Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31372e302f32342d3234203d3e20383334.roa
File:                     39332e39322e31372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          zYO7rH3wgw4PJa0ndeiSVUjotjSFZqWFpe0dvDG59e4=
Subject key identifier:   12:43:A9:A6:6C:52:4A:B6:16:A6:F5:33:3D:98:6F:AB:EA:66:57:76
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       429F86D5701B21B3DC4A2A01C03879745BD2E905
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 06 Feb 2024 00:00:07 +0000
ROA not before:           Mon 05 Feb 2024 23:55:07 +0000
ROA not after:            Tue 04 Feb 2025 00:00:07 +0000
asID:                     834
IP address blocks:        93.92.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:9f:86:d5:70:1b:21:b3:dc:4a:2a:01:c0:38:79:74:5b:d2:e9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Feb  5 23:55:07 2024 GMT
            Not After : Feb  4 00:00:07 2025 GMT
        Subject: CN=1243A9A66C524AB616A6F5333D986FABEA665776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ae:35:fd:1c:a5:01:9c:b4:fb:dd:f7:0e:98:
                    7a:d2:ec:a6:06:9d:16:6d:6c:ce:4d:e9:24:45:81:
                    71:ce:11:59:24:78:e8:ce:d5:cf:08:e4:d9:c9:72:
                    67:26:ea:92:56:d6:7f:28:9f:4f:70:f0:86:77:78:
                    e8:ef:23:85:93:54:85:49:70:98:c6:40:a1:97:5c:
                    d5:65:86:16:da:26:61:76:da:7e:f0:e9:ac:bf:86:
                    06:3d:8f:ae:37:73:ba:49:2f:47:47:fe:a7:48:15:
                    22:a6:a5:20:61:a0:b7:24:72:d2:59:03:e3:0d:c0:
                    b8:2d:ad:1a:08:87:e7:f1:b7:18:17:94:79:1f:c4:
                    61:56:c0:24:b8:c7:16:db:76:35:e3:c1:8e:31:04:
                    7c:c1:de:d9:8f:96:0b:b4:0e:2f:18:73:99:97:21:
                    63:da:97:ef:2a:eb:02:57:81:67:3a:a6:b9:78:f4:
                    ce:5a:a1:a2:76:f5:5f:6d:ed:f8:44:c6:f2:54:de:
                    a1:ac:87:56:1f:63:19:8b:9e:a3:df:1c:e7:50:b3:
                    06:f0:b2:68:e5:52:1a:82:fa:d5:4d:b6:ab:5c:d2:
                    29:61:64:1e:f5:ae:99:5d:02:94:ab:b4:a4:64:28:
                    d6:1d:d9:eb:be:9c:f6:4d:ae:eb:6e:3b:69:5a:ff:
                    22:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:43:A9:A6:6C:52:4A:B6:16:A6:F5:33:3D:98:6F:AB:EA:66:57:76
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:83:34:38:58:96:77:91:73:7c:d0:fb:82:4a:a0:b3:a1:6d:
         a7:d4:51:2d:15:cd:1f:ae:a3:7a:c4:ae:4e:83:c5:27:f5:18:
         db:95:1e:75:c9:41:2d:0c:8a:eb:1d:d6:79:b8:87:82:d0:e2:
         50:f6:ca:5a:ab:3e:46:18:6c:af:d0:41:96:46:87:3d:1b:30:
         1f:d2:c2:ce:1a:3a:78:31:cf:21:ef:bd:73:ab:39:c2:bd:a9:
         18:16:0c:30:88:47:5c:3b:0a:e5:c4:e7:44:db:44:77:43:b3:
         c7:2d:a9:8c:10:5b:ba:62:bf:bf:63:84:89:b3:ff:fc:d7:a6:
         8b:a2:a6:d6:09:de:e0:bb:fe:4e:23:7e:95:df:80:0e:41:1a:
         79:73:f3:34:08:15:49:e2:70:6a:41:e1:08:62:77:76:f6:39:
         4c:e5:b7:a1:3f:5e:d5:a5:82:67:bb:c9:09:cb:61:bb:74:74:
         8d:ca:b1:e4:0d:01:c2:80:b2:22:59:07:2a:cd:c1:a0:7e:44:
         b8:d8:8d:bd:a2:f9:c6:9b:56:0e:85:52:f0:c5:f6:66:41:08:
         36:df:1f:9e:95:0a:63:d3:72:4c:42:76:bb:f9:50:5f:a3:b7:
         a6:89:c9:dd:a5:92:70:4f:e9:8b:a5:36:be:38:5b:01:66:1a:
         5b:cf:c8:d4
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUQp+G1XAbIbPcSioBwDh5dFvS6QUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDAyMDUyMzU1MDdaFw0yNTAyMDQwMDAwMDdaMDMxMTAvBgNV
BAMTKDEyNDNBOUE2NkM1MjRBQjYxNkE2RjUzMzNEOTg2RkFCRUE2NjU3NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIrjX9HKUBnLT73fcOmHrS7KYG
nRZtbM5N6SRFgXHOEVkkeOjO1c8I5NnJcmcm6pJW1n8on09w8IZ3eOjvI4WTVIVJ
cJjGQKGXXNVlhhbaJmF22n7w6ay/hgY9j643c7pJL0dH/qdIFSKmpSBhoLckctJZ
A+MNwLgtrRoIh+fxtxgXlHkfxGFWwCS4xxbbdjXjwY4xBHzB3tmPlgu0Di8Yc5mX
IWPal+8q6wJXgWc6prl49M5aoaJ29V9t7fhExvJU3qGsh1YfYxmLnqPfHOdQswbw
smjlUhqC+tVNtqtc0ilhZB71rpldApSrtKRkKNYd2eu+nPZNrutuO2la/yL1AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUEkOppmxSSrYWpvUzPZhvq+pmV3YwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1cETANBgkq
hkiG9w0BAQsFAAOCAQEAjYM0OFiWd5FzfND7gkqgs6Ftp9RRLRXNH66jesSuToPF
J/UY25UedclBLQyK6x3WebiHgtDiUPbKWqs+Rhhsr9BBlkaHPRswH9LCzho6eDHP
Ie+9c6s5wr2pGBYMMIhHXDsK5cTnRNtEd0Ozxy2pjBBbumK/v2OEibP//Nemi6Km
1gne4Lv+TiN+ld+ADkEaeXPzNAgVSeJwakHhCGJ3dvY5TOW3oT9e1aWCZ7vJCcth
u3R0jcqx5A0BwoCyIlkHKs3BoH5EuNiNvaL5xptWDoVS8MX2ZkEINt8fnpUKY9Ny
TEJ2u/lQX6O3ponJ3aWScE/pi6U2vjhbAWYaW8/I1A==
-----END CERTIFICATE-----