Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa
File:                     3139332e3130392e3139332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          U8ID6Xn9Smk1a1+dDILTAqW6js4aBlON8ez2IE2PRqs=
Subject key identifier:   82:14:29:91:CD:05:D5:47:59:DE:EB:68:3F:4F:65:F7:40:85:07:3E
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       31017A7DEC9C21EE62B10A161023D558C342F33B
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 28 Jan 2025 00:02:07 +0000
ROA not before:           Mon 27 Jan 2025 23:57:07 +0000
ROA not after:            Tue 27 Jan 2026 00:02:07 +0000
asID:                     834
IP address blocks:        193.109.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:50:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:01:7a:7d:ec:9c:21:ee:62:b1:0a:16:10:23:d5:58:c3:42:f3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan 27 23:57:07 2025 GMT
            Not After : Jan 27 00:02:07 2026 GMT
        Subject: CN=82142991CD05D54759DEEB683F4F65F74085073E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:29:09:fc:cc:6d:ef:34:ac:ce:7c:03:e8:
                    58:a4:a7:df:55:c9:9e:35:df:63:2e:2a:8c:1b:2c:
                    0a:d6:b3:ca:44:41:ab:43:a2:1d:b8:83:6b:a0:e0:
                    33:c2:93:fc:f2:e2:e6:45:84:d3:66:6b:1d:0d:db:
                    85:6d:a2:66:50:1a:ca:d3:3c:59:1b:44:41:f8:bb:
                    17:86:d9:a8:89:17:a3:d6:4f:49:8b:86:fc:76:24:
                    95:80:6e:d1:86:dc:10:fa:88:b4:70:eb:c7:87:57:
                    36:a1:b9:db:51:bc:a6:52:4b:67:12:f4:d2:b2:a2:
                    b8:a8:21:66:47:38:0c:0c:29:9e:54:c9:2f:54:86:
                    19:0b:47:96:eb:97:e8:58:5f:49:96:7c:42:8a:16:
                    0e:0e:0c:49:2a:d9:9b:04:e7:ef:4e:aa:ee:91:4f:
                    7d:6d:b3:61:40:77:67:bc:38:2b:65:ea:eb:66:2d:
                    87:28:c8:5d:15:9c:b2:8e:49:47:2a:de:7a:2e:0b:
                    48:9f:8e:d3:79:03:cd:b1:21:59:ef:87:53:27:47:
                    06:c6:6c:e8:55:1b:51:0f:07:de:cd:49:bf:0b:f5:
                    f6:c9:3f:79:c6:53:1b:de:8e:f1:65:e4:e9:85:7a:
                    4c:96:57:92:99:97:be:09:ee:90:55:8d:41:bd:16:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:14:29:91:CD:05:D5:47:59:DE:EB:68:3F:4F:65:F7:40:85:07:3E
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3139332e3130392e3139332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ab:bf:3b:d0:70:37:25:c9:ef:9e:5e:ed:68:f4:97:b1:9c:
         02:54:a8:50:0d:79:1c:8e:29:6f:32:96:57:ab:33:ed:4d:36:
         39:ff:6e:e6:e9:9d:3a:bf:6c:96:35:f8:e3:ad:37:bc:45:18:
         ff:17:c8:ae:95:c3:fe:ae:1f:d5:7d:f0:5c:92:a5:6a:2b:33:
         cb:d1:47:c4:6c:9d:af:15:72:69:db:d8:4c:d0:73:a1:99:b0:
         b8:83:a0:f8:f3:8d:24:8e:91:c7:d6:20:37:b9:86:56:8f:18:
         c2:54:20:34:fe:d8:5e:a9:59:c9:ae:27:5f:1f:0f:d6:fd:29:
         61:02:f5:80:b5:9d:a6:45:fe:29:18:30:24:0c:63:d7:e3:68:
         f4:b0:ae:9a:db:2b:94:a2:18:56:eb:51:ca:79:60:2f:02:c0:
         9c:cc:13:32:eb:f1:5f:1e:d0:2a:ee:64:35:c5:03:aa:37:bb:
         08:d3:dd:4f:14:ec:20:f0:6f:ab:6b:1a:b3:f3:f5:59:d9:f1:
         75:42:75:92:50:7c:1c:cc:7c:c1:1e:69:09:d3:0d:82:82:1d:
         37:f2:ba:8a:4b:e8:06:7d:ff:44:e9:52:49:37:8b:21:57:a8:
         3c:9b:2b:66:8b:d9:97:5d:2a:5e:a7:42:f9:82:12:a9:dd:6f:
         ae:39:a2:59
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMQF6feycIe5isQoWECPVWMNC8zswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMjcyMzU3MDdaFw0yNjAxMjcwMDAyMDdaMDMxMTAvBgNV
BAMTKDgyMTQyOTkxQ0QwNUQ1NDc1OURFRUI2ODNGNEY2NUY3NDA4NTA3M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdLikJ/Mxt7zSsznwD6Fikp99V
yZ4132MuKowbLArWs8pEQatDoh24g2ug4DPCk/zy4uZFhNNmax0N24VtomZQGsrT
PFkbREH4uxeG2aiJF6PWT0mLhvx2JJWAbtGG3BD6iLRw68eHVzahudtRvKZSS2cS
9NKyorioIWZHOAwMKZ5UyS9UhhkLR5brl+hYX0mWfEKKFg4ODEkq2ZsE5+9Oqu6R
T31ts2FAd2e8OCtl6utmLYcoyF0VnLKOSUcq3nouC0ifjtN5A82xIVnvh1MnRwbG
bOhVG1EPB97NSb8L9fbJP3nGUxvejvFl5OmFekyWV5KZl74J7pBVjUG9FpwJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUghQpkc0F1UdZ3utoP09l90CFBz4wHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzOTMzMmUzMTMwMzkyZTMx
MzkzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFt
wTANBgkqhkiG9w0BAQsFAAOCAQEAMau/O9BwNyXJ755e7Wj0l7GcAlSoUA15HI4p
bzKWV6sz7U02Of9u5umdOr9sljX44603vEUY/xfIrpXD/q4f1X3wXJKlaiszy9FH
xGydrxVyadvYTNBzoZmwuIOg+PONJI6Rx9YgN7mGVo8YwlQgNP7YXqlZya4nXx8P
1v0pYQL1gLWdpkX+KRgwJAxj1+No9LCumtsrlKIYVutRynlgLwLAnMwTMuvxXx7Q
Ku5kNcUDqje7CNPdTxTsIPBvq2sas/P1WdnxdUJ1klB8HMx8wR5pCdMNgoIdN/K6
ikvoBn3/ROlSSTeLIVeoPJsrZovZl10qXqdC+YISqd1vrjmiWQ==
-----END CERTIFICATE-----