Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3230392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          JtP0ZFSCbnd1Bvwg9UOYnCnEfGX82ZynD4BTFhag/fw=
Subject key identifier:   5F:B8:75:E7:AD:2A:94:36:EB:94:AD:69:A2:33:30:92:45:14:B6:60
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       048FD6B8BC3AA811B97BF07A8D3BB77D6F91C03E
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        109.234.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:8f:d6:b8:bc:3a:a8:11:b9:7b:f0:7a:8d:3b:b7:7d:6f:91:c0:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=5FB875E7AD2A9436EB94AD69A23330924514B660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b0:01:d5:72:77:a3:93:e3:10:c5:44:69:97:
                    df:06:5b:5a:6c:4e:b5:6d:fe:7d:8c:89:9f:2c:cf:
                    18:61:93:29:39:7e:52:b0:a4:20:52:42:41:a3:20:
                    f6:01:96:a5:8d:3a:83:4d:5e:86:55:9b:35:cc:5a:
                    79:e3:50:e4:66:c7:a1:67:5e:42:b4:52:1b:15:01:
                    c5:19:28:10:07:a8:a9:52:f2:e4:e5:05:04:d0:36:
                    6c:8d:f1:fe:5b:77:2f:ca:33:8f:c6:a5:52:6a:c3:
                    16:a5:3e:7a:15:85:5a:e4:b2:18:00:8b:c5:de:dc:
                    76:3f:83:1a:d2:6d:71:76:90:94:3f:5a:a8:2c:0b:
                    d1:60:37:c1:51:04:0d:6b:0f:db:d2:90:53:c3:d8:
                    b5:97:1a:4e:49:2c:05:4f:16:39:2b:ce:19:71:9a:
                    24:35:8e:07:24:a0:a3:20:f3:9f:d4:2c:41:22:0c:
                    95:b1:b1:e6:b6:f2:7f:bd:31:ed:ce:1e:f8:f7:6a:
                    4b:07:85:f0:6f:0e:75:4e:d8:b7:fb:62:a6:8a:c5:
                    fc:44:67:dc:49:bc:ac:49:91:33:dd:f2:2a:58:b9:
                    1c:c7:ab:1d:d1:99:82:b1:fb:dc:a4:80:a5:60:b8:
                    a5:f3:11:07:af:93:bf:f1:db:c8:b2:04:62:64:2b:
                    28:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B8:75:E7:AD:2A:94:36:EB:94:AD:69:A2:33:30:92:45:14:B6:60
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ed:d7:20:74:d6:a4:a7:25:2a:d5:3f:12:df:ba:b6:68:2d:
         ca:de:48:65:c1:9b:75:56:5a:68:04:e4:f3:79:24:86:61:b0:
         c9:aa:1e:62:46:77:30:53:87:fd:c8:c3:20:3b:6f:74:0c:4a:
         22:34:b7:ba:a5:d0:08:27:63:24:ea:d1:0b:73:0d:e6:8a:6e:
         10:c1:4a:51:aa:a2:d8:5f:4e:f4:89:44:fc:7a:e8:b5:c3:f1:
         4e:1e:25:c8:7d:be:86:94:df:5a:51:00:f5:0f:fb:47:6a:6b:
         18:22:e2:e1:f9:e3:05:31:90:87:f2:f4:9c:6e:96:b2:46:23:
         95:4b:5c:33:40:b3:46:80:fc:14:52:20:ef:61:69:46:b8:fd:
         b3:4e:d0:6a:85:eb:ee:79:76:72:d5:1f:db:0b:84:51:33:7a:
         c5:25:ec:da:27:ca:16:1e:b2:19:81:3e:72:2b:f6:94:6f:05:
         47:45:a7:19:59:b5:1f:61:6c:f3:b7:69:49:b3:cc:28:e3:7b:
         18:84:89:ba:5c:8b:a7:c0:60:a8:22:04:74:f8:91:ba:2e:6e:
         1a:13:e6:96:1c:59:9b:e3:69:7d:cc:5f:07:a1:1b:70:6f:c9:
         29:4e:e0:ec:ef:dd:ee:c1:7d:0e:6e:04:c0:6d:db:51:86:22:
         b9:f7:f4:40
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBI/WuLw6qBG5e/B6jTu3fW+RwD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKDVGQjg3NUU3QUQyQTk0MzZFQjk0QUQ2OUEyMzMzMDkyNDUxNEI2NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCsAHVcnejk+MQxURpl98GW1ps
TrVt/n2MiZ8szxhhkyk5flKwpCBSQkGjIPYBlqWNOoNNXoZVmzXMWnnjUORmx6Fn
XkK0UhsVAcUZKBAHqKlS8uTlBQTQNmyN8f5bdy/KM4/GpVJqwxalPnoVhVrkshgA
i8Xe3HY/gxrSbXF2kJQ/WqgsC9FgN8FRBA1rD9vSkFPD2LWXGk5JLAVPFjkrzhlx
miQ1jgckoKMg85/ULEEiDJWxsea28n+9Me3OHvj3aksHhfBvDnVO2Lf7YqaKxfxE
Z9xJvKxJkTPd8ipYuRzHqx3RmYKx+9ykgKVguKXzEQevk7/x28iyBGJkKyh3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX7h1560qlDbrlK1pojMwkkUUtmAwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzAzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
0TANBgkqhkiG9w0BAQsFAAOCAQEAVu3XIHTWpKclKtU/Et+6tmgtyt5IZcGbdVZa
aATk83kkhmGwyaoeYkZ3MFOH/cjDIDtvdAxKIjS3uqXQCCdjJOrRC3MN5opuEMFK
Uaqi2F9O9IlE/HrotcPxTh4lyH2+hpTfWlEA9Q/7R2prGCLi4fnjBTGQh/L0nG6W
skYjlUtcM0CzRoD8FFIg72FpRrj9s07QaoXr7nl2ctUf2wuEUTN6xSXs2ifKFh6y
GYE+civ2lG8FR0WnGVm1H2Fs87dpSbPMKON7GISJulyLp8BgqCIEdPiRui5uGhPm
lhxZm+NpfcxfB6EbcG/JKU7g7O/d7sF9Dm4EwG3bUYYiuff0QA==
-----END CERTIFICATE-----