Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa
File:                     38392e3130372e392e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          gKvf8n5mSNmt4CH/8U1m+qy80a2lj4wCa5S7HCknKvw=
Subject key identifier:   15:26:1A:F2:82:84:AA:5D:6B:E1:2E:46:8B:1C:1F:B7:2F:1A:C2:E7
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       078E9EFC33BA961A9AF5820E1938A8D4A4B0FBDF
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa
Signing time:             Tue 26 Sep 2023 02:00:48 +0000
ROA not before:           Tue 26 Sep 2023 01:55:48 +0000
ROA not after:            Tue 24 Sep 2024 02:00:48 +0000
asID:                     20473
IP address blocks:        89.107.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:8e:9e:fc:33:ba:96:1a:9a:f5:82:0e:19:38:a8:d4:a4:b0:fb:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Sep 26 01:55:48 2023 GMT
            Not After : Sep 24 02:00:48 2024 GMT
        Subject: CN=15261AF28284AA5D6BE12E468B1C1FB72F1AC2E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d5:71:50:0f:e3:0b:52:45:f7:1f:54:08:9d:
                    bc:51:db:e2:95:52:03:25:47:cb:92:0f:8c:35:9a:
                    1a:07:82:eb:8c:e7:4e:53:8d:55:4e:9f:b6:b7:55:
                    0f:4a:00:53:86:80:b8:36:dc:d1:da:a3:13:c9:14:
                    33:1a:e4:15:ac:23:04:6c:7d:10:96:63:d4:6e:b7:
                    56:3e:9a:27:e5:83:a6:b3:7d:ad:0a:b5:5a:a3:4e:
                    26:29:30:0c:7f:e9:85:f0:e9:c5:be:91:cd:71:6c:
                    d5:1b:c6:39:27:8a:cb:f1:55:24:31:2e:41:c2:d8:
                    37:14:d3:de:48:ec:34:c9:00:c6:4f:1b:da:43:66:
                    db:a9:3e:29:c8:db:07:da:1a:f4:64:8f:32:35:33:
                    d9:d0:91:5d:c7:63:4a:f3:89:93:04:71:d4:f1:e4:
                    74:ba:58:b1:99:df:fd:97:15:c0:38:af:e9:6d:59:
                    ff:24:e9:59:ec:7a:97:23:3a:eb:b7:a6:06:bf:7f:
                    ca:b9:28:ba:4d:d3:e5:32:78:18:7a:5e:68:36:69:
                    5c:66:8d:e5:ce:45:c3:97:ee:3e:51:b7:83:b4:b2:
                    2d:be:bf:4f:e6:3f:36:4e:ad:c6:42:6a:f6:6c:dd:
                    c9:1c:ac:ba:c9:94:a6:ca:2b:f7:0d:9d:6b:65:0e:
                    5e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:26:1A:F2:82:84:AA:5D:6B:E1:2E:46:8B:1C:1F:B7:2F:1A:C2:E7
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:90:96:f1:c7:6c:53:9f:50:47:4c:bc:0a:39:29:53:fe:9c:
         3b:51:b5:60:48:0d:6a:35:55:ab:25:6c:ec:26:f9:0b:03:46:
         86:9c:5e:00:b7:5f:09:c4:bb:26:c9:9a:ba:88:6c:11:ce:09:
         6f:79:94:fa:16:4e:64:db:21:f5:72:93:3b:94:e2:16:f2:9a:
         76:f0:73:c5:2d:77:86:d4:ec:07:30:22:0b:a3:92:b3:8e:86:
         58:ab:4b:da:cd:00:38:81:eb:cc:e8:3f:aa:47:7d:8d:13:37:
         f3:7f:f6:38:78:1d:ad:c1:8f:8d:12:ca:5c:39:6d:75:4b:b1:
         9f:cd:b5:21:1c:26:fd:49:bc:f1:93:71:98:27:8b:75:24:bb:
         56:ea:73:65:d2:b2:03:b2:5b:d9:f2:20:67:e2:23:f3:4d:f4:
         e2:c6:eb:3f:ac:f0:94:05:fb:e5:05:13:9f:14:f5:98:77:6b:
         f1:9e:ea:23:eb:3b:25:4c:64:99:3f:4d:49:43:c0:7a:e0:a6:
         10:1a:b6:94:e2:e1:c8:c8:7f:10:5b:15:88:f3:1c:98:04:28:
         3e:d0:bb:af:17:c9:46:4a:10:69:64:c3:5f:0f:2f:ba:79:44:
         61:e4:0d:f9:3d:4b:6b:a0:01:10:39:78:82:1e:07:4f:62:69:
         a9:c3:5b:46
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUB46e/DO6lhqa9YIOGTio1KSw+98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzA5MjYwMTU1NDhaFw0yNDA5MjQwMjAwNDhaMDMxMTAvBgNV
BAMTKDE1MjYxQUYyODI4NEFBNUQ2QkUxMkU0NjhCMUMxRkI3MkYxQUMyRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS1XFQD+MLUkX3H1QInbxR2+KV
UgMlR8uSD4w1mhoHguuM505TjVVOn7a3VQ9KAFOGgLg23NHaoxPJFDMa5BWsIwRs
fRCWY9Rut1Y+miflg6azfa0KtVqjTiYpMAx/6YXw6cW+kc1xbNUbxjknisvxVSQx
LkHC2DcU095I7DTJAMZPG9pDZtupPinI2wfaGvRkjzI1M9nQkV3HY0rziZMEcdTx
5HS6WLGZ3/2XFcA4r+ltWf8k6VnsepcjOuu3pga/f8q5KLpN0+UyeBh6Xmg2aVxm
jeXORcOX7j5Rt4O0si2+v0/mPzZOrcZCavZs3ckcrLrJlKbKK/cNnWtlDl4JAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFSYa8oKEql1r4S5Gixwfty8awucwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzgzOTJlMzEzMDM3MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZawkw
DQYJKoZIhvcNAQELBQADggEBAFaQlvHHbFOfUEdMvAo5KVP+nDtRtWBIDWo1Vasl
bOwm+QsDRoacXgC3XwnEuybJmrqIbBHOCW95lPoWTmTbIfVykzuU4hbymnbwc8Ut
d4bU7AcwIgujkrOOhlirS9rNADiB68zoP6pHfY0TN/N/9jh4Ha3Bj40Sylw5bXVL
sZ/NtSEcJv1JvPGTcZgni3Uku1bqc2XSsgOyW9nyIGfiI/NN9OLG6z+s8JQF++UF
E58U9Zh3a/Ge6iPrOyVMZJk/TUlDwHrgphAatpTi4cjIfxBbFYjzHJgEKD7Qu68X
yUZKEGlkw18PL7p5RGHkDfk9S2ugARA5eIIeB09iaanDW0Y=
-----END CERTIFICATE-----