Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3235342e302f32332d3233203d3e203135343139.roa
File:                     3231372e392e3235342e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier:          8EdY1bwfX2htrpnhHvYT4yLsf3n4DjnGjUcl+BBMtxU=
Subject key identifier:   AE:6F:4E:F8:42:5F:8A:68:E5:30:4B:95:55:9B:34:89:62:45:78:30
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       222DE823E645289F72EB6E9C8CE8E241A8E82DE3
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3235342e302f32332d3233203d3e203135343139.roa
Signing time:             Fri 07 Jun 2024 09:01:54 +0000
ROA not before:           Fri 07 Jun 2024 08:56:54 +0000
ROA not after:            Fri 06 Jun 2025 09:01:54 +0000
asID:                     15419
IP address blocks:        217.9.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:2d:e8:23:e6:45:28:9f:72:eb:6e:9c:8c:e8:e2:41:a8:e8:2d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Jun  7 08:56:54 2024 GMT
            Not After : Jun  6 09:01:54 2025 GMT
        Subject: CN=AE6F4EF8425F8A68E5304B95559B348962457830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cf:97:a8:6c:65:d8:af:24:31:53:dc:66:9b:
                    85:60:03:09:64:4c:84:f0:09:58:3d:cd:f5:85:15:
                    84:f5:1b:1a:af:3a:fb:1e:0e:2d:a0:f3:57:13:6d:
                    0c:c8:ec:74:43:6b:16:46:4d:ac:f1:f3:27:2b:5e:
                    47:0b:36:58:8a:f7:23:04:f6:dd:f2:f1:27:ff:e4:
                    c9:c4:47:ed:8d:2f:24:38:4a:40:dd:a1:f8:74:10:
                    b8:4f:be:02:dd:af:93:2c:c0:6f:7d:21:ef:53:fa:
                    41:63:1e:c6:9b:1d:85:e5:37:64:86:88:d3:09:c5:
                    a9:0e:a7:56:0e:d9:89:04:9c:7e:83:1a:ad:3b:45:
                    64:7b:50:cf:55:fe:37:13:15:4a:44:26:c7:a7:23:
                    a0:ae:97:45:bb:af:e7:98:b3:22:38:d1:0c:d3:a9:
                    ff:ce:7d:da:cd:9f:e9:eb:88:a8:c5:00:1b:38:20:
                    e4:3a:88:95:be:f9:1a:f3:91:08:8d:7a:8d:c2:4e:
                    fb:47:a4:d2:39:82:95:5e:26:b8:87:1f:e1:54:4c:
                    be:65:95:05:56:c4:cb:8f:3a:43:ee:ef:06:35:c6:
                    35:c1:b1:6c:2e:42:98:c1:45:bd:41:61:5c:0c:61:
                    5b:7d:3e:0f:07:13:88:a3:eb:dc:ce:f8:51:8d:94:
                    2b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6F:4E:F8:42:5F:8A:68:E5:30:4B:95:55:9B:34:89:62:45:78:30
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3235342e302f32332d3233203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:cf:4f:da:a1:66:a4:47:55:e0:0a:b8:30:1c:d3:83:c2:ea:
         0a:09:36:54:19:a0:2c:6d:94:71:35:05:3a:7a:f5:c8:12:cd:
         21:d4:ed:da:00:de:23:45:ce:c5:86:24:7d:d0:06:7e:51:5d:
         4a:fc:18:16:86:d1:fa:82:51:98:b3:d6:69:1a:ce:9d:50:65:
         08:4c:a2:be:58:f8:c5:6d:df:e2:67:8d:ab:c9:7b:33:7f:f0:
         7a:86:fc:5a:cf:31:77:4f:d9:27:50:8e:67:66:d8:93:ce:50:
         47:4d:a8:7e:19:cd:fe:85:ef:f1:2c:4b:eb:ac:eb:4c:e6:22:
         c3:21:56:04:c6:b2:75:5d:05:0d:5d:0c:0b:8a:bf:03:41:96:
         52:40:63:0f:4c:b3:7c:52:93:9b:c2:da:28:f9:e3:11:a9:b1:
         18:6a:03:ec:d8:37:da:d5:c9:0e:af:5e:ab:4d:9e:98:94:e4:
         2b:33:9b:a7:d9:0b:93:a6:b0:0d:19:3e:8e:c6:86:05:20:ab:
         c7:3c:29:45:e9:36:c3:5c:fc:d9:aa:93:f3:06:d5:b8:0d:96:
         59:d8:3f:c5:ad:d7:27:70:f9:6b:82:4d:fa:ff:e8:85:2d:a7:
         4d:c1:46:a0:8d:33:fe:96:6e:4c:ea:c9:fa:c2:2d:f6:69:0e:
         75:e1:ad:2b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIi3oI+ZFKJ9y626cjOjiQajoLeMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNDA2MDcwODU2NTRaFw0yNTA2MDYwOTAxNTRaMDMxMTAvBgNV
BAMTKEFFNkY0RUY4NDI1RjhBNjhFNTMwNEI5NTU1OUIzNDg5NjI0NTc4MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvz5eobGXYryQxU9xmm4VgAwlk
TITwCVg9zfWFFYT1GxqvOvseDi2g81cTbQzI7HRDaxZGTazx8ycrXkcLNliK9yME
9t3y8Sf/5MnER+2NLyQ4SkDdofh0ELhPvgLdr5MswG99Ie9T+kFjHsabHYXlN2SG
iNMJxakOp1YO2YkEnH6DGq07RWR7UM9V/jcTFUpEJsenI6Cul0W7r+eYsyI40QzT
qf/OfdrNn+nriKjFABs4IOQ6iJW++RrzkQiNeo3CTvtHpNI5gpVeJriHH+FUTL5l
lQVWxMuPOkPu7wY1xjXBsWwuQpjBRb1BYVwMYVt9Pg8HE4ij69zO+FGNlCs/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrm9O+EJfimjlMEuVVZs0iWJFeDAwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNTM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAdkJ
/jANBgkqhkiG9w0BAQsFAAOCAQEArs9P2qFmpEdV4Aq4MBzTg8LqCgk2VBmgLG2U
cTUFOnr1yBLNIdTt2gDeI0XOxYYkfdAGflFdSvwYFobR+oJRmLPWaRrOnVBlCEyi
vlj4xW3f4meNq8l7M3/weob8Ws8xd0/ZJ1COZ2bYk85QR02ofhnN/oXv8SxL66zr
TOYiwyFWBMaydV0FDV0MC4q/A0GWUkBjD0yzfFKTm8LaKPnjEamxGGoD7Ng32tXJ
Dq9eq02emJTkKzObp9kLk6awDRk+jsaGBSCrxzwpRek2w1z82aqT8wbVuA2WWdg/
xa3XJ3D5a4JN+v/ohS2nTcFGoI0z/pZuTOrJ+sIt9mkOdeGtKw==
-----END CERTIFICATE-----