20hxxKkWLTMdIRf73cKzXu2HyJ/GszMhdA=
Subject key identifier:   E4:23:54:1F:4C:71:8C:48:07:80:CC:32:4C:00:38:A7:CC:E0:07:59
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3B10E2B2F1FB0592AFB802CC45266B5135ACC48C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa
Signing time:             Fri 07 Feb 2025 07:47:40 +0000
ROA not before:           Fri 07 Feb 2025 07:42:40 +0000
ROA not after:            Fri 06 Feb 2026 07:47:40 +0000
asID:                     834
IP address blocks:        185.205.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:10:e2:b2:f1:fb:05:92:af:b8:02:cc:45:26:6b:51:35:ac:c4:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb  7 07:42:40 2025 GMT
            Not After : Feb  6 07:47:40 2026 GMT
        Subject: CN=E423541F4C718C480780CC324C0038A7CCE00759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:35:3d:ef:25:04:4b:e9:14:bd:af:b4:f7:05:
                    5b:57:fd:50:a7:b6:11:7d:47:55:a3:e7:df:bf:d2:
                    c9:82:53:ce:77:f5:4e:1b:c7:94:8d:c7:45:fb:ee:
                    9f:d7:d8:37:dd:60:b9:4a:59:99:92:83:93:73:04:
                    9b:81:c1:0b:31:45:9b:2b:f4:6c:15:bd:c4:aa:2c:
                    50:41:27:0e:c4:d5:28:fd:da:d6:56:e3:e4:b2:7c:
                    5c:6b:07:06:e8:d5:f2:aa:95:80:c1:04:c7:c2:35:
                    0f:74:f6:72:53:a5:46:9a:e2:8c:05:25:c5:44:19:
                    ed:a9:96:27:06:06:4b:d3:e0:4b:15:6d:cc:bf:9c:
                    6f:48:f5:a6:69:c5:72:e0:2e:0e:44:1f:1a:b9:f7:
                    ac:19:c1:6b:16:eb:18:e8:79:41:73:72:de:c2:c2:
                    c6:cd:1a:17:38:71:82:9d:03:31:de:53:70:e1:8a:
                    d7:fa:45:03:f5:74:dc:20:fa:85:45:4b:fb:0d:a6:
                    8c:ba:68:0f:43:7c:1b:93:89:58:59:00:e0:2d:48:
                    49:e9:2d:08:38:56:7c:02:1b:10:6d:9c:1f:a6:aa:
                    f2:b1:f5:9f:39:1a:15:8a:83:47:dc:ee:0b:09:e7:
                    d8:69:65:f7:e3:cc:6a:45:26:2f:81:bb:6a:28:65:
                    bb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:23:54:1F:4C:71:8C:48:07:80:CC:32:4C:00:38:A7:CC:E0:07:59
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230352e3139342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e8:0c:12:52:39:6c:be:43:66:62:3e:12:1d:01:6e:bd:5c:
         76:4e:c3:bf:0f:02:5e:90:de:e0:eb:b8:64:28:e1:64:6f:37:
         ff:a4:92:d3:f2:78:dc:96:39:05:1e:67:6c:6e:fc:52:69:f1:
         47:27:3d:da:e1:16:a8:30:fa:74:ab:5a:d7:83:0c:7a:fc:05:
         ab:d7:c5:16:37:39:83:e4:20:86:60:f0:2c:fd:be:6f:01:36:
         8d:e3:60:39:ba:3f:c9:cb:80:57:f6:09:f3:22:37:89:3d:08:
         6e:14:61:e7:8f:da:04:61:40:62:2a:8b:66:c4:78:a3:2e:75:
         97:17:0b:23:1a:cf:7c:b6:83:06:8f:5d:d6:f6:55:06:b9:89:
         c0:b1:77:73:2c:df:ab:71:a6:a7:7e:34:7c:8f:07:dc:1a:70:
         61:92:59:5f:a4:1e:99:f6:aa:5f:b8:ce:fc:31:56:39:d8:a6:
         06:1e:fd:12:c3:48:79:03:29:70:ae:c0:cc:a2:58:cc:0c:01:
         26:3c:5d:cb:36:ac:08:23:aa:91:84:2d:c5:8a:b2:3b:ee:bb:
         b5:4e:18:bc:57:4c:0b:b6:75:75:d1:0c:f0:64:99:84:60:9b:
         5d:0b:02:80:1b:35:c9:29:3f:27:d4:a1:65:0f:a5:03:6f:1f:
         75:fb:39:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOxDisvH7BZKvuALMRSZrUTWsxIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAyMDcwNzQyNDBaFw0yNjAyMDYwNzQ3NDBaMDMxMTAvBgNV
BAMTKEU0MjM1NDFGNEM3MThDNDgwNzgwQ0MzMjRDMDAzOEE3Q0NFMDA3NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2NT3vJQRL6RS9r7T3BVtX/VCn
thF9R1Wj59+/0smCU8539U4bx5SNx0X77p/X2DfdYLlKWZmSg5NzBJuBwQsxRZsr
9GwVvcSqLFBBJw7E1Sj92tZW4+SyfFxrBwbo1fKqlYDBBMfCNQ909nJTpUaa4owF
JcVEGe2plicGBkvT4EsVbcy/nG9I9aZpxXLgLg5EHxq596wZwWsW6xjoeUFzct7C
wsbNGhc4cYKdAzHeU3Dhitf6RQP1dNwg+oVFS/sNpoy6aA9DfBuTiVhZAOAtSEnp
LQg4VnwCGxBtnB+mqvKx9Z85GhWKg0fc7gsJ59hpZffjzGpFJi+Bu2ooZbvJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5CNUH0xxjEgHgMwyTAA4p8zgB1kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzUyZTMx
MzkzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnN
wjANBgkqhkiG9w0BAQsFAAOCAQEAh+gMElI5bL5DZmI+Eh0Bbr1cdk7Dvw8CXpDe
4Ou4ZCjhZG83/6SS0/J43JY5BR5nbG78UmnxRyc92uEWqDD6dKta14MMevwFq9fF
Fjc5g+QghmDwLP2+bwE2jeNgObo/ycuAV/YJ8yI3iT0IbhRh54/aBGFAYiqLZsR4
oy51lxcLIxrPfLaDBo9d1vZVBrmJwLF3cyzfq3Gmp340fI8H3BpwYZJZX6Qemfaq
X7jO/DFWOdimBh79EsNIeQMpcK7AzKJYzAwBJjxdyzasCCOqkYQtxYqyO+67tU4Y
vFdMC7Z1ddEM8GSZhGCbXQsCgBs1ySk/J9ShZQ+lA28fdfs5sg==
-----END CERTIFICATE-----