Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
File:                     3138352e3231312e372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          7INcptQ3N5+gyaNVoosbx++prBsoQj7GXM+SpBhkVkg=
Subject key identifier:   A5:BC:1D:10:21:C5:2D:7D:AE:EF:E1:08:2B:A6:D1:D7:80:28:76:5B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0FF463F95BAB3CCC0595A1A6F55E4C8E3A3AE03C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa
Signing time:             Fri 20 Oct 2023 13:41:55 +0000
ROA not before:           Fri 20 Oct 2023 13:36:55 +0000
ROA not after:            Fri 18 Oct 2024 13:41:55 +0000
asID:                     47583
IP address blocks:        185.211.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:f4:63:f9:5b:ab:3c:cc:05:95:a1:a6:f5:5e:4c:8e:3a:3a:e0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:55 2023 GMT
            Not After : Oct 18 13:41:55 2024 GMT
        Subject: CN=A5BC1D1021C52D7DAEEFE1082BA6D1D78028765B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:85:61:bd:cb:be:a0:46:c3:5b:34:83:b4:38:
                    10:e9:47:e1:85:fa:ee:97:c5:64:d7:7a:bc:9b:57:
                    0f:b6:1d:42:f4:81:35:93:5d:db:10:ca:90:3d:5b:
                    86:14:ca:2f:ab:04:f7:6d:74:17:94:64:b4:9b:4b:
                    62:9b:cb:69:16:0f:99:ec:07:2f:ad:10:fb:77:dd:
                    6e:e3:55:27:0c:eb:5b:66:89:1b:ee:c0:f1:79:35:
                    f3:fc:6f:74:c5:aa:69:5c:38:92:2e:b0:bb:2f:14:
                    66:3b:66:ee:77:6b:ee:be:2f:fa:24:2f:58:0c:1b:
                    59:b8:5e:0e:79:d3:2f:d4:fa:ef:da:bb:a2:ce:42:
                    05:9f:f9:1c:98:2a:d5:71:2e:9e:60:61:00:97:ec:
                    06:e3:52:dc:50:10:1e:b5:a5:c2:b6:17:7e:31:c0:
                    67:e6:ef:cd:5b:a3:e9:ae:f3:48:02:13:e6:b5:e0:
                    94:1b:d0:bf:14:1a:3c:c2:ae:2e:da:ff:ea:a9:df:
                    f0:2f:99:6c:1c:03:d7:07:5f:66:46:77:37:1b:47:
                    45:1a:0b:c9:e2:d0:e4:ba:0b:56:df:0c:fe:63:35:
                    47:40:5c:c7:c8:0a:a5:c1:5a:7e:9f:d0:56:f9:ce:
                    f6:31:fe:a1:21:a6:20:8d:4b:65:e5:a2:fb:ae:11:
                    b9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:BC:1D:10:21:C5:2D:7D:AE:EF:E1:08:2B:A6:D1:D7:80:28:76:5B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231312e372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:8f:e7:a7:ae:82:d6:1a:50:90:e5:23:e2:c5:d8:c3:e3:d9:
         80:86:6f:66:c6:1b:32:c5:f2:fd:25:61:79:6d:39:72:d4:76:
         61:12:46:8d:40:27:69:23:46:9e:32:47:b8:00:67:35:12:43:
         28:37:50:2c:c4:c6:b0:40:1e:cf:29:7e:de:70:4e:c5:22:a5:
         db:05:a0:99:0e:6b:71:e6:cb:8d:97:8c:a0:3e:c9:7b:89:a1:
         74:63:08:83:19:bf:e9:64:dd:81:90:62:80:64:1b:04:bc:3f:
         fb:e5:af:d4:fd:6f:26:99:6e:30:f4:34:b0:c0:74:47:bc:84:
         59:0c:2f:fd:47:92:bf:f2:b0:eb:3b:b9:77:eb:ec:26:83:2a:
         d9:e2:d1:24:80:68:ae:4c:6a:17:89:f6:1a:73:74:c9:ee:b2:
         d7:4d:39:a9:23:99:6a:a2:0b:73:ec:18:9e:df:3a:24:f7:9f:
         3c:76:9a:7d:b5:da:e1:bd:3b:46:1a:ec:0b:8d:6e:04:f3:45:
         ce:93:82:a1:68:fb:d6:e8:83:56:a0:67:25:bc:75:8d:06:58:
         3f:ca:2f:b1:d2:50:8b:52:d8:57:51:5f:85:5f:92:61:2e:df:
         59:37:09:ae:46:a1:94:ed:14:67:b7:72:18:b9:27:bb:ec:eb:
         1b:ba:65:2f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUD/Rj+VurPMwFlaGm9V5Mjjo64DwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTVaFw0yNDEwMTgxMzQxNTVaMDMxMTAvBgNV
BAMTKEE1QkMxRDEwMjFDNTJEN0RBRUVGRTEwODJCQTZEMUQ3ODAyODc2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8hWG9y76gRsNbNIO0OBDpR+GF
+u6XxWTXerybVw+2HUL0gTWTXdsQypA9W4YUyi+rBPdtdBeUZLSbS2Kby2kWD5ns
By+tEPt33W7jVScM61tmiRvuwPF5NfP8b3TFqmlcOJIusLsvFGY7Zu53a+6+L/ok
L1gMG1m4Xg550y/U+u/au6LOQgWf+RyYKtVxLp5gYQCX7AbjUtxQEB61pcK2F34x
wGfm781bo+mu80gCE+a14JQb0L8UGjzCri7a/+qp3/AvmWwcA9cHX2ZGdzcbR0Ua
C8ni0OS6C1bfDP5jNUdAXMfICqXBWn6f0Fb5zvYx/qEhpiCNS2XlovuuEbm7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpbwdECHFLX2u7+EIK6bR14AodlswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzEyZTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnT
BzANBgkqhkiG9w0BAQsFAAOCAQEAUI/np66C1hpQkOUj4sXYw+PZgIZvZsYbMsXy
/SVheW05ctR2YRJGjUAnaSNGnjJHuABnNRJDKDdQLMTGsEAezyl+3nBOxSKl2wWg
mQ5rcebLjZeMoD7Je4mhdGMIgxm/6WTdgZBigGQbBLw/++Wv1P1vJpluMPQ0sMB0
R7yEWQwv/UeSv/Kw6zu5d+vsJoMq2eLRJIBorkxqF4n2GnN0ye6y1005qSOZaqIL
c+wYnt86JPefPHaafbXa4b07RhrsC41uBPNFzpOCoWj71uiDVqBnJbx1jQZYP8ov
sdJQi1LYV1FfhV+SYS7fWTcJrkahlO0UZ7dyGLknu+zrG7plLw==
-----END CERTIFICATE-----