Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38342e302f32342d3332203d3e2039303039.roa
File:                     3231332e3233322e38342e302f32342d3332203d3e2039303039.roa (raw, json)
Hash identifier:          1KKbBbMwbF43aMUKQDS2tjOXdCegqsMaZI/quNMYuV0=
Subject key identifier:   DB:B4:07:98:11:3C:BC:E3:55:B9:F8:02:6E:81:CE:F5:34:FE:5D:C9
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       495AF4BCDD2E4346255856C60629F7278147D06D
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38342e302f32342d3332203d3e2039303039.roa
Signing time:             Mon 26 Feb 2024 08:52:54 +0000
ROA not before:           Mon 26 Feb 2024 08:47:54 +0000
ROA not after:            Mon 24 Feb 2025 08:52:54 +0000
asID:                     9009
IP address blocks:        213.232.84.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:5a:f4:bc:dd:2e:43:46:25:58:56:c6:06:29:f7:27:81:47:d0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:54 2024 GMT
            Not After : Feb 24 08:52:54 2025 GMT
        Subject: CN=DBB40798113CBCE355B9F8026E81CEF534FE5DC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7a:8e:cb:62:7e:f0:75:cb:4f:59:98:5f:a7:
                    11:bc:e2:f2:c8:35:3a:bc:d4:85:5a:3d:10:7b:7f:
                    bd:92:44:a3:38:88:e2:54:71:c9:53:c0:60:98:67:
                    7f:cf:5e:fb:ca:52:69:26:4a:48:fe:bf:f0:76:78:
                    21:83:56:e4:62:84:08:e4:ec:1e:98:a1:de:39:4c:
                    59:45:74:d4:e0:84:91:36:d4:92:6b:ca:22:46:c2:
                    0e:8f:6c:80:03:e5:0d:35:a9:aa:fc:a1:d4:ba:3b:
                    4f:33:b5:f5:5a:be:04:44:86:f0:8b:13:fa:a6:ef:
                    d2:8f:25:01:3a:e1:13:bc:0e:d8:47:f6:49:ba:9a:
                    7f:88:3f:62:7f:67:39:e4:a6:7b:ef:f0:7e:55:b6:
                    aa:92:57:1f:34:1c:67:53:49:ce:a5:56:d5:1f:d1:
                    49:f6:4c:ba:00:30:72:93:2e:61:b1:5c:e8:7f:bf:
                    8c:5f:6f:92:9d:b1:14:72:fb:05:9e:9e:65:ed:86:
                    e5:90:3d:74:bf:6d:9c:23:df:d1:7c:2b:3a:a4:44:
                    37:08:81:1d:19:b4:f6:3b:18:0f:64:91:0a:ca:b0:
                    1a:36:85:a9:3c:d4:2b:3b:04:fb:ee:f6:da:9c:8a:
                    2e:f0:fa:a4:19:c1:63:b6:38:92:03:17:ca:7f:7a:
                    c3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:B4:07:98:11:3C:BC:E3:55:B9:F8:02:6E:81:CE:F5:34:FE:5D:C9
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231332e3233322e38342e302f32342d3332203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:c2:7c:f0:d4:12:5b:a4:5a:28:ee:f7:d2:82:1a:91:32:91:
         51:0a:a0:37:e5:ff:19:13:df:0e:c3:85:c3:e1:8b:16:f2:5a:
         dd:da:ba:8b:d7:81:ed:ba:11:4b:8e:5b:c7:d1:8e:05:03:ae:
         ea:b2:81:15:84:79:48:13:b3:f3:62:c4:a3:4c:a4:1d:fd:83:
         e7:dd:da:ca:36:cf:06:fc:29:64:ba:66:6a:9a:46:8f:ae:82:
         31:fc:c8:d5:d9:f0:f6:0e:66:2d:f7:e7:03:4d:d5:c2:9b:d5:
         4d:c5:31:27:67:d1:0f:0c:c7:0f:c4:13:cd:83:93:58:67:10:
         89:a9:ef:65:3b:7e:9f:84:04:99:6c:80:68:23:a6:0c:9c:63:
         02:e6:57:cf:a4:20:57:6a:a4:fb:4a:6c:29:4f:bd:cf:91:cd:
         43:81:b6:12:d8:22:50:ee:9f:69:91:27:14:73:29:f0:ce:66:
         f4:c0:1d:89:7f:de:89:82:9b:d8:7f:46:93:18:e5:8b:0d:4c:
         ce:1c:28:d1:f5:a5:a6:04:49:b8:25:8b:32:71:ae:0a:36:33:
         c0:28:9a:68:ff:06:7f:c1:db:8e:c7:e2:82:54:fe:e6:20:50:
         31:51:ee:66:2d:5d:6b:42:56:3f:30:16:e6:3a:66:97:bb:07:
         3d:c0:03:3b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSVr0vN0uQ0YlWFbGBin3J4FH0G0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTRaFw0yNTAyMjQwODUyNTRaMDMxMTAvBgNV
BAMTKERCQjQwNzk4MTEzQ0JDRTM1NUI5RjgwMjZFODFDRUY1MzRGRTVEQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDeo7LYn7wdctPWZhfpxG84vLI
NTq81IVaPRB7f72SRKM4iOJUcclTwGCYZ3/PXvvKUmkmSkj+v/B2eCGDVuRihAjk
7B6Yod45TFlFdNTghJE21JJryiJGwg6PbIAD5Q01qar8odS6O08ztfVavgREhvCL
E/qm79KPJQE64RO8DthH9km6mn+IP2J/Zznkpnvv8H5VtqqSVx80HGdTSc6lVtUf
0Un2TLoAMHKTLmGxXOh/v4xfb5KdsRRy+wWenmXthuWQPXS/bZwj39F8KzqkRDcI
gR0ZtPY7GA9kkQrKsBo2hak81Cs7BPvu9tqcii7w+qQZwWO2OJIDF8p/esNVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU27QHmBE8vONVufgCboHO9TT+XckwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIzMTMzMmUzMjMzMzIyZTM4
MzQyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANXo
VDANBgkqhkiG9w0BAQsFAAOCAQEAXsJ88NQSW6RaKO730oIakTKRUQqgN+X/GRPf
DsOFw+GLFvJa3dq6i9eB7boRS45bx9GOBQOu6rKBFYR5SBOz82LEo0ykHf2D593a
yjbPBvwpZLpmappGj66CMfzI1dnw9g5mLffnA03VwpvVTcUxJ2fRDwzHD8QTzYOT
WGcQianvZTt+n4QEmWyAaCOmDJxjAuZXz6QgV2qk+0psKU+9z5HNQ4G2EtgiUO6f
aZEnFHMp8M5m9MAdiX/eiYKb2H9Gkxjliw1Mzhwo0fWlpgRJuCWLMnGuCjYzwCia
aP8Gf8HbjsfiglT+5iBQMVHuZi1da0JWPzAW5jpml7sHPcADOw==
-----END CERTIFICATE-----