Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e36342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          H7cgvEzU+d0rQ0975IpBT2Z8TAhwDHYo/2bkSCgFY1U=
Subject key identifier:   20:77:52:CD:45:BF:1C:6B:1B:96:2E:81:9D:86:29:DD:E3:7F:96:BD
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       312CA09E9B33FAB4EC6B94268970A0748978A894
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 23 Nov 2023 11:38:52 +0000
ROA not before:           Thu 23 Nov 2023 11:33:52 +0000
ROA not after:            Thu 21 Nov 2024 11:38:52 +0000
asID:                     9009
IP address blocks:        213.139.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:2c:a0:9e:9b:33:fa:b4:ec:6b:94:26:89:70:a0:74:89:78:a8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Nov 23 11:33:52 2023 GMT
            Not After : Nov 21 11:38:52 2024 GMT
        Subject: CN=207752CD45BF1C6B1B962E819D8629DDE37F96BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cf:84:d6:49:f4:b0:c0:eb:f9:fd:e1:d7:b7:
                    83:bc:e5:cf:b2:cd:a1:af:0f:c8:e3:a5:10:6d:0f:
                    f0:b8:95:c4:3f:96:0f:f9:b0:58:f3:0c:c3:fa:76:
                    fa:90:e8:63:96:b6:41:57:95:71:12:b9:37:c1:2a:
                    6f:93:52:b5:27:94:e2:3a:10:79:f0:8e:41:af:82:
                    f1:59:61:25:3c:5b:d2:72:00:85:37:44:fe:9f:00:
                    94:fe:19:15:ac:b3:0a:93:04:8f:8a:39:cb:ca:34:
                    26:b5:23:0c:da:f8:32:93:c7:d9:a4:ec:4b:d2:a8:
                    c0:8f:ee:aa:0f:12:10:6b:c8:51:27:7a:ce:f5:1e:
                    90:23:69:3d:56:d4:26:5e:9b:87:d1:83:a2:e6:b1:
                    4d:1b:e9:c2:5c:b0:d6:25:50:98:5f:ac:c3:f5:ec:
                    23:60:75:8c:7f:c9:4f:c2:0e:ca:bf:b8:01:d4:39:
                    84:27:48:04:74:02:51:3b:20:cf:e2:a7:5a:16:18:
                    5e:8a:31:b4:2f:3e:41:0b:18:d3:7e:26:ea:ec:30:
                    e0:1c:0c:f5:6e:b4:8d:0c:4f:f9:4d:a4:8f:e7:cb:
                    88:d2:e8:f1:95:d4:21:d7:1a:b9:43:02:23:86:70:
                    e5:81:21:60:7d:c4:d2:57:50:f9:0e:84:02:09:43:
                    f6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:77:52:CD:45:BF:1C:6B:1B:96:2E:81:9D:86:29:DD:E3:7F:96:BD
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:cd:2c:17:db:93:3b:88:6d:14:ab:98:db:47:8b:67:7b:8e:
         98:38:e3:04:18:54:a6:d4:b5:4b:89:b5:f1:87:7b:ab:1b:a2:
         9e:55:5a:92:59:b6:b4:38:68:20:22:63:8a:70:1b:77:62:e4:
         b3:3f:2f:60:ee:1a:41:f5:ab:cb:17:81:f3:d0:39:f8:72:50:
         43:d8:b5:06:e2:27:08:45:d3:29:5b:a2:f1:e6:e8:78:e4:cd:
         b5:d2:26:ed:4f:3c:f7:1c:24:0f:55:8d:93:ee:3b:e3:71:4f:
         da:53:6f:44:9c:55:cb:d4:9b:36:1f:ae:b2:fd:ff:0b:b0:89:
         68:78:00:d2:a7:e2:c4:7e:5c:f8:85:b1:ba:33:9b:cc:b7:70:
         5e:44:df:02:a1:1a:97:37:43:ec:3e:21:68:eb:51:44:ec:58:
         fa:41:21:71:4c:aa:20:b6:ab:c5:ae:12:e6:c1:96:c0:33:a0:
         2a:98:d4:fa:19:06:eb:43:6d:b7:6d:42:4c:01:42:bf:21:e9:
         1a:f8:15:d5:19:e3:59:d7:95:4d:c7:b9:7d:82:0f:c8:f7:43:
         e4:6c:3b:e7:80:12:83:f9:11:6e:49:28:13:48:36:1f:11:68:
         a9:10:fb:4d:06:07:a1:a1:17:da:51:fd:99:1a:49:bf:6a:ea:
         44:8c:2d:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMSygnpsz+rTsa5QmiXCgdIl4qJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yMzExMjMxMTMzNTJaFw0yNDExMjExMTM4NTJaMDMxMTAvBgNV
BAMTKDIwNzc1MkNENDVCRjFDNkIxQjk2MkU4MTlEODYyOURERTM3Rjk2QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMz4TWSfSwwOv5/eHXt4O85c+y
zaGvD8jjpRBtD/C4lcQ/lg/5sFjzDMP6dvqQ6GOWtkFXlXESuTfBKm+TUrUnlOI6
EHnwjkGvgvFZYSU8W9JyAIU3RP6fAJT+GRWsswqTBI+KOcvKNCa1Iwza+DKTx9mk
7EvSqMCP7qoPEhBryFEnes71HpAjaT1W1CZem4fRg6LmsU0b6cJcsNYlUJhfrMP1
7CNgdYx/yU/CDsq/uAHUOYQnSAR0AlE7IM/ip1oWGF6KMbQvPkELGNN+JursMOAc
DPVutI0MT/lNpI/ny4jS6PGV1CHXGrlDAiOGcOWBIWB9xNJXUPkOhAIJQ/bRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIHdSzUW/HGsbli6BnYYp3eN/lr0wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
QDANBgkqhkiG9w0BAQsFAAOCAQEAZ80sF9uTO4htFKuY20eLZ3uOmDjjBBhUptS1
S4m18Yd7qxuinlVaklm2tDhoICJjinAbd2Lksz8vYO4aQfWryxeB89A5+HJQQ9i1
BuInCEXTKVui8eboeOTNtdIm7U889xwkD1WNk+4743FP2lNvRJxVy9SbNh+usv3/
C7CJaHgA0qfixH5c+IWxujObzLdwXkTfAqEalzdD7D4haOtRROxY+kEhcUyqILar
xa4S5sGWwDOgKpjU+hkG60Ntt21CTAFCvyHpGvgV1RnjWdeVTce5fYIPyPdD5Gw7
54ASg/kRbkkoE0g2HxFoqRD7TQYHoaEX2lH9mRpJv2rqRIwt5g==
-----END CERTIFICATE-----