Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/3139332e33342e3139392e3132382f32362d3236203d3e2030.roa
File:                     3139332e33342e3139392e3132382f32362d3236203d3e2030.roa (raw, json)
Hash identifier:          cdfMKTJdIDROnWRX3ePB7aEvma9a4XSp/cOBrzuz6w0=
Subject key identifier:   97:61:AE:AF:05:AB:44:9A:73:E8:F0:4D:20:8F:54:87:1B:2A:0F:A9
Certificate issuer:       /CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
Certificate serial:       6966158DD7BB1FCC01CEB336BE2F6BDEB05EE9E2
Authority key identifier: 60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/3139332e33342e3139392e3132382f32362d3236203d3e2030.roa
Signing time:             Sun 15 Sep 2024 14:50:14 +0000
ROA not before:           Sun 15 Sep 2024 14:45:14 +0000
ROA not after:            Sun 14 Sep 2025 14:50:14 +0000
asID:                     0
IP address blocks:        193.34.199.128/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:66:15:8d:d7:bb:1f:cc:01:ce:b3:36:be:2f:6b:de:b0:5e:e9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6019c116c8ae318afd4b822e9f4eeea0c34baaca
        Validity
            Not Before: Sep 15 14:45:14 2024 GMT
            Not After : Sep 14 14:50:14 2025 GMT
        Subject: CN=9761AEAF05AB449A73E8F04D208F54871B2A0FA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c9:f4:3c:2b:c5:7f:e1:17:97:2b:87:b2:8d:
                    03:b0:fc:30:90:6d:b5:81:10:a5:e9:f4:fe:5f:6f:
                    82:26:77:2c:62:2b:9d:bf:01:ce:89:35:45:f7:1f:
                    32:73:8d:37:37:f9:cf:0d:ec:ea:c8:45:6f:2c:24:
                    c0:71:ab:7b:f1:6c:23:62:69:e3:32:15:b5:c1:b7:
                    73:b3:0c:c7:b5:6b:b6:0c:3b:97:78:44:68:21:db:
                    1e:ae:6e:cc:aa:b3:b1:25:53:ce:6c:00:00:0a:db:
                    e3:6f:a4:9f:4e:67:4d:3d:21:03:30:3a:63:92:46:
                    b4:69:8f:e8:79:fb:86:d8:9c:fb:12:5b:0a:37:ce:
                    8e:a0:56:2d:78:19:85:9f:8b:8b:94:63:52:74:00:
                    b0:07:96:3c:4f:21:aa:33:d6:b2:5b:f5:e0:a3:23:
                    94:28:66:ee:6b:97:e3:5c:fc:b4:10:97:6c:58:c9:
                    85:2e:f0:40:e0:1c:19:8f:a7:14:76:41:6c:c1:e0:
                    fa:3f:04:a8:45:47:f7:8a:99:62:bc:ff:83:37:af:
                    c0:fd:03:3a:c0:15:c8:b9:1e:37:af:e4:ac:6f:f3:
                    5e:7a:fe:86:61:7e:31:6f:54:40:cc:34:ec:4a:fc:
                    53:8a:16:c1:33:1d:fd:54:85:55:05:cd:7b:72:41:
                    4e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:61:AE:AF:05:AB:44:9A:73:E8:F0:4D:20:8F:54:87:1B:2A:0F:A9
            X509v3 Authority Key Identifier:
