Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3332203d3e203531313637.roa
File:                     3139342e36302e38372e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          pkvuzrBBN3a+0rpFtdZOSDbIXZPhehwDKSjB6QCAQYo=
Subject key identifier:   68:ED:2B:55:F5:A3:63:C9:D0:E7:98:34:CA:F0:30:59:4F:6C:6A:83
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       0F231F4FC7C68B44E4386C926082D6E21E86FF6F
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:38 +0000
ROA not before:           Mon 26 Feb 2024 08:48:38 +0000
ROA not after:            Mon 24 Feb 2025 08:53:38 +0000
asID:                     51167
IP address blocks:        194.60.87.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:23:1f:4f:c7:c6:8b:44:e4:38:6c:92:60:82:d6:e2:1e:86:ff:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:38 2024 GMT
            Not After : Feb 24 08:53:38 2025 GMT
        Subject: CN=68ED2B55F5A363C9D0E79834CAF030594F6C6A83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:20:5f:9e:08:b5:92:17:c0:0d:15:44:26:24:
                    39:d1:36:7e:af:ed:e7:ec:50:be:9b:c7:af:7b:3e:
                    1b:2d:8c:60:6b:a4:b8:62:40:61:20:c6:d3:ba:75:
                    3a:3a:08:62:f6:4d:1a:4f:ab:75:d1:c1:85:40:b2:
                    c4:fb:47:b6:ef:cd:76:82:86:ab:de:ee:4a:0a:c3:
                    d8:32:47:51:90:8d:cf:36:10:55:65:67:d7:aa:b6:
                    d7:d6:88:e4:ec:8e:8a:9c:13:ee:76:56:22:a8:6b:
                    16:1a:9b:2f:49:c1:48:89:31:12:4c:9e:78:f3:f6:
                    ca:aa:ed:f4:f7:20:11:fe:19:66:99:32:f4:2c:b4:
                    24:0a:f8:e6:ff:96:b8:16:2a:53:cc:43:a4:68:73:
                    8b:2e:41:4c:49:b3:bc:8e:65:b5:76:66:a1:ca:b0:
                    e7:09:46:61:da:aa:69:6e:d9:77:6b:71:38:cc:87:
                    4f:8f:d6:8a:39:b8:1a:d3:ab:15:3a:c4:6f:97:a4:
                    1a:35:6c:2f:7d:07:cc:f7:91:a6:64:26:19:07:4c:
                    57:e3:d3:18:e7:ad:94:86:77:45:7f:92:57:5d:67:
                    70:49:f2:17:f6:22:de:85:64:06:08:18:79:d2:19:
                    a5:29:fc:c9:e0:22:94:3e:b9:29:cf:5d:3f:7f:e8:
                    ca:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:ED:2B:55:F5:A3:63:C9:D0:E7:98:34:CA:F0:30:59:4F:6C:6A:83
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/3139342e36302e38372e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:bd:cc:49:d4:c5:55:84:4c:49:4f:d7:a4:05:4a:27:2a:07:
         8c:fb:11:d1:eb:a7:8b:50:c7:d9:8e:d9:e1:07:93:9f:21:59:
         7e:02:04:44:54:2e:22:e1:79:48:32:09:51:27:da:40:fe:47:
         7f:c7:42:a0:59:2c:25:6e:3e:c6:e3:78:6c:11:5a:d5:6b:99:
         0f:e4:c7:ed:d9:67:d9:2c:1f:9f:94:26:26:07:02:af:de:9d:
         44:53:66:a3:27:06:2c:c9:fa:57:2d:68:87:96:8b:59:95:55:
         55:4e:1f:e5:49:ae:4e:5f:e4:d0:48:a9:b7:56:53:83:06:d7:
         89:ec:20:18:a7:7f:7b:78:69:f0:f7:2f:57:9c:9a:62:1e:bc:
         47:b3:be:55:66:2b:40:6f:82:b7:17:08:9c:ad:bf:90:a4:e8:
         da:bd:a2:5b:8e:94:94:05:b4:c1:e1:f6:3d:7d:03:f5:c8:90:
         64:d9:50:fb:29:d2:6d:13:5d:47:d3:22:b1:73:09:61:31:df:
         05:d9:d3:2d:b7:39:f0:ec:ef:c8:23:34:4d:df:fa:4d:4e:6e:
         b5:d1:06:0c:44:73:d6:f8:eb:bb:6a:48:12:d6:e4:6b:26:fa:
         3d:7e:6b:78:76:a4:58:eb:c9:72:5e:c8:94:da:87:aa:82:92:
         9d:f6:ca:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDyMfT8fGi0TkOGySYILW4h6G/28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzhaFw0yNTAyMjQwODUzMzhaMDMxMTAvBgNV
BAMTKDY4RUQyQjU1RjVBMzYzQzlEMEU3OTgzNENBRjAzMDU5NEY2QzZBODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2IF+eCLWSF8ANFUQmJDnRNn6v
7efsUL6bx697PhstjGBrpLhiQGEgxtO6dTo6CGL2TRpPq3XRwYVAssT7R7bvzXaC
hqve7koKw9gyR1GQjc82EFVlZ9eqttfWiOTsjoqcE+52ViKoaxYamy9JwUiJMRJM
nnjz9sqq7fT3IBH+GWaZMvQstCQK+Ob/lrgWKlPMQ6Roc4suQUxJs7yOZbV2ZqHK
sOcJRmHaqmlu2XdrcTjMh0+P1oo5uBrTqxU6xG+XpBo1bC99B8z3kaZkJhkHTFfj
0xjnrZSGd0V/klddZ3BJ8hf2It6FZAYIGHnSGaUp/MngIpQ+uSnPXT9/6MqhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaO0rVfWjY8nQ55g0yvAwWU9saoMwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzEzOTM0MmUzNjMwMmUzODM3
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI8
VzANBgkqhkiG9w0BAQsFAAOCAQEAgr3MSdTFVYRMSU/XpAVKJyoHjPsR0euni1DH
2Y7Z4QeTnyFZfgIERFQuIuF5SDIJUSfaQP5Hf8dCoFksJW4+xuN4bBFa1WuZD+TH
7dln2Swfn5QmJgcCr96dRFNmoycGLMn6Vy1oh5aLWZVVVU4f5UmuTl/k0Eipt1ZT
gwbXiewgGKd/e3hp8PcvV5yaYh68R7O+VWYrQG+CtxcInK2/kKTo2r2iW46UlAW0
weH2PX0D9ciQZNlQ+ynSbRNdR9MisXMJYTHfBdnTLbc58OzvyCM0Td/6TU5utdEG
DERz1vjru2pIEtbkayb6PX5reHakWOvJcl7IlNqHqoKSnfbK8w==
-----END CERTIFICATE-----