Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa
File:                     39332e39322e32312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          AyhTLJhQIvRykhLJ0WDBmN+nDinIPxiWxR2A63QTjMo=
Subject key identifier:   AE:36:5B:88:19:33:E0:54:40:30:D8:5C:7D:29:D8:34:F5:75:20:36
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       74F9E37F613A352E4E85E0FA3B09035200929E32
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 30 Apr 2024 11:05:16 +0000
ROA not before:           Tue 30 Apr 2024 11:00:16 +0000
ROA not after:            Tue 29 Apr 2025 11:05:16 +0000
asID:                     61317
IP address blocks:        93.92.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:f9:e3:7f:61:3a:35:2e:4e:85:e0:fa:3b:09:03:52:00:92:9e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Apr 30 11:00:16 2024 GMT
            Not After : Apr 29 11:05:16 2025 GMT
        Subject: CN=AE365B881933E0544030D85C7D29D834F5752036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e3:3b:e1:dc:35:d7:d6:28:f3:f5:eb:72:b0:
                    f2:03:5c:0a:3d:f8:3d:22:f3:8d:d6:29:27:8e:96:
                    f0:99:35:77:4b:64:ad:d7:ab:6a:a7:1f:b0:24:72:
                    f9:c0:df:26:3d:c9:b3:8e:63:63:6f:40:d0:dc:9d:
                    94:07:76:e7:28:44:81:73:8e:fd:b2:1c:e3:66:76:
                    2b:66:3b:5d:1c:ea:32:79:d7:25:f8:01:44:57:a4:
                    af:45:d5:c7:06:9e:ab:20:09:20:ab:a5:d8:2a:61:
                    36:94:36:8c:c9:a2:b4:36:47:f2:92:0e:ad:5f:89:
                    29:09:44:c3:b2:79:4c:b2:59:fc:a3:e6:c4:5d:3f:
                    9a:aa:e2:21:1c:c8:c9:ae:1c:e2:50:6b:02:bc:8e:
                    5a:2d:8f:38:ea:e9:3e:12:e7:7d:a8:98:d5:d7:d4:
                    4d:10:3d:5e:27:d2:17:60:30:10:a7:e9:67:6e:c5:
                    86:78:65:d2:58:99:be:3f:0a:3c:fe:57:54:5e:3e:
                    36:a5:bc:dd:3a:cd:4f:03:d5:87:46:19:d1:47:f9:
                    4a:d7:da:dd:ce:ea:8e:46:64:43:e2:3f:7f:87:64:
                    15:89:aa:d8:43:3c:13:8a:c4:31:f8:79:dc:d6:ea:
                    02:4c:68:86:fe:60:c1:0f:4c:a8:58:a7:4a:63:c2:
                    57:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:36:5B:88:19:33:E0:54:40:30:D8:5C:7D:29:D8:34:F5:75:20:36
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:33:7e:92:bd:4f:dd:e1:c4:91:fc:88:1c:d3:a9:ee:97:33:
         f6:26:03:fd:54:84:e0:65:52:ba:d2:f7:2e:d7:10:44:50:f3:
         81:72:93:a4:8d:d1:06:5e:d3:c0:f7:2e:e4:ec:7c:db:f3:fa:
         b4:f3:96:60:d2:a1:c4:c8:4e:48:01:d5:14:1e:d4:80:99:53:
         74:fc:f6:fd:df:6f:11:ca:f7:16:7d:68:ca:ec:e5:76:66:db:
         6f:d0:30:fe:f6:7d:8b:19:d0:23:db:3d:59:cd:56:7b:cc:f0:
         34:37:01:a2:a6:78:7c:67:7c:17:80:ed:f5:78:68:85:f6:64:
         da:d2:5d:36:23:e6:11:9e:20:8a:c0:a8:7b:e4:60:a3:67:23:
         b8:f5:04:02:be:9b:de:9d:a5:a5:7d:bd:53:96:b9:07:c1:f0:
         46:c0:9c:e0:e4:c6:6a:63:fc:40:5a:3a:d4:95:ef:15:93:de:
         1e:c9:1d:c3:70:c9:dd:b4:e8:39:44:da:c8:3f:82:14:bd:d1:
         73:e4:5a:87:3d:dd:78:54:f0:73:0b:20:93:ad:41:ca:98:26:
         b9:1a:8d:49:49:5b:53:04:43:17:21:f0:4f:e7:95:b4:02:b5:
         a3:d1:d1:c2:17:05:02:d0:f9:13:28:b0:b4:b7:f5:50:c0:49:
         40:89:d8:f1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdPnjf2E6NS5OheD6OwkDUgCSnjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA0MzAxMTAwMTZaFw0yNTA0MjkxMTA1MTZaMDMxMTAvBgNV
BAMTKEFFMzY1Qjg4MTkzM0UwNTQ0MDMwRDg1QzdEMjlEODM0RjU3NTIwMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF4zvh3DXX1ijz9etysPIDXAo9
+D0i843WKSeOlvCZNXdLZK3Xq2qnH7AkcvnA3yY9ybOOY2NvQNDcnZQHducoRIFz
jv2yHONmditmO10c6jJ51yX4AURXpK9F1ccGnqsgCSCrpdgqYTaUNozJorQ2R/KS
Dq1fiSkJRMOyeUyyWfyj5sRdP5qq4iEcyMmuHOJQawK8jlotjzjq6T4S532omNXX
1E0QPV4n0hdgMBCn6WduxYZ4ZdJYmb4/Cjz+V1RePjalvN06zU8D1YdGGdFH+UrX
2t3O6o5GZEPiP3+HZBWJqthDPBOKxDH4edzW6gJMaIb+YMEPTKhYp0pjwlf/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrjZbiBkz4FRAMNhcfSnYNPV1IDYwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdXBUw
DQYJKoZIhvcNAQELBQADggEBAJMzfpK9T93hxJH8iBzTqe6XM/YmA/1UhOBlUrrS
9y7XEERQ84Fyk6SN0QZe08D3LuTsfNvz+rTzlmDSocTITkgB1RQe1ICZU3T89v3f
bxHK9xZ9aMrs5XZm22/QMP72fYsZ0CPbPVnNVnvM8DQ3AaKmeHxnfBeA7fV4aIX2
ZNrSXTYj5hGeIIrAqHvkYKNnI7j1BAK+m96dpaV9vVOWuQfB8EbAnODkxmpj/EBa
OtSV7xWT3h7JHcNwyd206DlE2sg/ghS90XPkWoc93XhU8HMLIJOtQcqYJrkajUlJ
W1MEQxch8E/nlbQCtaPR0cIXBQLQ+RMosLS39VDASUCJ2PE=
-----END CERTIFICATE-----