Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
File:                     3231372e392e3234322e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          LIxp+Yx66SN3S5aAmVFOSGb98XSFAyI0SpT0sQdYaJk=
Subject key identifier:   33:6F:47:C2:5E:A8:62:A7:16:B3:28:80:1D:AB:16:8B:90:40:B9:A6
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       2AC9D45520FB89E2ABBE08CC90B545ACD03F50A6
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 07 Jun 2024 09:01:53 +0000
ROA not before:           Fri 07 Jun 2024 08:56:53 +0000
ROA not after:            Fri 06 Jun 2025 09:01:53 +0000
asID:                     15419
IP address blocks:        217.9.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c9:d4:55:20:fb:89:e2:ab:be:08:cc:90:b5:45:ac:d0:3f:50:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Jun  7 08:56:53 2024 GMT
            Not After : Jun  6 09:01:53 2025 GMT
        Subject: CN=336F47C25EA862A716B328801DAB168B9040B9A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:af:98:d6:eb:3a:7f:07:49:3e:3c:e3:60:f9:
                    c8:1d:04:b3:7c:90:bc:fd:13:33:2e:d2:91:0c:9b:
                    ba:f5:1c:0a:c3:f0:c4:9e:22:de:9d:c7:4f:52:f9:
                    12:c4:71:25:25:b4:97:0a:eb:96:ee:12:19:14:71:
                    d2:f7:fd:10:fc:7f:4c:34:a4:b1:66:ed:59:60:05:
                    e8:ba:30:62:a4:14:c6:69:49:78:33:7a:3c:52:5c:
                    e6:a3:cb:58:6e:ad:58:4e:2c:e0:96:e5:61:12:0a:
                    49:11:2e:12:b5:2e:91:16:7f:6e:01:8c:6c:49:ce:
                    1f:1a:c1:49:ed:30:5a:af:53:7a:2e:e9:92:af:70:
                    bf:4b:c1:1e:e9:de:9c:f6:1e:90:27:fd:e6:61:a6:
                    f5:0b:46:92:1c:75:f1:f8:c8:a8:38:d8:f8:e1:96:
                    47:5b:22:fd:20:b9:2f:ec:a7:03:23:28:e6:53:6d:
                    5e:0d:06:d2:c8:5c:4b:07:c8:78:d9:14:21:f7:9e:
                    b2:30:1e:5e:1b:76:e7:81:16:56:45:e4:ce:ac:fb:
                    ec:60:bd:97:38:ca:75:31:4d:81:e3:78:92:db:64:
                    5e:84:b7:05:d8:26:07:98:f4:58:58:cb:8a:21:94:
                    d3:4a:d0:9c:3c:52:aa:52:71:37:c1:c6:6b:d4:b1:
                    86:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6F:47:C2:5E:A8:62:A7:16:B3:28:80:1D:AB:16:8B:90:40:B9:A6
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:3e:5b:bc:b7:9a:65:55:3f:55:95:5c:a8:93:9b:79:3d:3c:
         24:26:64:7e:50:a3:05:7c:46:70:2a:20:79:4c:02:8e:b7:d2:
         7a:3d:33:2c:e6:af:b7:81:96:9e:51:de:f4:4b:4b:02:73:ea:
         d9:c1:f5:22:ce:82:75:b4:3d:e7:26:df:0d:be:ef:6a:30:45:
         7e:8d:2d:e9:6e:3d:8c:77:15:ee:ef:e7:e3:78:ca:f7:cd:08:
         73:aa:0d:7c:08:e7:09:4b:e3:7d:1c:e5:0c:c4:1f:a9:6a:66:
         e2:51:13:ec:6f:35:38:7e:2a:22:48:b4:6b:da:6f:f9:0c:32:
         fc:bf:2f:50:aa:73:a8:b7:0b:80:72:b0:27:32:1f:0c:98:b5:
         87:5b:d1:87:f5:cd:ca:eb:07:f8:72:a3:02:ba:8c:6f:ff:29:
         89:a2:f5:2b:7e:2c:84:3b:76:5a:05:78:4e:e4:b1:9d:80:56:
         84:10:75:01:ae:09:de:7c:72:36:a7:6e:37:bf:27:57:01:3a:
         5c:ce:fe:30:ce:c3:3b:6e:cf:68:19:31:e0:02:e4:46:50:15:
         6a:33:13:e4:72:e7:79:7a:4b:ca:9b:1f:fa:d0:dd:a0:1e:bd:
         d0:c5:58:9e:65:2f:81:fb:10:e7:3a:21:a5:cc:b3:34:69:8b:
         14:45:87:16
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKsnUVSD7ieKrvgjMkLVFrNA/UKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNDA2MDcwODU2NTNaFw0yNTA2MDYwOTAxNTNaMDMxMTAvBgNV
BAMTKDMzNkY0N0MyNUVBODYyQTcxNkIzMjg4MDFEQUIxNjhCOTA0MEI5QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfr5jW6zp/B0k+PONg+cgdBLN8
kLz9EzMu0pEMm7r1HArD8MSeIt6dx09S+RLEcSUltJcK65buEhkUcdL3/RD8f0w0
pLFm7VlgBei6MGKkFMZpSXgzejxSXOajy1hurVhOLOCW5WESCkkRLhK1LpEWf24B
jGxJzh8awUntMFqvU3ou6ZKvcL9LwR7p3pz2HpAn/eZhpvULRpIcdfH4yKg42Pjh
lkdbIv0guS/spwMjKOZTbV4NBtLIXEsHyHjZFCH3nrIwHl4bdueBFlZF5M6s++xg
vZc4ynUxTYHjeJLbZF6EtwXYJgeY9FhYy4ohlNNK0Jw8UqpScTfBxmvUsYYXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUM29Hwl6oYqcWsyiAHasWi5BAuaYwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkJ
8jANBgkqhkiG9w0BAQsFAAOCAQEAsD5bvLeaZVU/VZVcqJObeT08JCZkflCjBXxG
cCogeUwCjrfSej0zLOavt4GWnlHe9EtLAnPq2cH1Is6CdbQ95ybfDb7vajBFfo0t
6W49jHcV7u/n43jK980Ic6oNfAjnCUvjfRzlDMQfqWpm4lET7G81OH4qIki0a9pv
+Qwy/L8vUKpzqLcLgHKwJzIfDJi1h1vRh/XNyusH+HKjArqMb/8piaL1K34shDt2
WgV4TuSxnYBWhBB1Aa4J3nxyNqduN78nVwE6XM7+MM7DO27PaBkx4ALkRlAVajMT
5HLneXpLypsf+tDdoB690MVYnmUvgfsQ5zohpcyzNGmLFEWHFg==
-----END CERTIFICATE-----