Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e352e302f32342d3234203d3e203631333137.roa
File:                     39322e3131342e352e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Z78S9CAcmKuvSIjp6ouJAOoQBEetBoq8r+3Ono6/9uw=
Subject key identifier:   F1:F6:6A:F0:A1:AF:04:1A:9B:D5:7B:18:12:88:9F:9A:FF:8A:33:58
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       02062E6C76D81360B89BBB1EFF1DA65FD1510D05
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e352e302f32342d3234203d3e203631333137.roa
Signing time:             Sun 21 Apr 2024 16:05:16 +0000
ROA not before:           Sun 21 Apr 2024 16:00:16 +0000
ROA not after:            Sun 20 Apr 2025 16:05:16 +0000
asID:                     61317
IP address blocks:        92.114.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:06:2e:6c:76:d8:13:60:b8:9b:bb:1e:ff:1d:a6:5f:d1:51:0d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 21 16:00:16 2024 GMT
            Not After : Apr 20 16:05:16 2025 GMT
        Subject: CN=F1F66AF0A1AF041A9BD57B1812889F9AFF8A3358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4e:b8:ca:0c:cb:a2:cd:7d:ad:b4:d3:c4:93:
                    ca:c2:87:f2:63:ed:4c:dc:b7:30:33:79:00:79:2f:
                    4e:c3:42:49:20:30:a5:68:a2:b6:de:9a:b5:30:e2:
                    f2:0a:08:a3:62:06:47:ae:f9:b5:e9:bb:5e:93:cd:
                    09:fb:ee:28:3d:c3:1d:60:fc:c9:c1:97:04:2f:9f:
                    63:d3:be:18:a8:b4:f6:f6:11:bb:b2:1a:35:2f:43:
                    ab:d2:45:54:33:b1:35:98:de:2c:55:af:e0:e3:a2:
                    ee:46:07:4f:3c:7a:d9:ca:97:85:7e:d8:c9:49:19:
                    ff:60:72:0f:b1:ea:1e:a1:34:2a:68:eb:b7:ec:69:
                    fa:cc:0c:d4:9a:91:cc:76:ef:a1:05:81:44:dc:ce:
                    c3:ec:75:99:33:a9:39:7e:20:b7:9a:ad:7c:b1:cc:
                    36:20:49:b8:86:d8:e4:26:79:fa:a8:d3:3c:3a:27:
                    a4:0b:59:77:11:79:e2:1b:3e:0f:f7:0a:72:86:00:
                    14:f4:78:6b:80:36:a4:88:41:d0:52:08:d1:ff:73:
                    b9:d6:b0:0b:ce:46:39:23:a0:7a:d2:57:05:bc:c4:
                    77:2e:cc:e2:b3:11:f0:41:66:83:78:b3:29:70:77:
                    ad:4c:33:ba:27:a0:ec:c4:81:3f:ec:68:ef:98:90:
                    02:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F6:6A:F0:A1:AF:04:1A:9B:D5:7B:18:12:88:9F:9A:FF:8A:33:58
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e352e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:4e:33:8e:61:ac:66:51:72:39:aa:3f:2e:6a:93:2d:22:03:
         53:0b:8f:30:54:45:a3:3c:1b:2d:08:f9:ca:3b:3f:00:6d:33:
         42:81:a5:3c:bd:60:98:ce:50:b2:5e:d0:ae:d0:c8:35:2c:ca:
         c4:ae:42:dc:ec:6e:29:de:09:de:be:2d:c5:54:cc:8f:01:74:
         f2:09:03:34:9e:41:25:36:8f:21:84:32:31:cd:19:9b:8b:4b:
         12:5d:9f:df:be:cd:c1:9e:71:28:08:5e:49:92:9c:f8:04:35:
         1b:00:95:bd:87:c4:84:53:73:0b:9c:2e:f9:e6:1a:34:93:82:
         28:71:f8:2c:b4:f8:93:30:9d:1f:cc:45:e5:36:ed:57:db:00:
         7b:1f:b6:e7:46:6d:ec:3e:32:6f:f0:d7:92:f7:f7:53:be:85:
         43:d1:f8:f7:b0:da:03:3c:d3:0a:f3:0b:64:e6:a9:96:08:a5:
         d5:7a:2a:09:d8:30:cf:4e:b3:f5:c4:20:fe:68:1a:ff:85:55:
         ad:a6:b8:36:fe:e4:a1:33:f7:70:02:be:cb:b7:54:5b:2e:59:
         c7:b8:b1:70:7d:25:86:41:29:a9:f8:7a:8a:47:e1:9a:81:b7:
         37:83:fb:2a:aa:79:76:cc:48:13:29:e7:2b:0d:8c:af:87:fe:
         7f:a7:60:32
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAgYubHbYE2C4m7se/x2mX9FRDQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MjExNjAwMTZaFw0yNTA0MjAxNjA1MTZaMDMxMTAvBgNV
BAMTKEYxRjY2QUYwQTFBRjA0MUE5QkQ1N0IxODEyODg5RjlBRkY4QTMzNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjTrjKDMuizX2ttNPEk8rCh/Jj
7UzctzAzeQB5L07DQkkgMKVoorbemrUw4vIKCKNiBkeu+bXpu16TzQn77ig9wx1g
/MnBlwQvn2PTvhiotPb2EbuyGjUvQ6vSRVQzsTWY3ixVr+Djou5GB088etnKl4V+
2MlJGf9gcg+x6h6hNCpo67fsafrMDNSakcx276EFgUTczsPsdZkzqTl+ILearXyx
zDYgSbiG2OQmefqo0zw6J6QLWXcReeIbPg/3CnKGABT0eGuANqSIQdBSCNH/c7nW
sAvORjkjoHrSVwW8xHcuzOKzEfBBZoN4sylwd61MM7onoOzEgT/saO+YkALrAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU8fZq8KGvBBqb1XsYEoifmv+KM1gwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzkzMjJlMzEzMTM0MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABccgUw
DQYJKoZIhvcNAQELBQADggEBADpOM45hrGZRcjmqPy5qky0iA1MLjzBURaM8Gy0I
+co7PwBtM0KBpTy9YJjOULJe0K7QyDUsysSuQtzsbineCd6+LcVUzI8BdPIJAzSe
QSU2jyGEMjHNGZuLSxJdn9++zcGecSgIXkmSnPgENRsAlb2HxIRTcwucLvnmGjST
gihx+Cy0+JMwnR/MReU27VfbAHsftudGbew+Mm/w15L391O+hUPR+Pew2gM80wrz
C2TmqZYIpdV6KgnYMM9Os/XEIP5oGv+FVa2muDb+5KEz93ACvsu3VFsuWce4sXB9
JYZBKan4eopH4ZqBtzeD+yqqeXbMSBMp5ysNjK+H/n+nYDI=
-----END CERTIFICATE-----