Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20333936393933.roa
File:                     3139382e3133352e3136392e302f32342d3234203d3e20333936393933.roa (raw, json)
Hash identifier:          ds98Ml9DDwJOnbFWnKuYftmXTBL5e6vB9e43egQhGMs=
Subject key identifier:   97:97:90:41:5B:19:8E:41:67:9B:73:78:2C:AB:DA:B3:7B:98:8D:75
Certificate issuer:       /CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
Certificate serial:       128CA30A00F767C2AC169E917396DD206933DDBD
Authority key identifier: 6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20333936393933.roa
Signing time:             Mon 06 Jan 2025 22:05:40 +0000
ROA not before:           Mon 06 Jan 2025 22:00:40 +0000
ROA not after:            Mon 05 Jan 2026 22:05:40 +0000
asID:                     396993
IP address blocks:        198.135.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/829fb872-15bb-4a4e-9ed9-259960b049bd.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/829fb872-15bb-4a4e-9ed9-259960b049bd.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 05 Apr 2025 22:36:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:8c:a3:0a:00:f7:67:c2:ac:16:9e:91:73:96:dd:20:69:33:dd:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
        Validity
            Not Before: Jan  6 22:00:40 2025 GMT
            Not After : Jan  5 22:05:40 2026 GMT
        Subject: CN=979790415B198E41679B73782CABDAB37B988D75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:67:9a:01:13:73:42:41:59:13:ee:06:60:
                    2a:59:05:40:0e:33:c2:08:38:1b:9a:77:ee:66:0e:
                    66:b3:ae:d7:8d:87:77:bc:80:ed:c4:6c:64:81:f7:
                    92:33:40:57:9c:7e:7c:7e:46:51:36:93:c1:e4:94:
                    a2:dc:00:96:5b:4e:08:af:3e:34:17:94:f9:34:98:
                    d6:7f:51:99:f6:cc:7d:b4:f2:6f:ae:8b:b2:04:8b:
                    7c:b7:81:c4:7e:a3:13:bb:53:be:c8:67:2b:d6:cf:
                    74:26:1b:df:80:3f:82:2d:e8:fc:af:22:cc:8f:41:
                    bb:59:f0:a4:c3:5e:3a:48:c7:0a:d6:0c:fe:9e:1f:
                    ec:1f:5a:3e:7d:96:c3:fd:a1:df:f3:b5:40:84:57:
                    73:81:5b:d5:e3:90:22:8b:f6:dd:1f:0f:e1:d5:b2:
                    30:b2:6c:35:92:71:39:80:85:3b:6b:3d:6f:1d:dd:
                    a8:b9:21:ed:79:78:f5:e4:7a:13:da:7f:21:6b:92:
                    a7:61:7b:a1:96:15:88:16:2e:7a:7c:cd:03:5d:08:
                    be:9e:a3:bc:44:15:e4:84:f4:94:0c:97:87:92:73:
                    40:a7:91:c3:19:97:08:40:ed:57:7e:f3:5c:b1:87:
                    7c:23:77:ab:e5:86:01:4b:67:cd:68:a0:66:99:8f:
                    1c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:97:90:41:5B:19:8E:41:67:9B:73:78:2C:AB:DA:B3:7B:98:8D:75
            X509v3 Authority Key Identifier:
