Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139372e302f32342d3234203d3e20383334.roa
File:                     3137382e3133322e3139372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          onX4ws13sBkirwG2vIv3sgX7udonp/zr/LII0u1aMVE=
Subject key identifier:   83:F9:C6:AB:7B:01:C1:4F:4B:39:1F:86:66:97:60:1C:7C:CD:94:B1
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       7CAE66F553A4E4692CDF91969321C55A78612F24
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        178.132.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ae:66:f5:53:a4:e4:69:2c:df:91:96:93:21:c5:5a:78:61:2f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=83F9C6AB7B01C14F4B391F866697601C7CCD94B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:29:13:93:29:c3:93:46:c1:bb:7e:05:2a:3a:
                    8a:cf:27:e5:38:7c:0f:47:3b:cb:b8:1f:62:77:e8:
                    eb:91:73:31:30:51:11:bb:a4:a0:87:40:59:8e:01:
                    29:40:9c:a4:3e:0a:29:78:b7:5e:97:55:75:09:f7:
                    8a:8f:b0:93:62:b4:ff:54:55:f1:c6:9c:aa:64:8a:
                    2e:8e:79:3e:f8:97:16:90:87:bd:d6:3f:d8:e8:ac:
                    94:16:8e:d9:3d:cf:aa:60:c0:93:93:ae:bb:cb:ba:
                    fa:47:1d:b6:5b:05:0e:97:18:2a:3a:a4:9b:72:bc:
                    1c:15:67:1c:05:fc:c7:fd:55:84:b8:7c:27:a4:4b:
                    13:df:b9:21:f5:b5:e6:84:b4:38:86:84:c9:0a:1e:
                    50:4e:a1:cd:3b:67:b1:13:d5:49:ce:47:82:44:07:
                    65:a7:e6:f0:83:86:70:69:af:ab:a5:cb:e8:3d:59:
                    fa:f6:06:e5:02:60:63:6c:6f:14:ca:ec:93:22:29:
                    57:b2:99:5f:4b:49:18:43:71:f4:11:95:3b:c5:0c:
                    db:2c:90:df:7a:86:b6:38:43:e8:53:92:7b:f6:b7:
                    49:8e:20:97:78:cd:b7:1e:83:b0:99:1a:5e:f9:aa:
                    49:a6:18:6b:05:14:75:d1:02:f3:3e:5f:c2:d9:7f:
                    69:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F9:C6:AB:7B:01:C1:4F:4B:39:1F:86:66:97:60:1C:7C:CD:94:B1
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.132.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:4b:c6:29:78:f5:e0:70:45:05:08:d7:7b:d8:fd:e6:15:a0:
         ee:f4:90:83:f8:1b:6a:36:b3:b2:cd:ae:8a:e3:fe:3a:47:22:
         d0:bd:fe:80:7c:dd:92:33:a3:68:f3:2e:98:51:b7:2a:6b:6a:
         3f:f0:a1:cd:54:f2:87:5c:9b:14:7c:83:76:b2:5c:fb:58:53:
         d1:59:50:84:ab:a8:31:90:34:6e:8a:02:2f:37:a6:00:4e:4c:
         c9:17:7b:31:8b:37:da:82:7e:e7:88:40:b3:f1:3c:bf:79:b0:
         82:7f:20:3e:e8:1a:8b:5c:74:d8:bc:9f:b9:9b:df:82:d2:07:
         69:a0:19:bb:fc:1a:0b:b5:6c:3d:53:5e:a0:aa:eb:50:5b:17:
         3b:f7:e7:fa:90:6e:b0:62:60:3b:c9:86:ef:93:86:0e:16:bf:
         3f:49:64:1d:68:00:27:ac:13:29:d7:8b:c5:b6:5e:be:63:96:
         a8:29:2e:7c:b5:09:78:34:ac:6c:6d:7e:3a:c2:a5:8e:84:5c:
         36:9c:1b:ec:66:b2:42:61:8d:20:6e:4f:0c:1d:8c:34:25:e2:
         8d:3b:b6:e6:12:2e:08:ef:b3:57:bf:3a:3b:ef:38:79:db:98:
         9c:41:35:00:64:fd:93:37:5a:4a:e7:ea:4a:5e:4c:6d:23:c6:
         71:43:1e:18
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfK5m9VOk5Gks35GWkyHFWnhhLyQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKDgzRjlDNkFCN0IwMUMxNEY0QjM5MUY4NjY2OTc2MDFDN0NDRDk0QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmKROTKcOTRsG7fgUqOorPJ+U4
fA9HO8u4H2J36OuRczEwURG7pKCHQFmOASlAnKQ+Cil4t16XVXUJ94qPsJNitP9U
VfHGnKpkii6OeT74lxaQh73WP9jorJQWjtk9z6pgwJOTrrvLuvpHHbZbBQ6XGCo6
pJtyvBwVZxwF/Mf9VYS4fCekSxPfuSH1teaEtDiGhMkKHlBOoc07Z7ET1UnOR4JE
B2Wn5vCDhnBpr6uly+g9Wfr2BuUCYGNsbxTK7JMiKVeymV9LSRhDcfQRlTvFDNss
kN96hrY4Q+hTknv2t0mOIJd4zbceg7CZGl75qkmmGGsFFHXRAvM+X8LZf2mdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUg/nGq3sBwU9LOR+GZpdgHHzNlLEwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzNzM4MmUzMTMzMzIyZTMx
MzkzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALKE
xTANBgkqhkiG9w0BAQsFAAOCAQEARkvGKXj14HBFBQjXe9j95hWg7vSQg/gbajaz
ss2uiuP+Okci0L3+gHzdkjOjaPMumFG3KmtqP/ChzVTyh1ybFHyDdrJc+1hT0VlQ
hKuoMZA0booCLzemAE5MyRd7MYs32oJ+54hAs/E8v3mwgn8gPugai1x02LyfuZvf
gtIHaaAZu/waC7VsPVNeoKrrUFsXO/fn+pBusGJgO8mG75OGDha/P0lkHWgAJ6wT
KdeLxbZevmOWqCkufLUJeDSsbG1+OsKljoRcNpwb7GayQmGNIG5PDB2MNCXijTu2
5hIuCO+zV786O+84eduYnEE1AGT9kzdaSufqSl5MbSPGcUMeGA==
-----END CERTIFICATE-----