Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231342e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3231342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Igc6pc60rg+cSwIL3TySAIbVS8Y/bv2rNh8BvOcnEBk=
Subject key identifier:   8E:0A:27:A0:2B:7E:0B:5C:B0:C9:4D:1D:85:78:CB:D9:7A:1D:E8:2C
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       6FD39C835AC4FB302C524A99F49D56036802E77D
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231342e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        109.234.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d3:9c:83:5a:c4:fb:30:2c:52:4a:99:f4:9d:56:03:68:02:e7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=8E0A27A02B7E0B5CB0C94D1D8578CBD97A1DE82C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c3:31:b8:fb:e8:9b:c4:cb:c7:ca:79:ff:d6:
                    e2:ba:ee:6e:a8:6f:81:75:5b:81:c1:33:1b:ec:ff:
                    bb:01:31:47:e6:10:98:ac:b4:c0:8a:41:fb:b2:8a:
                    da:38:a6:58:89:7c:c6:25:1a:6c:25:59:8f:ea:36:
                    02:81:2c:1d:3c:87:32:f1:98:b1:08:c3:a0:e4:93:
                    a8:24:1b:bf:c4:b5:de:6f:35:9a:3f:6b:fd:f4:b5:
                    93:f3:a2:8b:58:11:db:c9:7c:08:0d:a0:75:93:c8:
                    cb:b5:b1:eb:e5:1e:c0:16:37:e0:be:71:0e:f5:e4:
                    dc:95:d5:1d:c2:1a:b6:e5:f4:7a:26:a7:1c:ef:81:
                    a4:15:f7:d8:33:25:d6:b7:1e:cb:0d:02:4f:a0:a9:
                    f5:79:cc:6c:b5:27:b5:57:02:91:44:9d:85:d4:d8:
                    3c:2f:ad:45:8e:8b:f3:33:27:98:57:80:c0:cb:b0:
                    96:57:9e:d7:15:a4:fb:47:1f:fd:69:a0:70:c4:a5:
                    aa:e1:21:90:63:aa:7f:21:1f:77:c3:01:3f:8c:cc:
                    c7:36:9e:63:00:1d:5e:d8:6f:9e:9f:d9:c8:7d:b1:
                    70:3d:60:93:6b:35:e0:f9:f6:fd:fc:15:b6:40:28:
                    c5:96:4f:39:1a:84:4e:56:bf:18:17:cc:48:af:ed:
                    44:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0A:27:A0:2B:7E:0B:5C:B0:C9:4D:1D:85:78:CB:D9:7A:1D:E8:2C
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:8e:c4:a7:07:4f:3e:23:4b:b0:51:47:b1:89:bc:07:ee:cf:
         e8:08:70:43:74:a6:45:62:7b:12:82:1b:33:19:ef:e5:e2:f4:
         28:fa:44:95:ed:17:ca:13:f1:3b:35:e6:83:93:16:02:5b:b6:
         a1:6d:46:22:39:9b:fe:ff:8d:80:25:8f:57:fc:68:0d:d8:de:
         51:9e:e9:ba:b4:21:4a:4c:02:31:50:0a:d7:bc:20:93:c8:83:
         c7:75:a3:62:d8:b2:9e:20:7d:b1:86:70:2c:52:8b:4c:dc:f1:
         ed:a8:b2:b2:40:1a:b6:84:f9:a3:ee:d0:46:ad:7f:83:e4:ba:
         05:2b:8f:15:fe:70:70:2b:2a:8f:05:5c:f8:c8:d8:63:b0:67:
         13:68:3b:f1:db:f7:78:4e:c3:e3:5a:8e:41:7b:10:6c:86:fb:
         d9:ba:af:24:1e:99:c1:3d:70:71:ea:47:e9:eb:55:71:84:16:
         97:09:45:91:a8:87:2c:be:35:27:b0:10:1f:87:ec:7c:00:f3:
         93:22:ac:34:14:d6:39:6d:db:77:f0:8c:bd:77:67:46:23:9c:
         f9:47:47:3f:cc:d8:5d:c4:37:cd:2b:2e:fe:48:fe:6a:ea:4b:
         94:71:f0:0f:4e:64:f5:ad:8a:90:ea:63:1d:ff:fd:82:69:11:
         85:24:7f:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb9Ocg1rE+zAsUkqZ9J1WA2gC530wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKDhFMEEyN0EwMkI3RTBCNUNCMEM5NEQxRDg1NzhDQkQ5N0ExREU4MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQwzG4++ibxMvHynn/1uK67m6o
b4F1W4HBMxvs/7sBMUfmEJistMCKQfuyito4pliJfMYlGmwlWY/qNgKBLB08hzLx
mLEIw6Dkk6gkG7/Etd5vNZo/a/30tZPzootYEdvJfAgNoHWTyMu1sevlHsAWN+C+
cQ715NyV1R3CGrbl9HompxzvgaQV99gzJda3HssNAk+gqfV5zGy1J7VXApFEnYXU
2DwvrUWOi/MzJ5hXgMDLsJZXntcVpPtHH/1poHDEparhIZBjqn8hH3fDAT+MzMc2
nmMAHV7Yb56f2ch9sXA9YJNrNeD59v38FbZAKMWWTzkahE5WvxgXzEiv7UTrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjgonoCt+C1ywyU0dhXjL2Xod6CwwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
1jANBgkqhkiG9w0BAQsFAAOCAQEAFo7EpwdPPiNLsFFHsYm8B+7P6AhwQ3SmRWJ7
EoIbMxnv5eL0KPpEle0XyhPxOzXmg5MWAlu2oW1GIjmb/v+NgCWPV/xoDdjeUZ7p
urQhSkwCMVAK17wgk8iDx3WjYtiyniB9sYZwLFKLTNzx7aiyskAatoT5o+7QRq1/
g+S6BSuPFf5wcCsqjwVc+MjYY7BnE2g78dv3eE7D41qOQXsQbIb72bqvJB6ZwT1w
cepH6etVcYQWlwlFkaiHLL41J7AQH4fsfADzkyKsNBTWOW3bd/CMvXdnRiOc+UdH
P8zYXcQ3zSsu/kj+aupLlHHwD05k9a2KkOpjHf/9gmkRhSR/LA==
-----END CERTIFICATE-----