Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS3209.roa
File:                     AS3209.roa (raw, json)
Hash identifier:          UFd4ib+zHTSSZ49d/9pexZs2Quzezw6feEP/RXUwqsY=
Subject key identifier:   E9:74:7E:46:B2:8A:AA:A1:16:84:97:2D:60:FF:12:7C:08:4C:89:94
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       0372B30E942914B4F766FB0BA64ADA5E5AE7AF9F
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS3209.roa
Signing time:             Wed 20 Dec 2023 16:21:44 +0000
ROA not before:           Wed 20 Dec 2023 16:16:44 +0000
ROA not after:            Wed 18 Dec 2024 16:21:44 +0000
asID:                     3209
IP address blocks:        2a13:df80:1137::/48 maxlen: 48
                          2a13:df80:1196::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:72:b3:0e:94:29:14:b4:f7:66:fb:0b:a6:4a:da:5e:5a:e7:af:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Dec 20 16:16:44 2023 GMT
            Not After : Dec 18 16:21:44 2024 GMT
        Subject: CN=E9747E46B28AAAA11684972D60FF127C084C8994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f4:fd:39:4a:1e:16:45:ed:36:3e:6c:28:0a:
                    ce:77:c8:9c:11:80:5a:8e:df:32:5e:be:6b:8c:b4:
                    c0:98:17:fb:5b:6d:95:d2:b8:b3:1e:f7:4c:b9:1c:
                    cd:af:a8:ab:b1:d5:1a:8f:b2:60:e1:b4:d2:9b:b9:
                    9b:c6:73:17:71:79:3c:1b:15:9a:5f:a5:b7:4a:e5:
                    d6:d3:b5:b7:82:83:4f:e1:89:a4:f5:a8:f8:cd:c0:
                    1b:6e:67:6c:32:5d:57:09:06:23:ca:49:0d:59:6e:
                    cc:f7:88:d5:a9:a5:a8:a3:da:b5:a1:e0:2c:09:19:
                    c2:f7:63:da:80:fc:6d:a6:21:b4:26:b8:c2:f1:17:
                    ed:de:e6:02:ae:01:c8:30:e9:01:08:0f:82:2c:92:
                    94:0f:cf:0b:0f:e9:c4:dc:2d:90:12:0d:a7:d8:6c:
                    09:b2:e2:1a:c4:25:86:b7:bf:d4:9e:93:a3:77:5d:
                    65:54:28:67:ba:74:ff:73:dd:38:7a:a7:77:a0:1f:
                    9c:5f:2b:08:82:3d:78:96:e2:1c:cf:c2:6a:05:6d:
                    22:cc:fb:87:b9:07:b8:22:ba:c3:cd:29:e4:5c:f4:
                    c6:8a:14:89:7f:2a:85:d7:bb:8c:22:24:f3:a0:3e:
                    88:09:8d:72:00:0a:81:27:36:8c:54:1d:b8:9f:03:
                    b8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:74:7E:46:B2:8A:AA:A1:16:84:97:2D:60:FF:12:7C:08:4C:89:94
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS3209.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df80:1137::/48
                  2a13:df80:1196::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:07:f2:21:ad:7f:d1:bb:2b:31:b3:11:7b:ef:f0:3c:7f:4b:
         64:17:80:dd:c3:65:10:ed:51:75:77:35:f4:3b:35:4b:c8:2f:
         70:16:6c:8d:ea:a7:94:8d:e3:b4:84:fe:66:2d:c9:73:5e:e5:
         43:b8:0f:2d:ba:46:d2:9c:59:ec:d2:fb:6a:b3:60:f0:1c:70:
         c1:f8:a1:e7:53:0a:14:be:66:dc:62:45:44:ac:64:14:3b:13:
         79:ab:03:81:ed:5d:e2:1e:10:0a:9e:c8:f3:a8:c2:8c:fc:71:
         90:d6:a3:4f:19:05:ad:93:84:fe:06:69:6e:ae:89:97:1d:5a:
         43:6b:6e:c4:38:d0:e8:18:0d:6c:98:4f:19:60:a1:46:ec:5d:
         89:ae:a5:3d:51:0e:46:e1:d1:d5:fe:e6:ca:9b:ec:80:ae:90:
         0c:5e:44:cb:8f:d4:60:92:15:87:6c:92:63:c2:76:af:f8:4d:
         15:d6:4b:ea:2f:63:7a:28:ce:a9:15:82:30:98:bb:6b:cf:b8:
         0b:f3:c6:f1:29:1b:24:95:90:71:d8:76:93:f2:6f:e6:0d:a0:
         8e:0c:d5:4a:13:ca:70:a4:c6:a1:29:e0:c4:b6:59:2c:7b:fa:
         9d:e4:b3:b1:22:ef:3d:0d:4c:15:da:0e:b2:01:2a:59:d2:83:
         3a:3a:39:e6
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUA3KzDpQpFLT3ZvsLpkraXlrnr58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE2NDRaFw0yNDEyMTgxNjIxNDRaMDMxMTAvBgNV
BAMTKEU5NzQ3RTQ2QjI4QUFBQTExNjg0OTcyRDYwRkYxMjdDMDg0Qzg5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi9P05Sh4WRe02PmwoCs53yJwR
gFqO3zJevmuMtMCYF/tbbZXSuLMe90y5HM2vqKux1RqPsmDhtNKbuZvGcxdxeTwb
FZpfpbdK5dbTtbeCg0/hiaT1qPjNwBtuZ2wyXVcJBiPKSQ1Zbsz3iNWppaij2rWh
4CwJGcL3Y9qA/G2mIbQmuMLxF+3e5gKuAcgw6QEID4IskpQPzwsP6cTcLZASDafY
bAmy4hrEJYa3v9Sek6N3XWVUKGe6dP9z3Th6p3egH5xfKwiCPXiW4hzPwmoFbSLM
+4e5B7giusPNKeRc9MaKFIl/KoXXu4wiJPOgPogJjXIACoEnNoxUHbifA7gHAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU6XR+RrKKqqEWhJctYP8SfAhMiZQwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMzIwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACoT34AR
NwMHACoT34ARljANBgkqhkiG9w0BAQsFAAOCAQEAIgfyIa1/0bsrMbMRe+/wPH9L
ZBeA3cNlEO1RdXc19Ds1S8gvcBZsjeqnlI3jtIT+Zi3Jc17lQ7gPLbpG0pxZ7NL7
arNg8Bxwwfih51MKFL5m3GJFRKxkFDsTeasDge1d4h4QCp7I86jCjPxxkNajTxkF
rZOE/gZpbq6Jlx1aQ2tuxDjQ6BgNbJhPGWChRuxdia6lPVEORuHR1f7mypvsgK6Q
DF5Ey4/UYJIVh2ySY8J2r/hNFdZL6i9jeijOqRWCMJi7a8+4C/PG8SkbJJWQcdh2
k/Jv5g2gjgzVShPKcKTGoSngxLZZLHv6neSzsSLvPQ1MFdoOsgEqWdKDOjo55g==
-----END CERTIFICATE-----