Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e362e302f32342d3332203d3e203531313637.roa
File:                     3138352e3231312e362e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          UKWJm+K2GTKONuW8/SX+Rnh75U1hGzNhxbHg3e7cYow=
Subject key identifier:   18:2E:C0:C3:F5:3B:CC:66:CC:31:50:C6:39:AB:03:F1:96:E8:9E:51
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       24B8D132BD9240CFA95648BD9914A7A05C758B70
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e362e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Sep 2024 14:05:02 +0000
ROA not before:           Fri 20 Sep 2024 14:00:02 +0000
ROA not after:            Fri 19 Sep 2025 14:05:02 +0000
asID:                     51167
IP address blocks:        185.211.6.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b8:d1:32:bd:92:40:cf:a9:56:48:bd:99:14:a7:a0:5c:75:8b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 14:00:02 2024 GMT
            Not After : Sep 19 14:05:02 2025 GMT
        Subject: CN=182EC0C3F53BCC66CC3150C639AB03F196E89E51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9f:92:c3:4c:98:31:b6:90:e7:57:b6:bf:18:
                    8c:8f:c8:f6:e4:24:60:a6:f0:37:67:e1:7e:f5:47:
                    a3:be:e1:2c:fd:a4:ec:a2:17:5e:d7:d2:5b:f1:06:
                    be:8e:51:06:f3:62:14:15:81:fb:5c:91:fb:47:dd:
                    f7:42:fd:c4:7e:28:3f:35:5f:9b:bb:33:3e:1b:35:
                    d1:79:09:1f:51:48:5d:1c:51:7c:c0:d5:be:28:1c:
                    1e:0b:67:94:51:54:85:c1:48:ed:97:18:14:52:57:
                    fa:68:21:b5:22:be:b6:bf:ce:1b:64:07:3f:34:53:
                    ab:23:07:83:7f:81:6c:9c:3b:97:63:1b:7d:a5:78:
                    82:12:1c:67:2f:4a:b9:7c:ff:6e:9c:a7:99:e9:ae:
                    86:85:de:16:bb:48:78:c3:ea:fe:12:71:f7:28:0e:
                    f7:a6:69:ac:10:4a:b2:ea:2e:38:a4:53:62:00:ff:
                    28:9c:52:c3:72:a8:6a:8f:a8:8b:6b:50:88:79:a5:
                    10:20:47:85:66:93:99:84:19:d4:6c:98:83:b7:09:
                    54:1f:17:ff:ea:86:84:57:bd:85:be:a0:08:eb:cc:
                    f4:79:c9:a4:ce:de:df:60:47:cc:3c:62:c4:14:10:
                    41:cf:62:9f:82:5a:24:37:82:b8:7c:05:30:d6:b5:
                    ef:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2E:C0:C3:F5:3B:CC:66:CC:31:50:C6:39:AB:03:F1:96:E8:9E:51
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e362e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:0a:d4:b2:9b:e9:30:07:e4:00:52:91:eb:ce:45:ff:98:30:
         f2:c5:77:21:da:aa:02:3f:b7:40:e1:bc:8f:de:b6:1d:16:0e:
         e7:53:75:2f:02:97:ea:51:9d:96:1d:8e:c9:4e:65:d5:b7:55:
         dc:b2:d3:5e:34:e0:d3:b2:ea:97:b1:2c:60:bf:43:05:4e:9f:
         eb:80:a5:af:52:f4:b6:43:ad:34:ba:65:51:65:08:b5:2a:58:
         6b:73:4a:20:e0:fa:42:41:8d:36:36:9e:ce:21:01:85:a1:d4:
         5d:a3:98:52:71:f5:0d:3b:10:f2:b9:a9:3d:f9:86:96:7d:67:
         ba:3a:79:66:90:7f:eb:5d:2a:bb:16:f2:55:2d:0b:58:20:95:
         0e:94:55:da:d4:34:24:cc:c1:18:6b:ec:18:f1:ad:80:48:c0:
         dd:31:77:36:5d:55:ba:b3:fb:7a:0f:ea:dc:5c:6f:69:b1:65:
         6c:4d:81:c0:d3:b4:60:12:7e:c7:de:b8:df:58:50:46:69:62:
         ef:40:ba:6c:df:07:e7:d5:af:84:5b:90:c4:4b:e0:18:cb:b9:
         11:92:d1:a1:89:cf:31:af:0e:1b:b6:6c:96:30:6e:59:09:7b:
         11:ea:8e:c4:87:1b:2f:ab:7e:09:4c:66:c5:4c:5f:13:d8:14:
         b3:0f:bc:02
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJLjRMr2SQM+pVki9mRSnoFx1i3AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxNDAwMDJaFw0yNTA5MTkxNDA1MDJaMDMxMTAvBgNV
BAMTKDE4MkVDMEMzRjUzQkNDNjZDQzMxNTBDNjM5QUIwM0YxOTZFODlFNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZn5LDTJgxtpDnV7a/GIyPyPbk
JGCm8Ddn4X71R6O+4Sz9pOyiF17X0lvxBr6OUQbzYhQVgftckftH3fdC/cR+KD81
X5u7Mz4bNdF5CR9RSF0cUXzA1b4oHB4LZ5RRVIXBSO2XGBRSV/poIbUivra/zhtk
Bz80U6sjB4N/gWycO5djG32leIISHGcvSrl8/26cp5nproaF3ha7SHjD6v4Scfco
DvemaawQSrLqLjikU2IA/yicUsNyqGqPqItrUIh5pRAgR4Vmk5mEGdRsmIO3CVQf
F//qhoRXvYW+oAjrzPR5yaTO3t9gR8w8YsQUEEHPYp+CWiQ3grh8BTDWte8RAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGC7Aw/U7zGbMMVDGOasD8ZbonlEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM2
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BjANBgkqhkiG9w0BAQsFAAOCAQEABwrUspvpMAfkAFKR685F/5gw8sV3IdqqAj+3
QOG8j962HRYO51N1LwKX6lGdlh2OyU5l1bdV3LLTXjTg07Lql7EsYL9DBU6f64Cl
r1L0tkOtNLplUWUItSpYa3NKIOD6QkGNNjaeziEBhaHUXaOYUnH1DTsQ8rmpPfmG
ln1nujp5ZpB/610quxbyVS0LWCCVDpRV2tQ0JMzBGGvsGPGtgEjA3TF3Nl1VurP7
eg/q3FxvabFlbE2BwNO0YBJ+x96431hQRmli70C6bN8H59WvhFuQxEvgGMu5EZLR
oYnPMa8OG7ZsljBuWQl7EeqOxIcbL6t+CUxmxUxfE9gUsw+8Ag==
-----END CERTIFICATE-----