Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
File:                     39312e3139392e39302e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          sORULPjKmYTxWbCiZWHNjFWiFpyXjfWGCbDwXrkrqhg=
Subject key identifier:   3B:D8:75:3A:67:48:23:BF:89:44:48:E1:2F:C4:57:6F:EB:6E:B6:89
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       3F02F7C7F305121B21899611D34C3DD2158BDC11
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 03 Jul 2023 05:42:06 +0000
ROA not before:           Mon 03 Jul 2023 05:37:06 +0000
ROA not after:            Mon 01 Jul 2024 05:42:06 +0000
asID:                     60458
IP address blocks:        91.199.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:02:f7:c7:f3:05:12:1b:21:89:96:11:d3:4c:3d:d2:15:8b:dc:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jul  3 05:37:06 2023 GMT
            Not After : Jul  1 05:42:06 2024 GMT
        Subject: CN=3BD8753A674823BF894448E12FC4576FEB6EB689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:db:89:50:cc:28:52:79:db:ef:3e:4c:80:b7:
                    00:24:88:c1:8c:3c:15:29:97:bd:23:b3:e9:6e:53:
                    4b:be:5a:5e:80:b5:4e:ad:11:31:f6:41:40:ed:57:
                    d9:18:e4:80:4a:8a:75:12:a0:9e:49:21:e6:52:ae:
                    99:fe:55:2d:bc:6f:86:29:52:02:07:2b:00:40:eb:
                    b9:b2:23:89:7a:bd:45:be:19:84:6f:8b:d0:14:81:
                    d3:51:29:4a:6c:83:97:dc:d5:e1:2e:9d:2f:a8:0b:
                    e0:a7:3b:52:83:d3:16:93:a4:60:80:52:76:c0:9a:
                    71:31:ec:01:20:f6:e8:99:84:bb:df:99:2b:73:7c:
                    12:16:22:c4:53:3d:c1:db:1f:31:7a:1f:07:87:e2:
                    0c:80:9d:12:8b:bc:8a:1c:95:bf:6b:85:1e:7c:b6:
                    0d:1f:0b:e9:fc:4d:3b:39:73:dc:4b:1f:55:a0:a8:
                    4d:ad:ca:2e:ef:f9:af:64:fd:96:70:a5:1b:14:79:
                    07:ed:2f:64:8b:2a:9f:da:38:15:9e:48:01:c1:f4:
                    d4:09:c9:a5:21:d5:e9:3a:0b:67:6e:27:fb:0d:d6:
                    8f:36:d5:0a:78:59:15:04:46:55:e7:9d:55:50:6e:
                    a1:66:76:dc:ad:d3:f8:43:b9:25:23:b7:db:90:3e:
                    d6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D8:75:3A:67:48:23:BF:89:44:48:E1:2F:C4:57:6F:EB:6E:B6:89
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:0d:c1:67:bf:28:ce:c0:9c:38:7b:6b:75:b7:25:cd:b6:6d:
         42:a1:fb:36:2a:4d:f7:1a:9d:25:88:dd:c6:6a:f9:a1:96:4b:
         3f:bb:2a:fc:3a:8c:13:f9:4a:f8:96:60:57:93:1a:70:5c:47:
         30:00:e2:b9:f8:00:75:3d:41:3a:46:07:46:e1:06:c7:4d:a3:
         05:9e:f2:c1:9a:78:31:b0:88:5d:dd:c1:4c:eb:cf:c8:80:01:
         55:2a:5c:56:29:22:14:d1:ec:7f:85:1d:ea:a8:cd:2a:f6:6e:
         6e:8a:5e:78:5a:13:a9:3d:41:06:57:c4:56:c0:4d:76:34:85:
         50:f6:8f:fa:44:3a:51:82:b1:96:a4:1e:52:47:fd:98:62:31:
         4d:f7:2a:61:c9:ec:b3:b7:03:2a:f8:ad:1b:30:79:91:11:c3:
         74:21:69:b3:15:df:d1:86:c3:1f:1f:db:ed:f5:40:0c:e3:26:
         3f:0b:60:c7:f0:19:5d:96:50:73:29:ff:b4:d2:58:bc:46:d1:
         1b:38:95:7f:9a:34:0b:05:3c:50:0c:83:3a:f8:13:bc:bd:58:
         79:1c:98:31:e0:61:a7:5f:d7:55:95:8e:09:d7:19:15:ee:e9:
         e1:aa:6f:0f:d3:20:a5:3a:ac:98:78:9c:7b:c3:85:d9:5d:4e:
         49:f0:e1:38
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPwL3x/MFEhshiZYR00w90hWL3BEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yMzA3MDMwNTM3MDZaFw0yNDA3MDEwNTQyMDZaMDMxMTAvBgNV
BAMTKDNCRDg3NTNBNjc0ODIzQkY4OTQ0NDhFMTJGQzQ1NzZGRUI2RUI2ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCG24lQzChSedvvPkyAtwAkiMGM
PBUpl70js+luU0u+Wl6AtU6tETH2QUDtV9kY5IBKinUSoJ5JIeZSrpn+VS28b4Yp
UgIHKwBA67myI4l6vUW+GYRvi9AUgdNRKUpsg5fc1eEunS+oC+CnO1KD0xaTpGCA
UnbAmnEx7AEg9uiZhLvfmStzfBIWIsRTPcHbHzF6HweH4gyAnRKLvIoclb9rhR58
tg0fC+n8TTs5c9xLH1WgqE2tyi7v+a9k/ZZwpRsUeQftL2SLKp/aOBWeSAHB9NQJ
yaUh1ek6C2duJ/sN1o821Qp4WRUERlXnnVVQbqFmdtyt0/hDuSUjt9uQPtZNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUO9h1OmdII7+JREjhL8RXb+tutokwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzkzMTJlMzEzOTM5MmUzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvH
WjANBgkqhkiG9w0BAQsFAAOCAQEAfA3BZ78ozsCcOHtrdbclzbZtQqH7NipN9xqd
JYjdxmr5oZZLP7sq/DqME/lK+JZgV5MacFxHMADiufgAdT1BOkYHRuEGx02jBZ7y
wZp4MbCIXd3BTOvPyIABVSpcVikiFNHsf4Ud6qjNKvZubopeeFoTqT1BBlfEVsBN
djSFUPaP+kQ6UYKxlqQeUkf9mGIxTfcqYcnss7cDKvitGzB5kRHDdCFpsxXf0YbD
Hx/b7fVADOMmPwtgx/AZXZZQcyn/tNJYvEbRGziVf5o0CwU8UAyDOvgTvL1YeRyY
MeBhp1/XVZWOCdcZFe7p4apvD9MgpTqsmHice8OF2V1OSfDhOA==
-----END CERTIFICATE-----