Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230382e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3230382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          gMXfZGDDjoWo9CPnYudzMqciOf7/oRzExfJywSipqfU=
Subject key identifier:   AF:48:28:77:8B:D1:6E:F0:5A:70:EC:CA:81:EB:15:AB:D5:FB:91:5D
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       5406D7D7DF3E4CEF8F8EC12A2B94F85E701C8348
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230382e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        109.234.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:06:d7:d7:df:3e:4c:ef:8f:8e:c1:2a:2b:94:f8:5e:70:1c:83:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=AF4828778BD16EF05A70ECCA81EB15ABD5FB915D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:13:7f:5a:ca:ea:86:d7:a9:66:26:2f:6c:07:
                    b1:4c:26:07:04:b3:bd:55:78:81:47:1e:42:47:d1:
                    cf:73:78:62:a9:92:7c:e0:10:a0:0c:f6:0f:2e:5c:
                    50:04:03:d5:71:d6:45:3e:4d:53:b4:5e:fa:aa:61:
                    47:ed:d0:a8:61:bd:6e:bf:19:17:fe:46:df:c7:04:
                    6d:86:ab:ca:10:22:03:bf:9d:f5:ee:19:c7:e4:85:
                    c8:c8:f6:0e:22:01:70:6b:53:20:8f:92:82:a6:ff:
                    c4:38:bb:a0:05:bd:25:cc:fe:dc:68:bc:4c:7f:ae:
                    e5:01:99:b4:d6:6b:35:5c:03:2a:56:98:9c:49:4e:
                    af:dc:aa:a8:7d:bf:b8:eb:dd:a2:e3:62:77:e6:48:
                    b1:e5:e9:cb:d3:dd:bb:b2:32:74:26:ae:c6:9c:10:
                    73:54:a7:a2:32:2f:0d:c2:3e:03:ed:fd:96:71:c5:
                    f5:41:f7:ca:7a:68:ab:25:de:02:ff:58:a7:91:2c:
                    10:d1:7b:b0:c1:95:bb:00:eb:30:c2:d5:c9:78:e1:
                    b7:b9:ea:e1:27:34:a4:de:00:83:f1:e4:5a:d6:1b:
                    4a:2f:45:fd:b3:fa:03:2c:3a:be:a5:60:da:6f:c4:
                    2d:dc:56:a0:7c:97:b2:3d:4d:12:1c:8f:54:fe:41:
                    f8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:48:28:77:8B:D1:6E:F0:5A:70:EC:CA:81:EB:15:AB:D5:FB:91:5D
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bc:34:13:77:f4:e3:35:bf:df:8e:c3:6b:af:09:73:8f:d6:
         3b:f8:f6:bb:47:63:09:c2:f0:6d:e8:fb:71:b3:aa:b7:cd:31:
         7f:7f:7a:e0:67:97:2e:86:fc:47:6f:e6:6a:f7:96:d3:23:b5:
         63:26:ab:06:58:8f:d6:08:96:89:05:df:9d:4e:b1:dc:1c:f7:
         32:b2:5d:9a:6a:a4:f1:db:42:97:23:75:1d:8d:88:73:8d:bf:
         ff:a8:56:f6:41:5f:14:0c:25:09:bb:e7:ce:81:52:7b:33:9b:
         79:e9:b2:36:d0:aa:a8:e4:78:a0:60:96:07:4c:60:54:08:f4:
         8a:06:c1:ef:65:3e:73:38:0e:83:a9:36:60:8e:3a:49:24:20:
         e2:60:ad:00:67:ce:f4:09:6d:e9:0e:3e:97:40:f1:4a:14:ff:
         15:77:96:44:95:90:b2:09:b7:36:e0:2c:9c:45:8a:d0:df:72:
         9f:64:59:5b:bd:83:f0:96:85:bc:80:75:dc:a3:3b:24:4b:f0:
         bf:c8:cf:28:cd:b4:67:9b:00:bf:a5:10:4c:7a:97:b8:26:92:
         b7:b4:fd:57:41:1e:e5:9c:7b:b1:af:e6:a0:28:f2:ea:ce:fa:
         7d:0f:6c:cb:b6:cc:34:0c:92:55:5e:6c:73:1b:5b:6e:b2:c9:
         a9:42:94:79
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVAbX198+TO+PjsEqK5T4XnAcg0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKEFGNDgyODc3OEJEMTZFRjA1QTcwRUNDQTgxRUIxNUFCRDVGQjkxNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmE39ayuqG16lmJi9sB7FMJgcE
s71VeIFHHkJH0c9zeGKpknzgEKAM9g8uXFAEA9Vx1kU+TVO0XvqqYUft0KhhvW6/
GRf+Rt/HBG2Gq8oQIgO/nfXuGcfkhcjI9g4iAXBrUyCPkoKm/8Q4u6AFvSXM/txo
vEx/ruUBmbTWazVcAypWmJxJTq/cqqh9v7jr3aLjYnfmSLHl6cvT3buyMnQmrsac
EHNUp6IyLw3CPgPt/ZZxxfVB98p6aKsl3gL/WKeRLBDRe7DBlbsA6zDC1cl44be5
6uEnNKTeAIPx5FrWG0ovRf2z+gMsOr6lYNpvxC3cVqB8l7I9TRIcj1T+QfjnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUr0god4vRbvBacOzKgesVq9X7kV0wHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzAzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
0DANBgkqhkiG9w0BAQsFAAOCAQEAi7w0E3f04zW/347Da68Jc4/WO/j2u0djCcLw
bej7cbOqt80xf3964GeXLob8R2/maveW0yO1YyarBliP1giWiQXfnU6x3Bz3MrJd
mmqk8dtClyN1HY2Ic42//6hW9kFfFAwlCbvnzoFSezObeemyNtCqqOR4oGCWB0xg
VAj0igbB72U+czgOg6k2YI46SSQg4mCtAGfO9Alt6Q4+l0DxShT/FXeWRJWQsgm3
NuAsnEWK0N9yn2RZW72D8JaFvIB13KM7JEvwv8jPKM20Z5sAv6UQTHqXuCaSt7T9
V0Ee5Zx7sa/moCjy6s76fQ9sy7bMNAySVV5scxtbbrLJqUKUeQ==
-----END CERTIFICATE-----