Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          7YYhY4FnUtPY3luNFUJKqwrCPOOtFC12l27nowrrrDs=
Subject key identifier:   79:2E:74:E2:A7:79:E7:F7:AD:EF:64:6E:6A:AB:0C:77:36:23:A1:5A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0A36910D1DB19CAECF4DF51AA1A937B6134B0E1E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 20 Sep 2024 14:04:53 +0000
ROA not before:           Fri 20 Sep 2024 13:59:53 +0000
ROA not after:            Fri 19 Sep 2025 14:04:53 +0000
asID:                     47583
IP address blocks:        185.211.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:36:91:0d:1d:b1:9c:ae:cf:4d:f5:1a:a1:a9:37:b6:13:4b:0e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:53 2024 GMT
            Not After : Sep 19 14:04:53 2025 GMT
        Subject: CN=792E74E2A779E7F7ADEF646E6AAB0C773623A15A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9b:cf:20:ea:3b:10:69:4b:6d:fe:fa:8b:83:
                    20:b4:ec:52:ff:d1:79:e6:b1:e0:f3:f9:16:70:7d:
                    e6:4c:30:3d:b1:50:7c:e7:20:72:b9:9e:6e:e7:76:
                    63:d0:17:44:03:be:12:8b:04:82:4c:85:9e:a8:fd:
                    ed:a6:7a:71:bb:e7:fc:a0:60:ac:f7:a7:fb:e9:d4:
                    a5:a0:6d:87:1b:da:e7:67:91:ae:53:5d:c7:fa:44:
                    91:3e:e9:0b:ca:e6:b3:da:87:96:52:2c:c6:9e:af:
                    d4:b3:17:b2:5d:9f:c4:b2:92:bf:f4:a4:27:f9:c8:
                    93:2d:c9:02:8f:1e:ac:ee:f8:38:63:db:63:4b:f4:
                    63:eb:a5:79:7b:5f:8b:40:a6:64:91:6c:4f:a1:f7:
                    06:21:d3:09:86:6d:80:37:32:cf:14:2f:f8:2b:48:
                    96:23:8b:57:39:08:c8:54:03:83:bd:f9:76:e8:a6:
                    85:f1:23:7d:0e:34:6e:d8:4d:26:04:6f:20:8b:dc:
                    d5:39:de:f9:41:1e:90:6d:de:a7:28:a9:ec:8a:6f:
                    ca:87:36:a1:79:65:b5:01:a9:f9:23:a3:b8:20:ea:
                    b3:e1:06:77:de:4d:99:fc:62:75:e0:6d:eb:05:ea:
                    10:b7:c0:09:8e:4b:4e:cf:89:0f:1d:ab:f3:f0:2a:
                    3b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:2E:74:E2:A7:79:E7:F7:AD:EF:64:6E:6A:AB:0C:77:36:23:A1:5A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:9c:fc:87:16:7e:6f:07:73:cf:ba:55:3f:8d:20:5a:b4:19:
         8e:10:c5:f2:c8:fd:e9:21:a6:a7:f0:7c:fb:b6:80:f8:39:cf:
         91:3c:28:d9:f6:29:24:36:27:40:e9:63:51:fd:e1:85:47:71:
         7b:e7:e4:e5:46:3d:54:1f:39:8c:d4:b7:a7:ce:8d:98:aa:07:
         31:c6:c5:78:fa:54:79:47:61:4b:8b:4e:b0:a0:c7:ba:d1:20:
         ea:47:80:65:3a:1c:56:f0:c6:92:7e:4d:35:c5:67:9d:57:99:
         97:9e:13:29:3f:9b:2b:99:2a:3e:e2:c8:af:16:20:77:df:4e:
         11:cb:74:76:5d:c3:ed:24:79:ea:09:8c:f2:5b:03:a9:35:0e:
         8e:75:80:b1:3e:9f:0c:3f:b1:d9:be:b3:a0:b1:af:4c:2f:20:
         e7:da:29:d6:12:27:1a:53:1e:30:36:86:52:d7:46:6d:c8:71:
         79:96:00:61:1f:92:e2:42:51:c3:95:e2:7a:46:31:31:ee:e3:
         be:b2:9e:06:80:13:1d:46:ae:7f:93:d9:ef:1a:6a:bd:12:40:
         8b:96:bd:00:fd:5a:e9:3e:16:93:38:1c:5f:e1:49:26:41:b3:
         2d:6f:fc:cb:a6:0c:db:9e:fd:24:be:d8:ca:27:f7:e6:cc:e5:
         8f:db:af:ed
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCjaRDR2xnK7PTfUaoak3thNLDh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTNaFw0yNTA5MTkxNDA0NTNaMDMxMTAvBgNV
BAMTKDc5MkU3NEUyQTc3OUU3RjdBREVGNjQ2RTZBQUIwQzc3MzYyM0ExNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/m88g6jsQaUtt/vqLgyC07FL/
0XnmseDz+RZwfeZMMD2xUHznIHK5nm7ndmPQF0QDvhKLBIJMhZ6o/e2menG75/yg
YKz3p/vp1KWgbYcb2udnka5TXcf6RJE+6QvK5rPah5ZSLMaer9SzF7Jdn8Sykr/0
pCf5yJMtyQKPHqzu+Dhj22NL9GPrpXl7X4tApmSRbE+h9wYh0wmGbYA3Ms8UL/gr
SJYji1c5CMhUA4O9+XbopoXxI30ONG7YTSYEbyCL3NU53vlBHpBt3qcoqeyKb8qH
NqF5ZbUBqfkjo7gg6rPhBnfeTZn8YnXgbesF6hC3wAmOS07PiQ8dq/PwKjt/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeS504qd55/et72RuaqsMdzYjoVowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BDANBgkqhkiG9w0BAQsFAAOCAQEAdJz8hxZ+bwdzz7pVP40gWrQZjhDF8sj96SGm
p/B8+7aA+DnPkTwo2fYpJDYnQOljUf3hhUdxe+fk5UY9VB85jNS3p86NmKoHMcbF
ePpUeUdhS4tOsKDHutEg6keAZTocVvDGkn5NNcVnnVeZl54TKT+bK5kqPuLIrxYg
d99OEct0dl3D7SR56gmM8lsDqTUOjnWAsT6fDD+x2b6zoLGvTC8g59op1hInGlMe
MDaGUtdGbchxeZYAYR+S4kJRw5XiekYxMe7jvrKeBoATHUauf5PZ7xpqvRJAi5a9
AP1a6T4WkzgcX+FJJkGzLW/8y6YM2579JL7Yyif35szlj9uv7Q==
-----END CERTIFICATE-----