Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
File:                     3231332e352e3133322e302f32342d3234203d3e203530333931.roa (raw, json)
Hash identifier:          sb2xwceJ1n9/T85Ohz0tvDfoNG01dFrgke/GXXO1AKc=
Subject key identifier:   57:53:86:F1:51:C8:40:C6:1D:A5:5F:1C:83:A0:3F:5A:AD:9F:69:23
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       31EE8DFDFAEDD400EB2E5661AF257F86638FFB83
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
Signing time:             Wed 19 Jun 2024 14:01:18 +0000
ROA not before:           Wed 19 Jun 2024 13:56:18 +0000
ROA not after:            Wed 18 Jun 2025 14:01:18 +0000
asID:                     50391
IP address blocks:        213.5.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ee:8d:fd:fa:ed:d4:00:eb:2e:56:61:af:25:7f:86:63:8f:fb:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jun 19 13:56:18 2024 GMT
            Not After : Jun 18 14:01:18 2025 GMT
        Subject: CN=575386F151C840C61DA55F1C83A03F5AAD9F6923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:63:bd:62:7c:5f:cc:79:fd:88:98:ec:26:90:
                    dd:65:dd:c3:6d:64:01:0e:8b:ab:ff:48:a4:ee:60:
                    9b:07:c3:8d:e8:64:ac:0b:81:e1:4f:3f:b3:e9:d7:
                    b8:6f:14:32:d9:2a:1f:e6:d5:24:d1:e4:ce:3d:b8:
                    92:03:1e:94:f8:6d:8b:9c:23:44:e8:1e:31:3b:0a:
                    bb:95:ab:81:84:13:f6:86:98:df:17:19:69:b5:13:
                    80:dd:aa:f4:34:b2:fd:9a:68:3a:8b:f8:fe:80:2e:
                    e4:2c:bb:fd:c0:40:70:9a:64:05:f6:31:d1:4d:b3:
                    31:7e:be:54:ca:c4:f4:98:dc:39:bd:c7:3b:4c:e7:
                    b0:db:49:90:3c:4f:e4:14:4b:1d:f3:13:2c:d0:e4:
                    77:15:66:05:5a:ec:c4:f9:82:e4:d7:42:f0:02:8b:
                    c1:8f:91:40:f7:ec:c4:ca:59:35:2c:b6:b3:c3:fa:
                    e3:03:66:b4:2a:57:20:7b:33:ec:82:75:4c:0e:7f:
                    18:19:49:6b:b3:01:52:93:9e:1a:d7:7d:24:47:f1:
                    95:ab:4d:72:6a:1b:ac:86:16:ff:38:2b:e3:f6:75:
                    77:ea:43:81:b3:f5:79:e2:e6:58:64:93:61:a2:22:
                    21:4c:b2:b8:63:7c:7b:b5:61:29:7b:ab:ad:9d:27:
                    9c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:53:86:F1:51:C8:40:C6:1D:A5:5F:1C:83:A0:3F:5A:AD:9F:69:23
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:a5:9f:fc:b6:c0:15:fe:77:d8:93:4a:0d:44:ba:1a:d2:d5:
         17:9f:4f:08:a3:13:bf:5a:bf:42:74:1e:07:bc:dc:ca:0b:fb:
         14:22:b9:34:07:4f:eb:3f:7d:58:c6:e5:b9:a8:1f:ce:ce:45:
         1d:55:cb:99:12:01:6c:de:48:d0:cc:66:a1:81:98:86:a2:89:
         d0:c5:a6:82:64:79:15:01:07:8e:b9:32:2c:b6:c7:ee:66:67:
         32:86:67:1b:c1:9e:02:3e:2f:4c:ab:5b:c3:60:58:88:1e:3d:
         95:1d:3d:5c:7a:b6:b9:23:16:0b:69:cc:1e:7f:7e:ef:7b:98:
         7d:c1:ce:c6:c6:87:f7:ef:ca:ed:32:ac:f2:60:e0:a2:f0:51:
         b7:e0:9f:0a:83:fd:f2:68:c6:3c:ef:a3:f9:ae:b9:35:df:1f:
         3e:d6:07:aa:1d:0c:3a:8f:c6:e8:5b:5d:fd:79:73:ec:ef:f3:
         58:2d:c0:54:1b:e1:99:89:85:83:62:79:5c:82:0e:db:1d:67:
         a4:e8:b7:b2:4f:00:ea:37:a0:41:22:0c:e8:f4:8d:18:16:99:
         bb:ed:5a:06:d9:94:97:c0:99:12:9a:89:86:5c:59:89:08:0c:
         44:2d:7c:6c:2d:90:38:28:4b:12:39:59:28:14:c9:e1:8e:33:
         40:fc:1b:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMe6N/frt1ADrLlZhryV/hmOP+4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNDA2MTkxMzU2MThaFw0yNTA2MTgxNDAxMThaMDMxMTAvBgNV
BAMTKDU3NTM4NkYxNTFDODQwQzYxREE1NUYxQzgzQTAzRjVBQUQ5RjY5MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTY71ifF/Mef2ImOwmkN1l3cNt
ZAEOi6v/SKTuYJsHw43oZKwLgeFPP7Pp17hvFDLZKh/m1STR5M49uJIDHpT4bYuc
I0ToHjE7CruVq4GEE/aGmN8XGWm1E4DdqvQ0sv2aaDqL+P6ALuQsu/3AQHCaZAX2
MdFNszF+vlTKxPSY3Dm9xztM57DbSZA8T+QUSx3zEyzQ5HcVZgVa7MT5guTXQvAC
i8GPkUD37MTKWTUstrPD+uMDZrQqVyB7M+yCdUwOfxgZSWuzAVKTnhrXfSRH8ZWr
TXJqG6yGFv84K+P2dXfqQ4Gz9Xni5lhkk2GiIiFMsrhjfHu1YSl7q62dJ5z1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV1OG8VHIQMYdpV8cg6A/Wq2faSMwHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzIzMTMzMmUzNTJlMzEzMzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDMzMzkzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANUF
hDANBgkqhkiG9w0BAQsFAAOCAQEArKWf/LbAFf532JNKDUS6GtLVF59PCKMTv1q/
QnQeB7zcygv7FCK5NAdP6z99WMbluagfzs5FHVXLmRIBbN5I0MxmoYGYhqKJ0MWm
gmR5FQEHjrkyLLbH7mZnMoZnG8GeAj4vTKtbw2BYiB49lR09XHq2uSMWC2nMHn9+
73uYfcHOxsaH9+/K7TKs8mDgovBRt+CfCoP98mjGPO+j+a65Nd8fPtYHqh0MOo/G
6Ftd/Xlz7O/zWC3AVBvhmYmFg2J5XIIO2x1npOi3sk8A6jegQSIM6PSNGBaZu+1a
BtmUl8CZEpqJhlxZiQgMRC18bC2QOChLEjlZKBTJ4Y4zQPwbxA==
-----END CERTIFICATE-----