Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e342e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          PGPb7cksJQN+GpbMIlMC7vLNOV80mTAQraD+HYqR0NE=
Subject key identifier:   E3:28:06:A0:F0:47:01:2E:57:A5:81:CA:5D:14:47:28:3B:18:94:91
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2FEB5FCDD42F77EBEF306B46B65217B550467DCD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 20 Oct 2023 13:41:51 +0000
ROA not before:           Fri 20 Oct 2023 13:36:51 +0000
ROA not after:            Fri 18 Oct 2024 13:41:51 +0000
asID:                     47583
IP address blocks:        185.211.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:eb:5f:cd:d4:2f:77:eb:ef:30:6b:46:b6:52:17:b5:50:46:7d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:51 2023 GMT
            Not After : Oct 18 13:41:51 2024 GMT
        Subject: CN=E32806A0F047012E57A581CA5D1447283B189491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:e0:84:f9:92:3c:be:3c:2d:fe:ce:da:ee:
                    8c:21:90:2b:84:2d:bc:7d:12:d2:f2:6b:33:ca:d2:
                    6d:e9:22:c9:63:ed:2f:95:b0:71:6d:7f:fc:ac:0e:
                    2a:ff:af:27:b1:b1:6f:0e:61:c0:4f:58:ce:d0:00:
                    36:4d:d9:7d:fc:0b:5a:b6:8a:92:d4:ee:2f:e4:d4:
                    0c:32:94:b7:e2:3a:d0:7d:8f:2a:d5:d5:dd:79:c1:
                    9f:74:a9:cd:24:df:f7:3f:a9:f7:c8:0d:ac:e5:37:
                    cc:9a:8f:0d:94:dc:2e:1b:f0:e3:83:e7:fa:23:fd:
                    5c:70:fc:d6:5e:3d:cd:f9:b0:04:9a:7f:f1:94:87:
                    c0:09:cc:12:f7:39:bf:9f:35:16:0f:ec:28:be:c4:
                    3d:a4:cb:41:5a:5b:2c:c4:b4:aa:e8:65:95:d6:76:
                    61:65:85:60:56:03:17:de:b4:de:c8:f8:66:fb:1d:
                    44:0f:5a:9b:0d:13:cd:77:42:20:cc:d3:bf:45:ca:
                    2a:fb:09:ca:b3:4a:7a:3b:0a:f0:f3:5b:84:65:8e:
                    8c:8b:b6:e7:d5:b2:71:f9:e9:6a:46:52:a8:05:e6:
                    e6:bf:24:b5:cb:9b:d9:08:d0:65:b5:52:a9:e5:b8:
                    14:b2:4a:4c:ad:a6:71:b8:d7:75:ff:42:d9:e8:ad:
                    98:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:28:06:A0:F0:47:01:2E:57:A5:81:CA:5D:14:47:28:3B:18:94:91
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e342e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:63:e4:64:e9:c3:14:1c:a4:aa:17:8e:22:2c:e5:72:94:7f:
         61:b3:5c:0d:db:79:54:a8:9f:40:0a:24:d6:4d:22:58:ea:4d:
         ec:a4:43:7e:e4:3d:72:42:ff:38:63:17:00:11:19:62:8c:75:
         b7:76:e2:22:1b:1f:a8:f5:f0:84:24:23:2c:29:1d:8e:45:c6:
         8a:f0:57:9c:0e:33:08:37:29:57:80:f2:37:ff:5a:fb:e8:7a:
         12:b2:a1:f8:07:c5:a6:09:3a:8b:88:d2:ba:e9:f8:da:38:db:
         05:b9:3e:93:08:54:ce:b8:35:b4:20:28:7a:4e:0e:a0:fd:73:
         61:d7:4f:f2:1e:9e:82:f2:fa:ac:44:44:6d:56:8a:40:a2:52:
         65:26:2b:d3:8e:e7:a4:d7:e1:14:dc:85:97:d0:67:3a:24:16:
         15:4b:5f:65:2f:5f:c0:19:76:f4:53:c0:87:71:9f:49:4e:2d:
         66:46:75:fe:19:05:61:12:f1:d9:46:6e:d6:79:18:55:12:87:
         b3:02:f1:0e:a6:d0:a1:63:d5:ba:e6:08:0b:7d:87:da:62:41:
         bb:00:5e:4b:ed:ac:e9:c8:e1:75:19:4a:4f:a0:83:dd:f5:21:
         c4:ff:cb:f9:df:72:af:70:e2:aa:f5:e7:c5:73:57:8c:43:a7:
         d9:9f:6d:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUL+tfzdQvd+vvMGtGtlIXtVBGfc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTFaFw0yNDEwMTgxMzQxNTFaMDMxMTAvBgNV
BAMTKEUzMjgwNkEwRjA0NzAxMkU1N0E1ODFDQTVEMTQ0NzI4M0IxODk0OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtu+CE+ZI8vjwt/s7a7owhkCuE
Lbx9EtLyazPK0m3pIslj7S+VsHFtf/ysDir/ryexsW8OYcBPWM7QADZN2X38C1q2
ipLU7i/k1AwylLfiOtB9jyrV1d15wZ90qc0k3/c/qffIDazlN8yajw2U3C4b8OOD
5/oj/Vxw/NZePc35sASaf/GUh8AJzBL3Ob+fNRYP7Ci+xD2ky0FaWyzEtKroZZXW
dmFlhWBWAxfetN7I+Gb7HUQPWpsNE813QiDM079Fyir7CcqzSno7CvDzW4RljoyL
tufVsnH56WpGUqgF5ua/JLXLm9kI0GW1UqnluBSySkytpnG413X/QtnorZgvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4ygGoPBHAS5XpYHKXRRHKDsYlJEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BDANBgkqhkiG9w0BAQsFAAOCAQEAQmPkZOnDFBykqheOIizlcpR/YbNcDdt5VKif
QAok1k0iWOpN7KRDfuQ9ckL/OGMXABEZYox1t3biIhsfqPXwhCQjLCkdjkXGivBX
nA4zCDcpV4DyN/9a++h6ErKh+AfFpgk6i4jSuun42jjbBbk+kwhUzrg1tCAoek4O
oP1zYddP8h6egvL6rEREbVaKQKJSZSYr047npNfhFNyFl9BnOiQWFUtfZS9fwBl2
9FPAh3GfSU4tZkZ1/hkFYRLx2UZu1nkYVRKHswLxDqbQoWPVuuYIC32H2mJBuwBe
S+2s6cjhdRlKT6CD3fUhxP/L+d9yr3DiqvXnxXNXjEOn2Z9tmw==
-----END CERTIFICATE-----