Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa
File:                     38312e32372e39362e302f32302d3230203d3e203234383531.roa (raw, json)
Hash identifier:          XazNaC+hpMVCJhcoP3zL+9MGci5nPbb/SboV8YXiO2c=
Subject key identifier:   53:E2:87:4E:6D:91:7F:1E:BF:EB:75:01:83:81:10:54:1D:F6:56:7A
Certificate issuer:       /CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
Certificate serial:       6CD57EB10D8299D4A3B413B064560005EC9E4049
Authority key identifier: A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa
Signing time:             Mon 25 Nov 2024 12:43:28 +0000
ROA not before:           Mon 25 Nov 2024 12:38:28 +0000
ROA not after:            Mon 24 Nov 2025 12:43:28 +0000
asID:                     24851
IP address blocks:        81.27.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:48:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d5:7e:b1:0d:82:99:d4:a3:b4:13:b0:64:56:00:05:ec:9e:40:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
        Validity
            Not Before: Nov 25 12:38:28 2024 GMT
            Not After : Nov 24 12:43:28 2025 GMT
        Subject: CN=53E2874E6D917F1EBFEB7501838110541DF6567A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7f:fa:2b:9d:d6:2f:cd:09:14:a5:f3:94:30:
                    f7:fa:d2:32:0d:9b:a3:f5:d7:a0:86:86:59:e0:5b:
                    9f:33:3e:47:df:46:40:71:17:ed:ca:62:6e:d3:aa:
                    51:91:23:00:40:0e:84:84:b8:e6:01:55:ef:06:f4:
                    a9:61:19:b5:44:a5:7c:93:47:d3:b8:48:5f:4e:e4:
                    eb:db:7c:5c:3f:d1:3a:40:6f:63:bb:2a:a0:22:7e:
                    ec:14:25:6d:7a:c7:2a:12:26:25:4c:39:b3:11:1d:
                    de:b5:0b:9c:b2:2a:b3:3f:25:1e:6a:9c:58:dd:c3:
                    0d:61:fb:c7:b9:8c:b3:55:c8:4e:6c:bd:db:96:ba:
                    f2:a1:27:d9:0f:b2:6d:28:33:f7:72:57:ef:77:c3:
                    df:46:73:cc:e1:1e:c0:5c:ea:e8:95:49:d8:fe:67:
                    7a:90:ce:d9:34:92:8d:4a:c1:57:51:85:46:40:35:
                    ac:19:7d:3b:0a:fe:74:99:dd:2d:5b:86:47:19:18:
                    eb:ab:b8:67:3d:06:eb:55:e6:1f:c3:42:bb:05:95:
                    02:26:08:ee:8f:94:45:f4:c7:fa:7a:e0:30:5d:ba:
                    6d:a0:0e:06:f8:34:8a:5e:d5:fd:50:bd:82:45:f5:
                    34:fd:17:35:1f:15:ce:e3:53:c8:1c:44:25:30:eb:
                    6f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E2:87:4E:6D:91:7F:1E:BF:EB:75:01:83:81:10:54:1D:F6:56:7A
            X509v3 Authority Key Identifier:
                keyid:A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4f:bf:aa:76:c8:7f:60:63:49:66:43:c5:30:27:87:a8:e7:d8:
