Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e203631333137.roa
File:                     3139332e33392e31302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          qdbN5vSbrVBSAktmRusmcNCeZ/vRFZCwY+8jbptnXLE=
Subject key identifier:   9F:3B:1C:1D:D2:FD:F8:97:8B:EC:98:BD:FC:EE:7D:1C:8D:C5:74:92
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       703C7072CA5A708AB28BC19476DC1ABADB9398F2
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 07 Aug 2023 15:34:04 +0000
ROA not before:           Mon 07 Aug 2023 15:29:04 +0000
ROA not after:            Mon 05 Aug 2024 15:34:04 +0000
asID:                     61317
IP address blocks:        193.39.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3c:70:72:ca:5a:70:8a:b2:8b:c1:94:76:dc:1a:ba:db:93:98:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Aug  7 15:29:04 2023 GMT
            Not After : Aug  5 15:34:04 2024 GMT
        Subject: CN=9F3B1C1DD2FDF8978BEC98BDFCEE7D1C8DC57492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4a:a0:e5:88:64:e2:96:06:ee:67:d3:a0:e5:
                    d4:cb:c4:79:a0:b9:be:1e:d9:92:29:e9:0f:03:80:
                    7c:d4:94:13:2c:6a:71:8a:c1:ec:ba:62:9f:d4:1d:
                    c4:bb:00:02:73:00:7a:77:9b:ee:f4:5e:9c:fc:d7:
                    e7:28:1f:cf:92:52:db:f7:2d:b8:b7:fa:79:f9:1d:
                    2a:d8:ed:bd:bc:16:2f:ec:6d:4b:f0:b9:07:a9:78:
                    9d:db:98:5c:89:d4:c5:c5:e2:bd:4c:e3:54:79:b0:
                    5a:2b:78:61:60:c1:b6:75:61:9a:7f:38:81:cd:cd:
                    e8:48:9d:08:f0:bd:35:21:e7:28:a1:65:1e:dc:e5:
                    c2:ea:bb:4e:43:d0:53:8a:c8:bc:be:d9:0b:4b:29:
                    78:93:ff:11:f2:a4:06:a7:5c:33:53:80:19:43:d9:
                    cb:3f:cc:fc:38:c6:f0:a1:9d:ea:ee:8a:f3:d4:aa:
                    b6:83:d9:0d:f5:6c:7a:47:52:a8:5c:b8:9c:36:c9:
                    ae:84:32:7d:b5:ce:4d:6a:3d:24:01:ec:7f:81:f9:
                    1e:6b:d4:05:89:11:81:93:e8:19:b0:3b:a0:2b:56:
                    62:c4:68:b6:fc:6d:6a:64:5a:99:58:60:bb:31:0f:
                    67:7e:57:2a:2e:c8:ec:78:9f:6f:4e:77:5d:ee:af:
                    88:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3B:1C:1D:D2:FD:F8:97:8B:EC:98:BD:FC:EE:7D:1C:8D:C5:74:92
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:18:0f:56:02:64:b8:10:2d:57:4e:b6:f9:4a:1b:a4:fe:89:
         8c:a1:35:04:36:4e:2c:bf:94:8c:49:65:cb:a8:44:e7:b2:fa:
         3a:f0:a6:94:4e:4b:ad:eb:51:6e:5d:a0:8d:a1:dc:78:e5:75:
         33:1e:61:aa:88:ad:82:a8:d8:a1:81:84:7d:1a:68:2b:21:2e:
         2a:b5:9e:28:a0:b3:a5:93:4d:38:8d:c4:7c:2d:25:a2:57:72:
         3e:43:68:fc:cf:ef:5b:41:82:8b:7d:b3:81:28:76:4e:7c:f1:
         0d:f7:96:73:1d:a1:d1:83:1f:a7:b5:20:dd:0f:b2:c9:49:c5:
         40:e3:97:ae:00:60:97:4e:c2:07:72:9b:1a:40:d7:89:a7:26:
         bb:28:01:3b:ad:6e:ab:9b:26:75:bf:93:89:26:98:e0:59:d1:
         fe:18:6e:cc:9f:9d:c9:c3:69:72:a7:cb:89:39:98:53:20:54:
         3a:eb:74:70:e9:b5:8e:72:cd:b2:8b:ee:70:bf:e6:42:5b:8e:
         fe:fd:a7:1b:64:da:f7:fb:ea:ed:00:b9:72:58:b8:67:ad:c7:
         45:90:7b:8d:bc:c0:45:e4:d7:ce:fb:99:4b:84:b8:af:e0:3f:
         69:19:de:d1:e1:0b:e4:4f:ce:34:cb:82:1f:cb:24:d5:a2:96:
         47:e4:f6:ca
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcDxwcspacIqyi8GUdtwautuTmPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA4MDcxNTI5MDRaFw0yNDA4MDUxNTM0MDRaMDMxMTAvBgNV
BAMTKDlGM0IxQzFERDJGREY4OTc4QkVDOThCREZDRUU3RDFDOERDNTc0OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZSqDliGTilgbuZ9Og5dTLxHmg
ub4e2ZIp6Q8DgHzUlBMsanGKwey6Yp/UHcS7AAJzAHp3m+70Xpz81+coH8+SUtv3
Lbi3+nn5HSrY7b28Fi/sbUvwuQepeJ3bmFyJ1MXF4r1M41R5sForeGFgwbZ1YZp/
OIHNzehInQjwvTUh5yihZR7c5cLqu05D0FOKyLy+2QtLKXiT/xHypAanXDNTgBlD
2cs/zPw4xvChneruivPUqraD2Q31bHpHUqhcuJw2ya6EMn21zk1qPSQB7H+B+R5r
1AWJEYGT6BmwO6ArVmLEaLb8bWpkWplYYLsxD2d+VyouyOx4n29Od13ur4hhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnzscHdL9+JeL7Ji9/O59HI3FdJIwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzMzM5MmUzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEn
CjANBgkqhkiG9w0BAQsFAAOCAQEANRgPVgJkuBAtV062+UobpP6JjKE1BDZOLL+U
jElly6hE57L6OvCmlE5LretRbl2gjaHceOV1Mx5hqoitgqjYoYGEfRpoKyEuKrWe
KKCzpZNNOI3EfC0loldyPkNo/M/vW0GCi32zgSh2TnzxDfeWcx2h0YMfp7Ug3Q+y
yUnFQOOXrgBgl07CB3KbGkDXiacmuygBO61uq5smdb+TiSaY4FnR/hhuzJ+dycNp
cqfLiTmYUyBUOut0cOm1jnLNsovucL/mQluO/v2nG2Ta9/vq7QC5cli4Z63HRZB7
jbzAReTXzvuZS4S4r+A/aRne0eEL5E/ONMuCH8sk1aKWR+T2yg==
-----END CERTIFICATE-----