Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          jirVmqdRFov3LdxX3HmOqiBdo27+DypTFAoO/hFVIXs=
Subject key identifier:   45:1E:38:79:6B:91:84:9C:43:77:17:AD:FB:22:66:57:02:C6:7E:26
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       37BEFBF2AE2650C429A75F1A896CC84EEC8A96B0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 20 Sep 2024 14:04:54 +0000
ROA not before:           Fri 20 Sep 2024 13:59:54 +0000
ROA not after:            Fri 19 Sep 2025 14:04:54 +0000
asID:                     47583
IP address blocks:        185.211.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:be:fb:f2:ae:26:50:c4:29:a7:5f:1a:89:6c:c8:4e:ec:8a:96:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:54 2024 GMT
            Not After : Sep 19 14:04:54 2025 GMT
        Subject: CN=451E38796B91849C437717ADFB22665702C67E26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f2:d7:52:7f:53:58:cd:a9:57:ba:c7:26:19:
                    cf:2b:b9:df:8a:f9:76:c4:5b:5c:8d:03:19:e6:bd:
                    bb:ed:c9:f6:8d:34:55:61:9d:12:4e:c0:4d:4c:28:
                    32:76:d9:6f:7f:68:f7:11:15:0f:2a:21:c9:5a:ea:
                    fc:3b:a4:91:9c:cb:37:e5:42:54:cc:91:94:5f:17:
                    ea:44:c0:99:67:71:e4:42:9e:a7:5f:17:4a:69:03:
                    37:92:62:4e:7c:30:07:b9:81:48:e8:e3:7a:fc:a1:
                    95:14:82:fa:be:23:0f:76:f2:f1:ee:e9:86:d5:29:
                    6e:99:15:e3:78:03:f1:c7:78:de:94:57:02:0e:7b:
                    65:ce:d4:2c:1b:dc:3c:14:23:98:d7:58:99:e5:29:
                    db:3f:30:c2:a5:21:6c:b7:d9:2f:28:86:86:95:c5:
                    c5:f1:87:2f:16:c7:ae:56:c9:5e:6e:57:6d:97:86:
                    01:77:9b:f5:10:fc:61:41:b7:40:c3:ac:1b:82:9b:
                    a0:9e:9d:0d:2f:24:30:f1:d5:8b:e2:7e:27:2f:96:
                    d7:f7:b3:9d:96:29:8d:20:19:12:28:23:06:4a:7a:
                    f6:d6:5f:ca:00:8a:43:86:3f:56:3c:13:1d:d1:aa:
                    32:dc:4c:2f:ef:d2:c9:c8:94:41:63:4f:1d:32:1b:
                    4a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:1E:38:79:6B:91:84:9C:43:77:17:AD:FB:22:66:57:02:C6:7E:26
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ca:22:bb:43:4b:d2:4d:0d:e7:02:d3:15:61:a3:4e:dd:7c:
         c9:a5:37:ff:bd:9f:d2:77:26:dc:48:1e:09:bc:db:df:7b:1c:
         e1:b0:4b:5c:32:5e:dc:cc:f8:15:c4:03:df:06:4a:c7:94:be:
         80:49:83:f1:ee:89:79:58:63:e6:b9:49:49:b1:95:86:01:38:
         ac:6b:63:7f:ec:fa:30:fc:ec:8f:cb:e2:bd:9e:70:bc:9f:08:
         a7:e0:fe:70:e6:82:63:f0:e0:fc:65:dc:38:71:ba:5b:c6:46:
         0b:e7:7d:07:e8:4c:65:34:00:ac:16:ad:6a:c7:c7:65:d3:3e:
         20:1c:4d:16:93:f9:00:bd:80:19:24:b7:4e:ee:25:5a:07:14:
         e7:14:c1:1e:76:c5:ff:ee:60:a6:a3:36:a7:ae:a2:93:66:d7:
         06:00:6a:6c:79:f9:e4:55:bd:46:3a:46:33:91:99:65:7a:b0:
         de:5e:25:30:90:4a:81:e9:32:e2:24:cd:7f:0d:ed:65:94:cb:
         36:42:7d:b8:5d:8a:f6:ba:d5:2e:73:f0:b4:a9:9c:17:ac:83:
         7f:c9:56:96:a0:c2:9c:6f:d6:81:a6:b6:18:7b:b1:09:11:2f:
         aa:99:e4:e6:72:53:31:91:c1:ab:13:dd:3b:fe:45:d6:d1:36:
         62:ec:64:c1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN7778q4mUMQpp18aiWzITuyKlrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTRaFw0yNTA5MTkxNDA0NTRaMDMxMTAvBgNV
BAMTKDQ1MUUzODc5NkI5MTg0OUM0Mzc3MTdBREZCMjI2NjU3MDJDNjdFMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC28tdSf1NYzalXuscmGc8rud+K
+XbEW1yNAxnmvbvtyfaNNFVhnRJOwE1MKDJ22W9/aPcRFQ8qIcla6vw7pJGcyzfl
QlTMkZRfF+pEwJlnceRCnqdfF0ppAzeSYk58MAe5gUjo43r8oZUUgvq+Iw928vHu
6YbVKW6ZFeN4A/HHeN6UVwIOe2XO1Cwb3DwUI5jXWJnlKds/MMKlIWy32S8ohoaV
xcXxhy8Wx65WyV5uV22XhgF3m/UQ/GFBt0DDrBuCm6CenQ0vJDDx1Yvificvltf3
s52WKY0gGRIoIwZKevbWX8oAikOGP1Y8Ex3RqjLcTC/v0snIlEFjTx0yG0qtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURR44eWuRhJxDdxet+yJmVwLGfiYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BzANBgkqhkiG9w0BAQsFAAOCAQEAaMoiu0NL0k0N5wLTFWGjTt18yaU3/72f0ncm
3EgeCbzb33sc4bBLXDJe3Mz4FcQD3wZKx5S+gEmD8e6JeVhj5rlJSbGVhgE4rGtj
f+z6MPzsj8vivZ5wvJ8Ip+D+cOaCY/Dg/GXcOHG6W8ZGC+d9B+hMZTQArBatasfH
ZdM+IBxNFpP5AL2AGSS3Tu4lWgcU5xTBHnbF/+5gpqM2p66ik2bXBgBqbHn55FW9
RjpGM5GZZXqw3l4lMJBKgeky4iTNfw3tZZTLNkJ9uF2K9rrVLnPwtKmcF6yDf8lW
lqDCnG/Wgaa2GHuxCREvqpnk5nJTMZHBqxPdO/5F1tE2YuxkwQ==
-----END CERTIFICATE-----