Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
File:                     3138352e3231372e3136392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          r3Qos0zX6x597j0Fq3WM0H/2A/UZweiBNxuv4vtMpdI=
Subject key identifier:   61:BC:D0:F7:10:D8:00:78:7D:82:FD:B3:C5:09:D4:25:63:9D:30:33
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53795C56644B133C380DD18A54E5D77C2B79E3D5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 21 Aug 2023 07:24:13 +0000
ROA not before:           Mon 21 Aug 2023 07:19:13 +0000
ROA not after:            Mon 19 Aug 2024 07:24:13 +0000
asID:                     834
IP address blocks:        185.217.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:79:5c:56:64:4b:13:3c:38:0d:d1:8a:54:e5:d7:7c:2b:79:e3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 07:19:13 2023 GMT
            Not After : Aug 19 07:24:13 2024 GMT
        Subject: CN=61BCD0F710D800787D82FDB3C509D425639D3033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fd:32:74:ac:5d:bc:01:33:df:e7:03:e2:e0:
                    0f:5f:90:e8:75:d8:96:19:b8:ce:56:d9:0e:fe:3f:
                    b3:4f:b7:61:d0:ef:9c:d1:9b:27:70:a4:74:47:80:
                    fa:9d:46:02:d5:a9:0f:f6:8f:a6:02:b1:66:be:d8:
                    71:db:54:f2:17:2b:ad:1a:d1:67:a5:27:f9:20:45:
                    ff:9b:09:8f:a5:72:a6:57:6d:44:bf:39:8c:83:a1:
                    f5:a5:5a:73:94:56:62:00:70:d9:c2:74:5f:f8:1d:
                    e5:a5:1a:59:df:7f:41:50:c0:07:ec:83:61:1f:ff:
                    96:ec:2b:d8:6f:00:4e:47:3c:8a:b0:50:76:d3:3f:
                    f7:c7:26:5e:c4:91:de:15:fc:2e:24:31:30:5f:5b:
                    74:94:3a:ed:bd:cf:89:ae:01:50:d6:e7:cb:fd:b8:
                    ae:3a:24:9c:05:c3:6d:05:42:ab:14:53:93:d0:7d:
                    e7:a4:25:3a:09:47:1b:93:83:1c:dc:e2:a2:58:7c:
                    dc:c8:b3:38:e5:3b:1a:3b:17:33:5d:0d:cc:16:7b:
                    50:c2:a4:d3:40:a1:44:98:9f:d4:b5:c0:c4:f7:20:
                    f9:f7:23:4c:06:bd:a9:dc:3e:bf:53:50:32:da:45:
                    5b:dc:f1:e3:bf:a4:6e:44:60:03:63:d1:2a:eb:29:
                    c8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BC:D0:F7:10:D8:00:78:7D:82:FD:B3:C5:09:D4:25:63:9D:30:33
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:b9:12:a2:78:da:c4:2f:cb:a7:13:b5:cc:fc:ff:d9:c3:1f:
         4f:93:fa:fe:70:72:16:6e:64:70:44:a8:01:23:42:3a:c3:d3:
         ca:02:13:7a:a3:f6:38:11:c9:0c:d9:22:c8:88:46:b6:4c:b0:
         ed:a8:96:81:a5:d3:f5:85:92:df:26:22:9e:41:56:c6:64:2f:
         dd:1e:80:60:d8:b0:8b:19:78:fe:f2:f9:11:4f:41:ca:12:8d:
         cc:5f:ec:e4:c1:74:d2:ab:c3:3c:cd:73:a5:bb:19:6b:88:5d:
         a8:59:ad:51:08:19:e7:62:71:a9:49:ec:eb:0a:52:9c:b4:3b:
         64:5c:2d:46:21:81:22:4d:ae:66:74:33:78:02:f0:8f:cc:3c:
         aa:4f:b0:3f:72:01:d6:9d:a6:bf:c1:d9:9a:7f:f1:11:13:f1:
         23:15:e7:1d:55:8b:41:37:78:bf:43:db:7a:64:a6:68:7e:f7:
         45:e7:87:43:74:06:e2:0a:47:a0:2b:e5:f7:b1:bc:eb:41:dc:
         5f:24:88:8d:50:76:d2:23:6a:e5:da:c5:6a:2b:db:74:ae:ce:
         7a:e3:e2:78:c2:5d:bc:d7:ad:fd:86:63:bb:fe:87:f2:4b:47:
         47:e8:d3:07:88:b5:03:65:43:1a:b0:8b:df:cf:ac:33:a2:90:
         fd:67:16:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU3lcVmRLEzw4DdGKVOXXfCt549UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MjEwNzE5MTNaFw0yNDA4MTkwNzI0MTNaMDMxMTAvBgNV
BAMTKDYxQkNEMEY3MTBEODAwNzg3RDgyRkRCM0M1MDlENDI1NjM5RDMwMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX/TJ0rF28ATPf5wPi4A9fkOh1
2JYZuM5W2Q7+P7NPt2HQ75zRmydwpHRHgPqdRgLVqQ/2j6YCsWa+2HHbVPIXK60a
0WelJ/kgRf+bCY+lcqZXbUS/OYyDofWlWnOUVmIAcNnCdF/4HeWlGlnff0FQwAfs
g2Ef/5bsK9hvAE5HPIqwUHbTP/fHJl7Ekd4V/C4kMTBfW3SUOu29z4muAVDW58v9
uK46JJwFw20FQqsUU5PQfeekJToJRxuTgxzc4qJYfNzIszjlOxo7FzNdDcwWe1DC
pNNAoUSYn9S1wMT3IPn3I0wGvancPr9TUDLaRVvc8eO/pG5EYANj0SrrKcivAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYbzQ9xDYAHh9gv2zxQnUJWOdMDMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzcyZTMx
MzYzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnZ
qTANBgkqhkiG9w0BAQsFAAOCAQEAm7kSonjaxC/LpxO1zPz/2cMfT5P6/nByFm5k
cESoASNCOsPTygITeqP2OBHJDNkiyIhGtkyw7aiWgaXT9YWS3yYinkFWxmQv3R6A
YNiwixl4/vL5EU9ByhKNzF/s5MF00qvDPM1zpbsZa4hdqFmtUQgZ52JxqUns6wpS
nLQ7ZFwtRiGBIk2uZnQzeALwj8w8qk+wP3IB1p2mv8HZmn/xERPxIxXnHVWLQTd4
v0PbemSmaH73ReeHQ3QG4gpHoCvl97G860HcXySIjVB20iNq5drFaivbdK7OeuPi
eMJdvNet/YZju/6H8ktHR+jTB4i1A2VDGrCL38+sM6KQ/WcW5g==
-----END CERTIFICATE-----