Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20383334.roa
File:                     3138352e3231372e3134302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dd2KJI4/BJpyKkC725tGY4CRh+ZVD6j6fHM0xjLOkDc=
Subject key identifier:   B7:2C:E6:A2:D6:3F:D4:57:E5:E1:EF:7B:96:0F:1A:9D:D0:87:87:35
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       731CDD0C8A1CBE453983DAC278E684BF04261858
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20383334.roa
Signing time:             Wed 26 Jun 2024 00:03:28 +0000
ROA not before:           Tue 25 Jun 2024 23:58:28 +0000
ROA not after:            Wed 25 Jun 2025 00:03:28 +0000
asID:                     834
IP address blocks:        185.217.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:1c:dd:0c:8a:1c:be:45:39:83:da:c2:78:e6:84:bf:04:26:18:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun 25 23:58:28 2024 GMT
            Not After : Jun 25 00:03:28 2025 GMT
        Subject: CN=B72CE6A2D63FD457E5E1EF7B960F1A9DD0878735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:15:ac:a0:69:80:e0:ec:7d:1d:28:1a:88:9c:
                    fc:0d:cf:1f:77:88:cc:6d:67:ca:4e:9f:f2:94:32:
                    ef:37:ee:6b:71:b9:b5:57:ef:4e:a8:22:f6:8a:25:
                    df:13:03:a4:e9:22:1b:7f:3d:2e:fc:b9:61:d6:eb:
                    28:83:ba:b5:e0:22:bd:65:09:b0:ae:f6:b5:1f:34:
                    b6:ca:72:d5:09:c5:94:76:bf:0d:fc:26:45:b4:a3:
                    d0:d8:8d:05:e6:f8:91:78:ee:e3:7e:dd:19:90:b1:
                    5a:b1:a3:5a:7a:4b:0b:cb:1a:85:1d:c7:ae:8b:52:
                    10:a5:6f:05:ce:9e:8d:8e:4e:fe:24:a8:58:8c:c3:
                    0e:0c:97:33:60:85:e7:78:fb:f0:6d:0e:b7:38:d3:
                    99:8b:6f:11:48:9c:14:f7:a4:3b:38:91:77:8d:6d:
                    5d:d7:da:ce:82:fa:af:7d:0c:e3:02:4c:d4:6e:62:
                    a5:57:29:ce:57:f7:58:d8:1a:33:7d:29:92:90:4e:
                    96:c2:6b:ff:ef:15:23:14:e6:95:1b:46:76:dc:dc:
                    dd:5b:36:58:7f:62:f8:74:33:38:cd:e0:1e:81:3f:
                    ba:00:63:9f:b7:95:8e:59:1d:02:93:af:fb:72:c9:
                    1f:7d:7b:df:3a:d4:a5:f8:08:2c:00:c6:bc:d5:59:
                    19:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:2C:E6:A2:D6:3F:D4:57:E5:E1:EF:7B:96:0F:1A:9D:D0:87:87:35
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:af:55:e1:24:63:af:64:9f:c4:36:4d:2d:7d:ea:61:51:71:
         13:b3:69:e9:49:90:16:3b:a2:40:db:44:15:a8:d3:59:01:e8:
         96:ec:a8:ba:ae:16:d0:eb:fe:4a:e6:fa:a5:5d:e1:3c:a1:37:
         c1:04:fa:e2:1d:58:41:61:dc:10:00:10:cc:7a:ee:88:ca:60:
         ee:e7:23:e5:d3:c6:58:15:a1:45:57:73:8a:19:5d:0b:44:06:
         ed:23:02:e5:cc:bb:53:a2:c7:7b:b2:64:b6:eb:67:23:db:06:
         d8:10:05:53:19:47:51:a6:bb:01:77:fa:f9:f4:a4:db:9d:23:
         ee:16:f1:3a:50:67:4b:87:b5:41:90:08:88:fc:ae:7a:d6:ae:
         45:d1:a8:05:af:ee:da:59:b7:fb:bc:15:09:05:cf:6d:c2:b0:
         4e:8e:f2:71:c3:bc:a6:77:06:78:c7:93:40:ed:17:11:d2:80:
         5c:3f:59:64:b3:17:52:4b:82:61:08:40:f2:4f:df:dd:d1:88:
         ff:a0:9a:69:f4:38:50:8a:d5:58:25:ce:c4:43:df:3a:d2:5a:
         45:0e:cd:0b:df:a2:0c:20:e2:b1:81:f9:c5:9f:49:75:62:52:
         54:b1:db:5a:78:98:59:c9:44:09:85:27:99:41:35:ba:32:e3:
         42:4e:be:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcxzdDIocvkU5g9rCeOaEvwQmGFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MjUyMzU4MjhaFw0yNTA2MjUwMDAzMjhaMDMxMTAvBgNV
BAMTKEI3MkNFNkEyRDYzRkQ0NTdFNUUxRUY3Qjk2MEYxQTlERDA4Nzg3MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdFaygaYDg7H0dKBqInPwNzx93
iMxtZ8pOn/KUMu837mtxubVX706oIvaKJd8TA6TpIht/PS78uWHW6yiDurXgIr1l
CbCu9rUfNLbKctUJxZR2vw38JkW0o9DYjQXm+JF47uN+3RmQsVqxo1p6SwvLGoUd
x66LUhClbwXOno2OTv4kqFiMww4MlzNghed4+/BtDrc405mLbxFInBT3pDs4kXeN
bV3X2s6C+q99DOMCTNRuYqVXKc5X91jYGjN9KZKQTpbCa//vFSMU5pUbRnbc3N1b
Nlh/Yvh0MzjN4B6BP7oAY5+3lY5ZHQKTr/tyyR99e9861KX4CCwAxrzVWRmZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtyzmotY/1Ffl4e97lg8andCHhzUwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzODM1MmUzMjMxMzcyZTMx
MzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnZ
jDANBgkqhkiG9w0BAQsFAAOCAQEARq9V4SRjr2SfxDZNLX3qYVFxE7Np6UmQFjui
QNtEFajTWQHoluyouq4W0Ov+Sub6pV3hPKE3wQT64h1YQWHcEAAQzHruiMpg7ucj
5dPGWBWhRVdzihldC0QG7SMC5cy7U6LHe7JktutnI9sG2BAFUxlHUaa7AXf6+fSk
250j7hbxOlBnS4e1QZAIiPyuetauRdGoBa/u2lm3+7wVCQXPbcKwTo7yccO8pncG
eMeTQO0XEdKAXD9ZZLMXUkuCYQhA8k/f3dGI/6CaafQ4UIrVWCXOxEPfOtJaRQ7N
C9+iDCDisYH5xZ9JdWJSVLHbWniYWclECYUnmUE1ujLjQk6+KA==
-----END CERTIFICATE-----