                keyid:60:19:C1:16:C8:AE:31:8A:FD:4B:82:2E:9F:4E:EE:A0:C3:4B:AA:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/6019C116C8AE318AFD4B822E9F4EEEA0C34BAACA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBnBFsiuMYr9S4Iun07uoMNLqso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/3/3139332e33342e3139392e3132382f32362d3236203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.199.128/26

    Signature Algorithm: sha256WithRSAEncryption
         48:28:35:39:5f:ff:1e:a3:0b:ee:63:4c:8b:7e:f2:da:4c:ca:
         6b:ee:1f:c8:07:30:42:29:52:a7:c2:8d:da:00:3c:68:f8:0a:
         bf:90:ad:f1:1b:6e:cc:91:fc:ff:fc:c4:09:40:03:e3:7e:8e:
         f6:20:3b:91:46:2b:03:f0:6b:b5:6c:33:f8:d3:0b:69:39:87:
         3a:54:e6:64:26:cd:03:58:e2:d6:68:bd:61:80:50:b1:11:8f:
         73:85:d3:af:a9:ac:5e:6c:af:e1:75:fb:09:7c:01:c7:23:f2:
         a4:44:d4:41:17:29:be:e3:e2:03:75:f6:58:3d:76:1d:cc:3b:
         67:1f:ab:3a:6d:c7:5d:43:20:00:91:64:ee:8f:12:af:e6:08:
         25:01:10:37:93:71:d6:0e:f7:f4:6b:3c:8d:14:04:6f:43:51:
         27:54:fa:37:e4:f1:97:4c:14:5a:a8:7f:ee:01:4e:99:26:74:
         eb:99:59:8b:18:b6:83:63:9e:8c:02:7f:2f:37:97:2c:87:21:
         97:c3:91:07:e5:a5:9e:23:f4:58:f3:09:be:4f:27:5a:c2:f9:
         e1:68:3d:c1:14:0b:13:cb:94:a4:58:59:fc:d7:12:59:99:c9:
         24:1a:dc:63:38:a0:28:8c:a1:fd:77:82:0f:40:07:27:65:bd:
         3b:ad:22:44
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUaWYVjde7H8wBzrM2vi9r3rBe6eIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxOWMxMTZjOGFlMzE4YWZkNGI4MjJlOWY0ZWVlYTBj
MzRiYWFjYTAeFw0yNDA5MTUxNDQ1MTRaFw0yNTA5MTQxNDUwMTRaMDMxMTAvBgNV
BAMTKDk3NjFBRUFGMDVBQjQ0OUE3M0U4RjA0RDIwOEY1NDg3MUIyQTBGQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmyfQ8K8V/4ReXK4eyjQOw/DCQ
bbWBEKXp9P5fb4ImdyxiK52/Ac6JNUX3HzJzjTc3+c8N7OrIRW8sJMBxq3vxbCNi
aeMyFbXBt3OzDMe1a7YMO5d4RGgh2x6ubsyqs7ElU85sAAAK2+NvpJ9OZ009IQMw
OmOSRrRpj+h5+4bYnPsSWwo3zo6gVi14GYWfi4uUY1J0ALAHljxPIaoz1rJb9eCj
I5QoZu5rl+Nc/LQQl2xYyYUu8EDgHBmPpxR2QWzB4Po/BKhFR/eKmWK8/4M3r8D9
AzrAFci5Hjev5Kxv8156/oZhfjFvVEDMNOxK/FOKFsEzHf1UhVUFzXtyQU5pAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUl2GurwWrRJpz6PBNII9UhxsqD6kwHwYDVR0j
BBgwFoAUYBnBFsiuMYr9S4Iun07uoMNLqsowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzMvNjAxOUMxMTZDOEFFMzE4QUZENEI4MjJFOUY0RUVFQTBDMzRCQUFDQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1lCbkJGc2l1TVlyOVM0SXVuMDd1b01O
THFzby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzMvMzEzOTMzMmUzMzM0MmUzMTM5
MzkyZTMxMzIzODJmMzIzNjJkMzIzNjIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgABMAcDBQbBIseA
MA0GCSqGSIb3DQEBCwUAA4IBAQBIKDU5X/8eowvuY0yLfvLaTMpr7h/IBzBCKVKn
wo3aADxo+Aq/kK3xG27Mkfz//MQJQAPjfo72IDuRRisD8Gu1bDP40wtpOYc6VOZk
Js0DWOLWaL1hgFCxEY9zhdOvqaxebK/hdfsJfAHHI/KkRNRBFym+4+IDdfZYPXYd
zDtnH6s6bcddQyAAkWTujxKv5gglARA3k3HWDvf0azyNFARvQ1EnVPo35PGXTBRa
qH/uAU6ZJnTrmVmLGLaDY56MAn8vN5cshyGXw5EH5aWeI/RY8wm+TydawvnhaD3B
FAsTy5SkWFn81xJZmckkGtxjOKAojKH9d4IPQAcnZb07rSJE
-----END CERTIFICATE-----