Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
File:                     39312e3139392e39302e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          ZCLM9BGFu9emToJAxACCzDurumlwiFHCnv29VgHNHUw=
Subject key identifier:   2A:06:C3:5A:18:8C:94:F6:6E:DC:13:07:ED:D2:62:05:E6:64:97:2B
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       1EF9AC7140A2B70D16BA9175D33428C2D80A3887
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 03 Jun 2024 06:05:17 +0000
ROA not before:           Mon 03 Jun 2024 06:00:17 +0000
ROA not after:            Mon 02 Jun 2025 06:05:17 +0000
asID:                     60458
IP address blocks:        91.199.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:f9:ac:71:40:a2:b7:0d:16:ba:91:75:d3:34:28:c2:d8:0a:38:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun  3 06:00:17 2024 GMT
            Not After : Jun  2 06:05:17 2025 GMT
        Subject: CN=2A06C35A188C94F66EDC1307EDD26205E664972B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4f:fc:f4:46:be:48:25:0d:fb:3b:e4:57:2f:
                    2b:3e:db:fa:ae:43:63:e1:a8:27:41:cb:f9:1e:87:
                    82:2e:82:8d:c9:1b:75:f7:69:d5:50:e5:ec:79:9d:
                    2a:81:f1:95:67:0c:44:02:fb:17:7a:85:1a:ac:a4:
                    e8:9c:03:bb:3c:4a:ab:bb:4c:cf:a0:ba:a4:bc:99:
                    a7:5a:ad:52:1b:28:ee:1b:ae:c3:f3:5b:9f:01:03:
                    7e:94:ad:ee:6a:23:08:19:0f:1e:a8:ba:35:42:75:
                    48:dd:64:e1:d6:c5:cc:de:f8:7e:37:fd:5c:96:d2:
                    b3:6d:a8:cf:58:c5:08:ca:3d:66:e7:67:4d:75:96:
                    1e:d5:6d:7e:0f:89:c0:0d:c3:02:67:ff:e9:1a:d4:
                    cf:c3:c5:15:0e:c6:5f:01:d4:01:0a:8b:48:3e:fa:
                    a7:aa:1e:dc:2b:31:5b:37:46:39:4e:26:66:17:1d:
                    e4:be:f5:ec:63:82:4d:b7:45:f5:dd:06:8b:0d:25:
                    cd:b4:c5:8f:66:dc:a1:5e:f1:39:ed:90:f6:57:45:
                    d7:cf:84:e8:69:cd:46:cd:a1:f2:c8:ca:79:3c:b8:
                    6e:79:22:11:e3:ea:27:ef:fc:d2:ee:7c:a1:00:ac:
                    af:1d:97:f5:14:98:c3:79:32:6f:6c:d6:bc:b6:76:
                    d1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:06:C3:5A:18:8C:94:F6:6E:DC:13:07:ED:D2:62:05:E6:64:97:2B
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:5f:16:65:ac:53:d6:c2:b8:c5:81:05:aa:bd:57:4c:c7:2b:
         89:b3:e4:9a:82:19:8e:73:8d:7b:15:1d:0f:46:d9:62:49:b7:
         7d:36:a3:cd:27:53:8d:4b:73:87:49:1e:e6:a1:c3:1a:ac:15:
         90:fc:ce:1e:a7:72:64:5e:3e:e3:89:bb:7c:60:7e:56:58:ff:
         95:4b:38:35:49:a0:07:05:70:8c:81:de:28:49:44:5c:76:28:
         e0:33:11:47:63:bf:20:9c:bc:bf:04:76:35:08:89:3a:df:53:
         04:3a:50:57:e5:e7:08:06:25:ee:e9:49:2f:8f:34:f3:29:51:
         84:c0:14:43:33:69:09:89:cb:ea:bf:f3:39:18:79:ad:3e:ac:
         57:0e:62:87:bf:7d:1c:0e:81:50:17:d6:bd:dd:99:90:1c:4c:
         4b:83:9c:24:eb:9c:29:b3:01:d2:dd:68:c1:a5:07:11:48:3b:
         08:7c:61:34:76:ae:9b:cd:c5:f9:25:72:be:5a:1d:03:b8:d0:
         6a:43:eb:b4:dc:21:71:23:31:ee:8c:09:4b:ba:a8:f9:ff:bf:
         6c:a3:de:f6:d4:3e:c0:fe:18:00:49:d8:9a:0f:aa:2d:6f:de:
         71:7e:e3:47:87:1c:bd:11:57:43:2f:32:da:2a:af:bd:90:ef:
         6a:fd:8d:ac
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHvmscUCitw0WupF10zQowtgKOIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MDMwNjAwMTdaFw0yNTA2MDIwNjA1MTdaMDMxMTAvBgNV
BAMTKDJBMDZDMzVBMTg4Qzk0RjY2RURDMTMwN0VERDI2MjA1RTY2NDk3MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaT/z0Rr5IJQ37O+RXLys+2/qu
Q2PhqCdBy/keh4Iugo3JG3X3adVQ5ex5nSqB8ZVnDEQC+xd6hRqspOicA7s8Squ7
TM+guqS8madarVIbKO4brsPzW58BA36Ure5qIwgZDx6oujVCdUjdZOHWxcze+H43
/VyW0rNtqM9YxQjKPWbnZ011lh7VbX4PicANwwJn/+ka1M/DxRUOxl8B1AEKi0g+
+qeqHtwrMVs3RjlOJmYXHeS+9exjgk23RfXdBosNJc20xY9m3KFe8TntkPZXRdfP
hOhpzUbNofLIynk8uG55IhHj6ifv/NLufKEArK8dl/UUmMN5Mm9s1ry2dtGHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKgbDWhiMlPZu3BMH7dJiBeZklyswHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzkzMTJlMzEzOTM5MmUzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvH
WjANBgkqhkiG9w0BAQsFAAOCAQEAwl8WZaxT1sK4xYEFqr1XTMcribPkmoIZjnON
exUdD0bZYkm3fTajzSdTjUtzh0ke5qHDGqwVkPzOHqdyZF4+44m7fGB+Vlj/lUs4
NUmgBwVwjIHeKElEXHYo4DMRR2O/IJy8vwR2NQiJOt9TBDpQV+XnCAYl7ulJL480
8ylRhMAUQzNpCYnL6r/zORh5rT6sVw5ih799HA6BUBfWvd2ZkBxMS4OcJOucKbMB
0t1owaUHEUg7CHxhNHaum83F+SVyvlodA7jQakPrtNwhcSMx7owJS7qo+f+/bKPe
9tQ+wP4YAEnYmg+qLW/ecX7jR4ccvRFXQy8y2iqvvZDvav2NrA==
-----END CERTIFICATE-----