Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139322e302f32342d3234203d3e20383334.roa
File:                     3137382e3133322e3139322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dAo1ugO/TW0tBQvuHuFnYbNjJOCx9YoNzhDE8Fv+cvU=
Subject key identifier:   45:0E:EE:E5:69:D9:1E:A3:90:90:50:F5:2E:C0:DE:E8:27:4C:11:3E
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       08D9C87E2F4619CD8482E3BFA757CF0C0EA1A450
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139322e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        178.132.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:d9:c8:7e:2f:46:19:cd:84:82:e3:bf:a7:57:cf:0c:0e:a1:a4:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=450EEEE569D91EA3909050F52EC0DEE8274C113E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1a:08:c3:d0:ad:a9:87:a4:1d:94:38:ae:e6:
                    d8:c5:c0:cd:17:47:17:81:91:5a:dc:09:81:7c:7d:
                    af:69:65:65:e2:a2:3f:3b:32:22:77:e0:ed:1a:50:
                    d6:3d:b3:c2:1f:34:5c:c4:23:41:09:37:89:16:4e:
                    f2:78:98:d1:f1:e8:14:df:45:b8:db:9b:53:b4:47:
                    a1:b2:60:78:18:c7:23:26:64:c7:79:39:56:eb:03:
                    36:4b:c2:68:4f:dc:e5:81:c4:b9:df:61:39:82:a4:
                    e0:ec:f4:63:00:7d:e8:e2:50:12:7f:b8:b5:b8:bf:
                    28:e4:ab:84:fb:24:49:0d:5c:f5:8a:99:b1:aa:92:
                    19:4e:93:e4:a0:d5:8c:e6:d2:e3:c6:73:2e:02:09:
                    4a:4f:0a:a3:20:15:fd:d9:c5:ca:88:e3:f1:2b:0c:
                    25:56:b6:3e:4b:3e:1a:38:58:24:14:ed:35:93:86:
                    8f:40:ae:c8:e4:8b:f7:34:a7:0b:2a:8e:5b:74:87:
                    6c:83:30:ba:29:09:27:8a:96:c7:16:19:97:c8:86:
                    97:85:8b:e0:1f:e3:c1:b7:4d:f5:de:88:98:41:37:
                    eb:75:96:e7:80:d1:fd:7f:c3:7c:00:28:1a:e6:cb:
                    50:19:5b:94:2f:76:21:e0:e0:89:f5:b5:f5:c2:79:
                    67:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0E:EE:E5:69:D9:1E:A3:90:90:50:F5:2E:C0:DE:E8:27:4C:11:3E
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.132.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:df:3f:a7:1d:01:1c:ce:f7:f7:19:4d:f3:29:85:44:c4:6c:
         4c:52:de:1e:d9:4a:93:55:2c:b9:c8:5f:46:29:d7:0a:57:54:
         f1:1a:ae:97:c4:43:7b:7b:80:7f:90:ea:ed:d5:28:fa:91:4e:
         e7:77:5e:53:58:4e:a2:ef:1f:1a:fc:38:2f:4f:b2:23:bc:43:
         bc:e6:f7:42:bd:01:16:0d:9d:ac:7a:d8:d8:b3:6b:ba:db:24:
         52:6a:94:24:d9:68:a9:9d:03:35:7e:68:23:20:6c:70:c9:f6:
         bc:97:6c:af:ca:2d:14:16:ee:6d:bc:3f:c5:75:7f:5b:e3:7d:
         84:db:b5:82:c4:2e:bc:47:4f:9a:27:14:bd:28:b3:79:3a:77:
         ce:78:9e:14:89:c4:ea:c0:d3:b6:4d:98:4b:3a:a0:1d:44:d0:
         5c:91:fa:fa:a8:fa:83:72:db:b8:c4:08:a7:05:4e:e6:70:19:
         1d:55:4a:d7:3a:d8:f2:15:e3:b3:b9:56:7e:6b:a0:af:e1:f8:
         65:99:26:16:cc:5d:c0:3a:b6:ff:7f:78:a3:96:f9:ec:b2:c2:
         f4:92:58:be:7c:4d:c1:1d:84:1f:84:b1:43:07:b2:3f:9f:e6:
         78:e0:73:8b:ca:9f:4e:81:ad:f5:f2:7f:f6:8c:ba:09:f8:09:
         d8:93:43:ea
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCNnIfi9GGc2EguO/p1fPDA6hpFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKDQ1MEVFRUU1NjlEOTFFQTM5MDkwNTBGNTJFQzBERUU4Mjc0QzExM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrGgjD0K2ph6QdlDiu5tjFwM0X
RxeBkVrcCYF8fa9pZWXioj87MiJ34O0aUNY9s8IfNFzEI0EJN4kWTvJ4mNHx6BTf
Rbjbm1O0R6GyYHgYxyMmZMd5OVbrAzZLwmhP3OWBxLnfYTmCpODs9GMAfejiUBJ/
uLW4vyjkq4T7JEkNXPWKmbGqkhlOk+Sg1Yzm0uPGcy4CCUpPCqMgFf3ZxcqI4/Er
DCVWtj5LPho4WCQU7TWTho9Arsjki/c0pwsqjlt0h2yDMLopCSeKlscWGZfIhpeF
i+Af48G3TfXeiJhBN+t1lueA0f1/w3wAKBrmy1AZW5QvdiHg4In1tfXCeWexAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURQ7u5WnZHqOQkFD1LsDe6CdMET4wHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzNzM4MmUzMTMzMzIyZTMx
MzkzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALKE
wDANBgkqhkiG9w0BAQsFAAOCAQEALt8/px0BHM739xlN8ymFRMRsTFLeHtlKk1Us
uchfRinXCldU8Rqul8RDe3uAf5Dq7dUo+pFO53deU1hOou8fGvw4L0+yI7xDvOb3
Qr0BFg2drHrY2LNrutskUmqUJNloqZ0DNX5oIyBscMn2vJdsr8otFBbubbw/xXV/
W+N9hNu1gsQuvEdPmicUvSizeTp3znieFInE6sDTtk2YSzqgHUTQXJH6+qj6g3Lb
uMQIpwVO5nAZHVVK1zrY8hXjs7lWfmugr+H4ZZkmFsxdwDq2/394o5b57LLC9JJY
vnxNwR2EH4SxQweyP5/meOBzi8qfToGt9fJ/9oy6CfgJ2JND6g==
-----END CERTIFICATE-----