         6d:bf:d5:83:df:04:47:a8:f2:ca:a3:0b:f7:9a:86:3e:67:a5:
         7b:6f:15:fb:26:61:fd:8e:48:b3:48:c1:7c:b3:e4:db:b6:0b:
         75:16:de:d2:b0:fa:02:ce:87:9b:98:e0:cf:da:7f:3e:91:21:
         74:05:fe:38:70:ed:03:7f:cb:46:bc:8e:79:bf:32:1b:98:6c:
         48:93:37:49:9d:c1:04:16:e4:ea:cb:d2:16:5f:fa:f1:5e:5d:
         0d:a7:cf:b4:7b:95:08:41:ae:50:ba:6c:27:83:b0:0f:ee:35:
         fc:2d:7a:1a:08:d2:5f:63:c8:a6:2b:e5:67:75:93:7e:e1:1f:
         e7:ee:c1:37:38:40:36:17:18:9d:e7:a1:f9:50:26:95:76:25:
         48:20:7c:ca:b9:c8:b6:ab:3c:bb:69:81:72:1b:9c:17:ad:db:
         11:12:6b:2d:0f:57:c3:ec:cc:52:59:a4:a7:16:8c:c5:37:4d:
         fa:c6:fd:96:6e:9d:87:de:42:73:17:09:93:7f:d7:24:cb:20:
         f8:5e:bf:78:dd:1b:70:c3:04:7c:79:77:70:27:ea:09:e0:60:
         8c:bf:0e:c5:79:a7:2f:93:13:a1:81:c0:a3:7c:f0:90:4b:4d:
         cb:35:0a:8f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbNV+sQ2CmdSjtBOwZFYABeyeQEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTZjNTA5YmE0OGU1YjUwNDk0NTcyZTA1YzQ1YzU4ZTdl
MTZkODdmYjAeFw0yNDExMjUxMjM4MjhaFw0yNTExMjQxMjQzMjhaMDMxMTAvBgNV
BAMTKDUzRTI4NzRFNkQ5MTdGMUVCRkVCNzUwMTgzODExMDU0MURGNjU2N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtf/orndYvzQkUpfOUMPf60jIN
m6P116CGhlngW58zPkffRkBxF+3KYm7TqlGRIwBADoSEuOYBVe8G9KlhGbVEpXyT
R9O4SF9O5OvbfFw/0TpAb2O7KqAifuwUJW16xyoSJiVMObMRHd61C5yyKrM/JR5q
nFjdww1h+8e5jLNVyE5svduWuvKhJ9kPsm0oM/dyV+93w99Gc8zhHsBc6uiVSdj+
Z3qQztk0ko1KwVdRhUZANawZfTsK/nSZ3S1bhkcZGOuruGc9ButV5h/DQrsFlQIm
CO6PlEX0x/p64DBdum2gDgb4NIpe1f1QvYJF9TT9FzUfFc7jU8gcRCUw629VAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUU+KHTm2Rfx6/63UBg4EQVB32VnowHwYDVR0j
BBgwFoAUpsUJukjltQSUVy4FxFxY5+Fth/swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYtOTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1
NWM1LzEvQTZDNTA5QkE0OEU1QjUwNDk0NTcyRTA1QzQ1QzU4RTdFMTZEODdGQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3BzVUp1a2psdFFTVVZ5NEZ4RnhZNS1G
dGhfcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYt
OTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1NWM1LzEvMzgzMTJlMzIzNzJlMzkzNjJl
MzAyZjMyMzAyZDMyMzAyMDNkM2UyMDMyMzQzODM1MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARRG2Aw
DQYJKoZIhvcNAQELBQADggEBAE+/qnbIf2BjSWZDxTAnh6jn2G2/1YPfBEeo8sqj
C/eahj5npXtvFfsmYf2OSLNIwXyz5Nu2C3UW3tKw+gLOh5uY4M/afz6RIXQF/jhw
7QN/y0a8jnm/MhuYbEiTN0mdwQQW5OrL0hZf+vFeXQ2nz7R7lQhBrlC6bCeDsA/u
NfwtehoI0l9jyKYr5Wd1k37hH+fuwTc4QDYXGJ3noflQJpV2JUggfMq5yLarPLtp
gXIbnBet2xESay0PV8PszFJZpKcWjMU3TfrG/ZZunYfeQnMXCZN/1yTLIPhev3jd
G3DDBHx5d3An6gngYIy/DsV5py+TE6GBwKN88JBLTcs1Co8=
-----END CERTIFICATE-----