Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36392e302f32342d3234203d3e2032393134.roa
File:                     3231332e3133392e36392e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          81bpc/CfwUaeuP0px8RLdF+w4HW5KjenHLxKw8NU88s=
Subject key identifier:   69:C7:B8:C7:44:CF:D3:0D:27:3C:9B:70:1B:E2:D7:BF:4C:88:3D:DF
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       3E61A28F65BD4810283C6A8D383E2555E30DCE54
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36392e302f32342d3234203d3e2032393134.roa
Signing time:             Wed 13 Mar 2024 12:11:46 +0000
ROA not before:           Wed 13 Mar 2024 12:06:46 +0000
ROA not after:            Wed 12 Mar 2025 12:11:46 +0000
asID:                     2914
IP address blocks:        213.139.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:61:a2:8f:65:bd:48:10:28:3c:6a:8d:38:3e:25:55:e3:0d:ce:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 13 12:06:46 2024 GMT
            Not After : Mar 12 12:11:46 2025 GMT
        Subject: CN=69C7B8C744CFD30D273C9B701BE2D7BF4C883DDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c1:f8:7c:85:62:31:77:75:ee:6a:51:41:f4:
                    42:fd:f1:91:63:6b:6b:92:c3:4d:47:c9:83:40:e5:
                    e8:4a:25:7c:ce:72:d8:64:78:a3:54:b3:fc:28:ff:
                    43:83:81:9a:4a:a0:f0:d7:e1:6c:41:cc:1f:e3:cb:
                    38:a0:f4:44:8b:87:c7:24:85:28:8d:ce:b0:82:da:
                    12:1c:e2:1b:f8:0f:4a:c0:1f:6c:2a:84:02:4d:8f:
                    3e:42:ca:78:5a:fd:f8:ee:be:07:36:0b:20:63:0e:
                    99:ae:9a:aa:9c:97:e1:e3:76:0d:d1:77:6e:8e:1a:
                    3e:ec:90:29:96:a9:d2:85:5d:95:7c:b7:03:4d:4f:
                    f6:96:7a:73:e6:13:fb:f2:f9:8d:ef:aa:79:eb:ec:
                    c9:75:50:c0:17:47:0e:ab:f2:df:9d:4a:a8:b4:8d:
                    0d:6d:3f:b4:22:4c:3a:6e:dd:92:14:d6:1d:7d:18:
                    a1:b0:cc:0d:45:1c:c3:20:a9:dd:ec:26:55:21:2f:
                    41:20:22:d8:55:75:c5:85:b5:14:7a:30:a6:30:9c:
                    9f:b4:f8:72:97:87:34:5a:a0:94:c3:d7:e0:28:bb:
                    c7:5e:e0:7a:a3:de:c2:5d:a8:6c:84:f1:7f:b4:6c:
                    dd:0e:d5:25:a7:e8:c6:42:39:e2:16:8d:23:9a:37:
                    e3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C7:B8:C7:44:CF:D3:0D:27:3C:9B:70:1B:E2:D7:BF:4C:88:3D:DF
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36392e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:75:42:f8:2b:74:8b:4f:dc:aa:23:70:2d:69:9b:c3:bb:28:
         30:4a:64:07:d2:6f:4a:b7:74:50:78:42:00:c5:4a:2f:b7:bd:
         53:16:8d:94:f6:a5:aa:4f:01:ef:db:a8:6d:cd:33:e8:a6:e3:
         95:1b:ef:ca:38:aa:45:4e:74:af:46:e1:9d:12:7a:43:c5:fa:
         eb:9e:e4:2e:f5:4f:80:8d:c5:52:db:f1:a3:87:22:3c:e8:3d:
         36:c4:55:cc:5c:d1:77:d8:d2:c9:f5:ed:80:89:ea:0e:6f:d0:
         f2:fc:40:48:7c:34:b9:ee:c2:c0:ff:7a:dd:ce:7c:6c:63:66:
         34:5c:12:35:04:9d:ef:a9:57:3b:fa:aa:07:58:f1:21:ec:ae:
         a2:a1:b0:6d:91:e7:f3:4f:b5:3e:37:e4:2f:df:c3:49:b6:f8:
         38:33:00:21:59:b6:a8:3f:1d:84:a7:42:02:07:13:f9:a2:89:
         9c:2b:94:93:90:a0:4e:6e:d8:d0:96:4d:68:f8:82:29:7b:5f:
         df:c0:c0:48:e6:17:79:c3:1f:a8:90:c3:38:e0:9a:8c:d8:58:
         0c:a8:e4:3a:ee:95:34:98:53:e5:11:d7:7b:3a:14:7e:f3:fb:
         a6:87:fc:e4:58:fb:ec:dc:80:0e:43:59:17:2d:37:28:91:ba:
         2c:2f:a3:e7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPmGij2W9SBAoPGqNOD4lVeMNzlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDAzMTMxMjA2NDZaFw0yNTAzMTIxMjExNDZaMDMxMTAvBgNV
BAMTKDY5QzdCOEM3NDRDRkQzMEQyNzNDOUI3MDFCRTJEN0JGNEM4ODNEREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBwfh8hWIxd3XualFB9EL98ZFj
a2uSw01HyYNA5ehKJXzOcthkeKNUs/wo/0ODgZpKoPDX4WxBzB/jyzig9ESLh8ck
hSiNzrCC2hIc4hv4D0rAH2wqhAJNjz5Cynha/fjuvgc2CyBjDpmumqqcl+Hjdg3R
d26OGj7skCmWqdKFXZV8twNNT/aWenPmE/vy+Y3vqnnr7Ml1UMAXRw6r8t+dSqi0
jQ1tP7QiTDpu3ZIU1h19GKGwzA1FHMMgqd3sJlUhL0EgIthVdcWFtRR6MKYwnJ+0
+HKXhzRaoJTD1+Aou8de4Hqj3sJdqGyE8X+0bN0O1SWn6MZCOeIWjSOaN+OZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUace4x0TP0w0nPJtwG+LXv0yIPd8wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
RTANBgkqhkiG9w0BAQsFAAOCAQEAPHVC+Ct0i0/cqiNwLWmbw7soMEpkB9JvSrd0
UHhCAMVKL7e9UxaNlPalqk8B79uobc0z6KbjlRvvyjiqRU50r0bhnRJ6Q8X6657k
LvVPgI3FUtvxo4ciPOg9NsRVzFzRd9jSyfXtgInqDm/Q8vxASHw0ue7CwP963c58
bGNmNFwSNQSd76lXO/qqB1jxIeyuoqGwbZHn80+1PjfkL9/DSbb4ODMAIVm2qD8d
hKdCAgcT+aKJnCuUk5CgTm7Y0JZNaPiCKXtf38DASOYXecMfqJDDOOCajNhYDKjk
Ou6VNJhT5RHXezoUfvP7pof85Fj77NyADkNZFy03KJG6LC+j5w==
-----END CERTIFICATE-----