Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231322e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3231322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          /eA5/EVYK6UcgXdtRJaZwm8+sbcAovxbIfsI+ECPPhk=
Subject key identifier:   EF:F1:91:F4:74:17:BD:5D:22:9E:BA:7F:3B:7F:54:74:94:63:0C:C9
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       3467563C215E260D37EB5E9F8EE0BF6295F234B8
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231322e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        109.234.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:67:56:3c:21:5e:26:0d:37:eb:5e:9f:8e:e0:bf:62:95:f2:34:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=EFF191F47417BD5D229EBA7F3B7F547494630CC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a1:01:59:d4:15:59:13:a9:fc:50:53:a4:90:
                    67:72:ac:01:f9:32:d0:00:12:43:78:1b:58:79:b2:
                    f4:d2:17:8f:a8:00:69:e9:46:3e:1e:c8:cf:12:c6:
                    2c:17:27:7e:96:fb:c6:bc:45:48:b3:a6:04:fc:9b:
                    07:58:90:4f:13:ea:50:38:99:cf:9f:24:ee:0d:a6:
                    da:5e:2a:47:73:77:a5:55:c0:30:19:83:d4:c1:98:
                    b7:04:55:55:34:3e:d6:df:c5:14:33:00:39:90:a1:
                    2f:f4:96:de:8b:92:1e:16:66:7b:2b:bb:a9:f6:79:
                    9a:88:6e:8f:3a:e1:01:97:49:01:28:45:8b:cd:47:
                    fc:6c:68:db:3e:f7:d6:69:46:29:30:09:6d:cf:5b:
                    b8:07:a3:42:2b:26:aa:cd:11:29:ba:34:ca:68:65:
                    4b:81:ec:ee:54:d4:f9:4a:30:91:46:1b:9b:c3:e7:
                    6e:d8:81:d5:f8:13:2e:3f:a5:33:df:d7:1f:94:c6:
                    77:71:57:6c:4f:e2:a6:2c:1e:29:ff:e8:df:a3:9f:
                    7b:65:03:a4:11:96:c8:20:ad:d4:65:86:ab:27:8d:
                    5d:22:e3:b1:28:1b:a8:38:e6:55:51:78:b0:83:65:
                    f5:0b:33:87:52:62:a5:5d:07:d4:ff:f7:f0:ef:ae:
                    2d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F1:91:F4:74:17:BD:5D:22:9E:BA:7F:3B:7F:54:74:94:63:0C:C9
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:68:ab:b8:0a:40:33:22:8b:3f:06:af:a8:8e:ea:af:00:26:
         fc:c7:03:41:3b:de:be:e1:51:4e:2c:4f:10:3e:62:a8:3d:87:
         f2:90:a3:97:1c:af:d1:80:6c:b1:0c:2f:36:6a:65:25:77:cd:
         03:e2:c0:96:65:76:3f:73:36:41:a8:b3:e1:4e:cb:7b:27:0f:
         9c:a3:81:0d:07:bc:08:a9:21:d9:79:b9:9e:d8:5f:7f:7f:25:
         ba:e1:e3:b0:2d:c5:7d:6a:12:3b:be:c0:4f:13:b3:a5:5f:72:
         a6:08:f0:28:ae:69:c3:b8:21:da:aa:96:ce:e1:69:96:d6:75:
         f6:0b:82:cc:d8:4a:15:b8:30:62:37:10:b5:29:5e:d9:9b:e4:
         dc:40:fa:d2:8c:d5:7b:fe:19:8d:01:79:0f:16:93:07:3f:82:
         82:ac:b8:66:2c:6b:68:e5:42:a8:1f:b8:67:ce:35:80:8a:9e:
         a6:f1:93:b7:f3:3c:9b:8d:33:8d:36:e7:02:94:b3:ce:53:71:
         7f:01:48:50:0f:b2:db:30:2a:65:3d:fe:08:09:6e:78:c5:09:
         b6:0b:96:7e:21:09:e1:13:de:93:57:43:fc:9f:02:98:70:e4:
         31:3b:0d:5a:9a:3b:c7:43:f7:2d:de:34:3e:a3:1a:15:36:d2:
         e9:13:1a:df
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNGdWPCFeJg03616fjuC/YpXyNLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKEVGRjE5MUY0NzQxN0JENUQyMjlFQkE3RjNCN0Y1NDc0OTQ2MzBDQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgoQFZ1BVZE6n8UFOkkGdyrAH5
MtAAEkN4G1h5svTSF4+oAGnpRj4eyM8SxiwXJ36W+8a8RUizpgT8mwdYkE8T6lA4
mc+fJO4NptpeKkdzd6VVwDAZg9TBmLcEVVU0PtbfxRQzADmQoS/0lt6Lkh4WZnsr
u6n2eZqIbo864QGXSQEoRYvNR/xsaNs+99ZpRikwCW3PW7gHo0IrJqrNESm6NMpo
ZUuB7O5U1PlKMJFGG5vD527YgdX4Ey4/pTPf1x+UxndxV2xP4qYsHin/6N+jn3tl
A6QRlsggrdRlhqsnjV0i47EoG6g45lVReLCDZfULM4dSYqVdB9T/9/Dvri1xAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7/GR9HQXvV0inrp/O39UdJRjDMkwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
1DANBgkqhkiG9w0BAQsFAAOCAQEAcmiruApAMyKLPwavqI7qrwAm/McDQTvevuFR
TixPED5iqD2H8pCjlxyv0YBssQwvNmplJXfNA+LAlmV2P3M2Qaiz4U7LeycPnKOB
DQe8CKkh2Xm5nthff38luuHjsC3FfWoSO77ATxOzpV9ypgjwKK5pw7gh2qqWzuFp
ltZ19guCzNhKFbgwYjcQtSle2Zvk3ED60ozVe/4ZjQF5DxaTBz+Cgqy4ZixraOVC
qB+4Z841gIqepvGTt/M8m40zjTbnApSzzlNxfwFIUA+y2zAqZT3+CAlueMUJtguW
fiEJ4RPek1dD/J8CmHDkMTsNWpo7x0P3Ld40PqMaFTbS6RMa3w==
-----END CERTIFICATE-----