                keyid:6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20333936393933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.135.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:54:91:09:8c:e9:97:ab:a6:88:b5:0e:50:c1:c6:9c:6d:2f:
         e5:ea:28:13:3a:3d:09:6f:f4:45:06:98:9d:99:0e:5a:dd:f9:
         69:d3:90:15:67:7d:cf:67:cd:1c:ca:eb:db:75:96:93:7a:0a:
         9c:e8:d8:d5:86:1d:b2:ab:84:79:bb:1d:11:f8:ac:42:2c:43:
         35:6f:b1:85:57:2b:9c:14:83:c3:c1:95:2d:f4:6c:d1:6b:1b:
         1c:c2:c2:da:09:ce:7a:0d:30:c0:b6:52:50:a3:f2:1e:37:89:
         6a:37:10:44:87:09:2c:9a:a4:a2:4f:fd:7c:bc:2e:4b:a9:24:
         b1:14:da:bb:2c:a1:e6:ff:07:8d:7a:44:b5:d0:ff:c1:6d:f4:
         3e:38:a1:5f:60:8d:ea:d5:d9:03:45:a2:94:29:39:7c:5a:83:
         18:d6:0a:a3:fe:0d:44:a9:6f:49:23:37:15:97:c6:2a:1e:5c:
         32:74:99:e7:27:2c:98:aa:d1:73:b2:43:a0:cc:f2:41:ec:dd:
         c8:40:3c:cb:ce:f7:e3:de:6d:18:27:65:18:b1:78:16:26:6c:
         3b:64:14:02:91:ba:4d:c6:9c:54:56:58:53:75:bf:a3:2c:92:
         6b:d7:23:26:9d:83:4a:ba:d1:2d:b0:53:32:bf:2c:80:30:7c:
         29:98:fa:0c
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgIUEoyjCgD3Z8KsFp6Rc5bdIGkz3b0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIw
MjY3OTY2MDExMmJlOWEyZDcwHhcNMjUwMTA2MjIwMDQwWhcNMjYwMTA1MjIwNTQw
WjAzMTEwLwYDVQQDEyg5Nzk3OTA0MTVCMTk4RTQxNjc5QjczNzgyQ0FCREFCMzdC
OTg4RDc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAdnmgETc0JB
WRPuBmAqWQVADjPCCDgbmnfuZg5ms67XjYd3vIDtxGxkgfeSM0BXnH58fkZRNpPB
5JSi3ACWW04Irz40F5T5NJjWf1GZ9sx9tPJvrouyBIt8t4HEfqMTu1O+yGcr1s90
JhvfgD+CLej8ryLMj0G7WfCkw146SMcK1gz+nh/sH1o+fZbD/aHf87VAhFdzgVvV
45Aii/bdHw/h1bIwsmw1knE5gIU7az1vHd2ouSHteXj15HoT2n8ha5KnYXuhlhWI
Fi56fM0DXQi+nqO8RBXkhPSUDJeHknNAp5HDGZcIQO1XfvNcsYd8I3er5YYBS2fN
aKBmmY8ciwIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFJeXkEFbGY5BZ5tzeCyr2rN7
mI11MB8GA1UdIwQYMBaAFGpvbsJypevcGCQcLITR2f6UwSWqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC83LzZBNkY2RUMyNzJBNUVCREMxODI0MUMyQzg0RDFEOUZF
OTRDMTI1QUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIwMjY3
OTY2MDExMmJlOWEyZDcuY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC83LzMxMzkzODJl
MzEzMzM1MmUzMTM2MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzYzOTM5
MzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADGh6kwDQYJKoZIhvcNAQELBQADggEBACtUkQmM6Zerpoi1
DlDBxpxtL+XqKBM6PQlv9EUGmJ2ZDlrd+WnTkBVnfc9nzRzK69t1lpN6Cpzo2NWG
HbKrhHm7HRH4rEIsQzVvsYVXK5wUg8PBlS30bNFrGxzCwtoJznoNMMC2UlCj8h43
iWo3EESHCSyapKJP/Xy8LkupJLEU2rssoeb/B416RLXQ/8Ft9D44oV9gjerV2QNF
opQpOXxagxjWCqP+DUSpb0kjNxWXxioeXDJ0mecnLJiq0XOyQ6DM8kHs3chAPMvO
9+PebRgnZRixeBYmbDtkFAKRuk3GnFRWWFN1v6MskmvXIyadg0q60S2wUzK/LIAw
fCmY+gw=
-----END CERTIFICATE-----