Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231312e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3231312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3KCbpaBWNwWMkAiSDAGW4kWBNjWa3LpPuvXnHkvUSEc=
Subject key identifier:   C5:70:BA:0F:DA:3A:93:3D:00:76:F6:66:C2:0A:34:F9:E9:5F:E1:7E
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       3403F10580DF42EF64E51ED7DB93338DFE24E3D2
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231312e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:03 +0000
ROA not before:           Sat 25 Jan 2025 13:39:03 +0000
ROA not after:            Sat 24 Jan 2026 13:44:03 +0000
asID:                     834
IP address blocks:        109.234.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:03:f1:05:80:df:42:ef:64:e5:1e:d7:db:93:33:8d:fe:24:e3:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:03 2025 GMT
            Not After : Jan 24 13:44:03 2026 GMT
        Subject: CN=C570BA0FDA3A933D0076F666C20A34F9E95FE17E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:27:de:c7:7c:a7:65:33:35:99:91:38:7a:d8:
                    5e:81:44:97:21:1b:b6:37:a0:cc:25:38:53:68:0e:
                    fe:6a:8f:97:a8:39:8d:14:94:21:7d:5f:03:0c:5d:
                    f1:57:6a:00:76:2c:f0:08:ba:6c:57:3b:cd:16:b6:
                    c4:a4:be:e2:03:eb:cd:bc:30:c4:4e:48:b8:88:67:
                    68:77:ee:16:21:c4:05:81:5e:03:99:a9:78:f1:c4:
                    32:20:14:ff:17:db:62:f6:1f:86:d7:54:74:76:08:
                    ab:e8:25:07:b0:ac:7e:30:60:c7:7d:62:ac:be:39:
                    cf:83:e0:3b:f8:ab:de:fe:93:34:24:1c:0f:da:d5:
                    7c:b2:3a:ed:4e:54:df:72:96:c3:66:52:16:8e:a0:
                    e5:22:a2:0b:f4:d6:45:b4:78:e4:5a:30:e0:dc:e2:
                    35:f9:7d:d3:6b:d9:da:fa:57:fe:2d:e3:e0:74:7b:
                    5f:c4:59:62:ef:b0:3b:ac:48:dd:e2:ac:6b:26:c9:
                    78:fc:b1:4a:98:b4:46:12:f6:d1:63:d5:fd:51:92:
                    08:a9:4b:6a:ff:d9:8e:ac:aa:33:d8:a7:d2:31:bc:
                    4e:c0:f8:19:83:80:20:41:41:f4:04:3e:f9:80:c4:
                    cf:50:3e:0a:00:e8:81:10:52:67:a2:14:da:19:aa:
                    ca:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:70:BA:0F:DA:3A:93:3D:00:76:F6:66:C2:0A:34:F9:E9:5F:E1:7E
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:17:89:12:82:27:e4:62:44:6e:11:4a:a1:61:cd:0c:57:f6:
         63:f2:c9:47:dd:d4:31:c2:ee:13:9e:c8:3a:fd:e3:02:6b:c8:
         7c:01:fa:50:15:ec:cf:d8:1f:95:5c:b7:5c:38:b3:08:8f:28:
         ad:d0:c3:7d:3d:cf:d6:b9:b5:f4:b5:3c:74:5f:6c:a5:89:07:
         9d:7b:17:79:3f:67:ff:8f:8d:68:94:9f:a6:e1:c0:47:8f:20:
         86:3d:db:b7:7f:66:6d:77:ae:56:4d:82:5d:5e:eb:f1:93:c4:
         de:af:eb:ee:51:94:18:5e:9a:1e:fc:71:22:58:87:64:5b:3c:
         61:a1:f7:34:12:7c:2c:f0:d4:4e:97:6c:35:03:8f:fb:00:19:
         f4:db:3f:ba:d0:19:1f:48:bf:35:43:01:ec:23:a4:ef:79:6e:
         14:51:e7:68:70:f5:cc:d1:ca:48:50:03:f2:5c:78:60:0d:f7:
         02:a6:37:8f:46:9e:b1:d5:4b:d1:6a:be:d4:6a:f5:24:5c:84:
         42:d4:3d:81:62:5a:4a:27:12:7a:13:f7:5a:a2:f4:5d:f1:1f:
         79:30:16:d5:de:6a:4b:5e:b5:f0:e5:84:07:fa:f3:3b:7e:ea:
         03:fe:cf:7c:2e:fe:56:75:c6:06:d1:2e:ad:fc:dc:20:ac:7b:
         99:c0:17:f7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNAPxBYDfQu9k5R7X25Mzjf4k49IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDNaFw0yNjAxMjQxMzQ0MDNaMDMxMTAvBgNV
BAMTKEM1NzBCQTBGREEzQTkzM0QwMDc2RjY2NkMyMEEzNEY5RTk1RkUxN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ97HfKdlMzWZkTh62F6BRJch
G7Y3oMwlOFNoDv5qj5eoOY0UlCF9XwMMXfFXagB2LPAIumxXO80WtsSkvuID6828
MMROSLiIZ2h37hYhxAWBXgOZqXjxxDIgFP8X22L2H4bXVHR2CKvoJQewrH4wYMd9
Yqy+Oc+D4Dv4q97+kzQkHA/a1XyyOu1OVN9ylsNmUhaOoOUiogv01kW0eORaMODc
4jX5fdNr2dr6V/4t4+B0e1/EWWLvsDusSN3irGsmyXj8sUqYtEYS9tFj1f1Rkgip
S2r/2Y6sqjPYp9IxvE7A+BmDgCBBQfQEPvmAxM9QPgoA6IEQUmeiFNoZqsq7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxXC6D9o6kz0AdvZmwgo0+elf4X4wHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
0zANBgkqhkiG9w0BAQsFAAOCAQEAVBeJEoIn5GJEbhFKoWHNDFf2Y/LJR93UMcLu
E57IOv3jAmvIfAH6UBXsz9gflVy3XDizCI8ordDDfT3P1rm19LU8dF9spYkHnXsX
eT9n/4+NaJSfpuHAR48ghj3bt39mbXeuVk2CXV7r8ZPE3q/r7lGUGF6aHvxxIliH
ZFs8YaH3NBJ8LPDUTpdsNQOP+wAZ9Ns/utAZH0i/NUMB7COk73luFFHnaHD1zNHK
SFAD8lx4YA33AqY3j0aesdVL0Wq+1Gr1JFyEQtQ9gWJaSicSehP3WqL0XfEfeTAW
1d5qS1618OWEB/rzO37qA/7PfC7+VnXGBtEurfzcIKx7mcAX9w==
-----END CERTIFICATE-----