Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231302e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3231302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jMvQmG7BQ8oo1hkSlVA1e1FmsME1lTc/UB9+bTO1ulA=
Subject key identifier:   BF:83:56:40:3D:1C:1B:72:FB:24:6C:47:39:5C:8D:06:6E:2C:DE:CF
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       2FD1DCED6EFB171E0220B0758912E6F3437CBC07
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231302e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:03 +0000
ROA not before:           Sat 25 Jan 2025 13:39:03 +0000
ROA not after:            Sat 24 Jan 2026 13:44:03 +0000
asID:                     834
IP address blocks:        109.234.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:d1:dc:ed:6e:fb:17:1e:02:20:b0:75:89:12:e6:f3:43:7c:bc:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:03 2025 GMT
            Not After : Jan 24 13:44:03 2026 GMT
        Subject: CN=BF8356403D1C1B72FB246C47395C8D066E2CDECF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:14:88:75:52:fc:d8:88:a8:2a:72:a1:8a:94:
                    72:69:b2:57:41:0e:b4:c2:7b:0c:44:be:1f:1e:ed:
                    dc:5f:0f:52:c8:7b:e2:90:d6:0e:54:15:29:4b:1b:
                    3b:10:47:a0:86:1e:de:08:f1:4a:72:04:6a:b8:bc:
                    99:10:52:21:ff:25:6d:15:49:e8:78:4f:a5:96:87:
                    87:35:31:78:55:13:9b:87:bd:03:6d:ac:62:f4:f1:
                    d3:89:3d:7e:a1:a2:88:28:33:fc:04:55:f3:d4:11:
                    55:09:ec:76:2d:f9:43:da:4b:4e:06:6e:21:e0:97:
                    2d:58:06:e0:08:09:e5:66:f9:9a:d0:d8:f5:b9:fe:
                    31:5e:b7:e4:11:ee:3d:f9:fe:57:0a:37:00:88:ad:
                    85:70:51:04:a1:e8:64:b3:b3:3a:b2:d2:62:9f:29:
                    e7:6a:8d:76:34:c0:44:6a:7f:0b:18:6f:d4:db:59:
                    e9:84:49:49:90:04:fe:fb:14:33:55:6a:53:19:9c:
                    34:f7:bf:72:28:7b:73:dd:18:54:87:9d:f4:ff:61:
                    2d:51:46:c5:fb:a8:99:f0:26:46:66:b2:34:a0:0b:
                    f2:a1:70:22:95:15:6f:41:c8:b4:90:77:a2:cd:b7:
                    0c:ad:6f:c4:d5:f4:6e:c0:0d:5c:7a:f7:2a:b8:64:
                    b2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:83:56:40:3D:1C:1B:72:FB:24:6C:47:39:5C:8D:06:6E:2C:DE:CF
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:bd:0e:8b:e3:34:60:f5:8b:9c:ad:db:44:d1:6f:c0:0f:e5:
         f2:5f:72:20:29:33:f1:fb:d8:37:58:8e:99:d6:17:20:3c:c6:
         c3:75:a8:e3:6c:4e:b3:cc:74:40:d1:df:38:84:b8:04:1f:1d:
         39:97:0e:c0:98:ea:69:58:1c:bb:58:1f:df:1f:52:e3:c8:d6:
         42:dd:9a:41:8c:48:18:8f:42:37:d2:d9:8c:61:06:ee:41:90:
         7c:66:6e:f1:03:9d:50:b6:0d:ab:bb:b5:60:65:4b:cd:6e:25:
         75:cf:12:d7:1a:06:fc:4c:65:5e:c9:c4:e4:53:21:8b:6e:c8:
         c2:d1:d2:29:31:0a:13:cf:ed:1e:59:6a:f0:88:75:27:57:8f:
         22:e8:63:25:75:b7:e5:5f:95:7e:b9:97:ce:bd:e4:3e:f0:a7:
         20:e6:43:f8:4b:5c:17:1c:e5:99:1e:c9:0e:7e:cd:de:46:73:
         b4:f0:5a:a6:81:9e:ab:29:80:bf:6e:93:2b:f5:df:27:7f:c2:
         79:de:ba:47:ca:52:4c:3f:e4:31:42:ae:56:04:9e:22:28:da:
         20:30:f4:54:99:07:e7:e9:64:12:95:d3:ca:9e:32:3d:c0:68:
         59:5d:dc:2c:e7:a1:90:61:74:0c:02:7a:8e:d4:07:61:11:bd:
         33:a1:76:a2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUL9Hc7W77Fx4CILB1iRLm80N8vAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDNaFw0yNjAxMjQxMzQ0MDNaMDMxMTAvBgNV
BAMTKEJGODM1NjQwM0QxQzFCNzJGQjI0NkM0NzM5NUM4RDA2NkUyQ0RFQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCFIh1UvzYiKgqcqGKlHJpsldB
DrTCewxEvh8e7dxfD1LIe+KQ1g5UFSlLGzsQR6CGHt4I8UpyBGq4vJkQUiH/JW0V
Seh4T6WWh4c1MXhVE5uHvQNtrGL08dOJPX6hoogoM/wEVfPUEVUJ7HYt+UPaS04G
biHgly1YBuAICeVm+ZrQ2PW5/jFet+QR7j35/lcKNwCIrYVwUQSh6GSzszqy0mKf
KedqjXY0wERqfwsYb9TbWemESUmQBP77FDNValMZnDT3v3Ioe3PdGFSHnfT/YS1R
RsX7qJnwJkZmsjSgC/KhcCKVFW9ByLSQd6LNtwytb8TV9G7ADVx69yq4ZLIhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUv4NWQD0cG3L7JGxHOVyNBm4s3s8wHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
0jANBgkqhkiG9w0BAQsFAAOCAQEAR70Oi+M0YPWLnK3bRNFvwA/l8l9yICkz8fvY
N1iOmdYXIDzGw3Wo42xOs8x0QNHfOIS4BB8dOZcOwJjqaVgcu1gf3x9S48jWQt2a
QYxIGI9CN9LZjGEG7kGQfGZu8QOdULYNq7u1YGVLzW4ldc8S1xoG/ExlXsnE5FMh
i27IwtHSKTEKE8/tHllq8Ih1J1ePIuhjJXW35V+VfrmXzr3kPvCnIOZD+EtcFxzl
mR7JDn7N3kZztPBapoGeqymAv26TK/XfJ3/Ced66R8pSTD/kMUKuVgSeIijaIDD0
VJkH5+lkEpXTyp4yPcBoWV3cLOehkGF0DAJ6jtQHYRG9M6F2og==
-----END CERTIFICATE-----