Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
File:                     3231332e352e3133322e302f32342d3234203d3e203530333931.roa (raw, json)
Hash identifier:          nsQAR4+jC5765x515G9ldfkFI4EVfUQOiMaNr4lg+DA=
Subject key identifier:   43:2F:05:CD:8D:68:84:98:1E:E1:C8:7A:34:88:77:20:2E:C7:65:DD
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       71AEDA1DEAD4B44D2A9B81647FACC60370FF8FF8
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
Signing time:             Wed 19 Jul 2023 13:29:41 +0000
ROA not before:           Wed 19 Jul 2023 13:24:41 +0000
ROA not after:            Wed 17 Jul 2024 13:29:41 +0000
asID:                     50391
IP address blocks:        213.5.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:ae:da:1d:ea:d4:b4:4d:2a:9b:81:64:7f:ac:c6:03:70:ff:8f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Jul 19 13:24:41 2023 GMT
            Not After : Jul 17 13:29:41 2024 GMT
        Subject: CN=432F05CD8D6884981EE1C87A348877202EC765DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2f:ba:78:46:79:3a:c8:bd:90:70:75:2b:7b:
                    fd:d9:ec:88:a2:d4:dd:45:56:47:13:f7:e9:13:03:
                    da:e7:db:dc:12:aa:1a:66:b9:84:f1:05:5e:ea:52:
                    f4:b4:f3:41:c0:fa:9f:1f:58:43:0d:33:95:81:0c:
                    be:51:13:54:9d:ff:21:fd:46:c4:57:00:dc:17:8d:
                    9d:7e:ef:7d:04:93:cf:31:2d:8d:31:a2:1e:c5:9a:
                    d1:58:6a:30:8f:f9:fa:fe:c5:ea:d8:39:93:4e:08:
                    aa:9d:17:30:f3:2e:a3:8b:78:ef:9d:c2:1b:38:7f:
                    29:48:ed:40:4b:2b:2b:9d:bc:65:98:3f:3b:c0:49:
                    93:d2:02:9a:34:dd:7d:95:98:5a:d5:a3:f7:2a:95:
                    18:6c:f8:82:d6:c9:cf:c6:08:fe:1c:5c:23:68:52:
                    79:de:a7:2e:1f:02:7b:b1:cb:da:cd:6b:43:a1:d5:
                    79:74:c4:2b:11:49:d7:81:49:64:fc:39:9d:d0:fc:
                    ba:1e:2a:6b:86:78:ba:17:11:8f:04:8a:2d:92:a0:
                    50:23:5b:f6:b2:2b:77:8a:57:01:b2:39:d1:7e:e3:
                    46:3e:34:f9:00:36:2d:8c:fc:05:e3:8d:f8:61:ce:
                    9f:11:14:27:8e:fc:a5:da:18:c8:f4:32:32:d4:6d:
                    cf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2F:05:CD:8D:68:84:98:1E:E1:C8:7A:34:88:77:20:2E:C7:65:DD
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:7d:72:cc:fb:f3:50:01:5a:99:2a:22:55:9f:09:e8:b8:f0:
         18:d2:8a:03:84:75:7f:09:d7:d2:b6:fd:5f:95:5d:2d:79:28:
         61:a3:55:90:cf:d7:00:09:3d:ae:c8:b7:66:93:f4:74:16:fa:
         e7:e5:bd:f4:82:9c:6a:fb:cb:ff:49:68:c5:c0:ad:68:32:a2:
         06:9e:92:7c:9e:b1:18:1f:a3:c0:1d:a0:03:e2:3b:3c:e4:54:
         55:88:2f:10:8c:cc:59:7f:a9:43:b4:c9:b3:af:ea:12:a4:cf:
         54:94:a4:76:4d:e1:24:d7:29:56:2d:e4:a7:43:02:b2:09:a6:
         27:58:4e:1a:d7:5e:4d:86:bf:09:7d:fd:6e:9e:e7:e8:3b:ed:
         f9:ec:fc:8a:df:da:27:92:62:40:bf:44:5b:d5:9e:02:fd:ad:
         64:3e:10:ec:f7:d2:ee:b5:32:6d:ac:cf:8b:62:b9:6b:d1:24:
         6e:10:02:4a:10:96:7f:95:a8:f0:f2:e2:3b:2d:c2:13:92:86:
         70:7c:54:07:d5:1b:e2:1d:b6:84:4a:cc:bc:c9:3c:16:e2:db:
         d1:30:c7:f2:cd:13:e3:e6:a2:fa:0d:71:a3:d7:cd:e0:eb:17:
         3c:e1:dd:96:ed:18:e0:79:3c:5e:4c:0b:4e:77:22:ef:37:fd:
         a4:65:bf:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUca7aHerUtE0qm4Fkf6zGA3D/j/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yMzA3MTkxMzI0NDFaFw0yNDA3MTcxMzI5NDFaMDMxMTAvBgNV
BAMTKDQzMkYwNUNEOEQ2ODg0OTgxRUUxQzg3QTM0ODg3NzIwMkVDNzY1REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVL7p4Rnk6yL2QcHUre/3Z7Iii
1N1FVkcT9+kTA9rn29wSqhpmuYTxBV7qUvS080HA+p8fWEMNM5WBDL5RE1Sd/yH9
RsRXANwXjZ1+730Ek88xLY0xoh7FmtFYajCP+fr+xerYOZNOCKqdFzDzLqOLeO+d
whs4fylI7UBLKyudvGWYPzvASZPSApo03X2VmFrVo/cqlRhs+ILWyc/GCP4cXCNo
Unnepy4fAnuxy9rNa0Oh1Xl0xCsRSdeBSWT8OZ3Q/LoeKmuGeLoXEY8Eii2SoFAj
W/ayK3eKVwGyOdF+40Y+NPkANi2M/AXjjfhhzp8RFCeO/KXaGMj0MjLUbc/tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQy8FzY1ohJge4ch6NIh3IC7HZd0wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzIzMTMzMmUzNTJlMzEzMzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDMzMzkzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANUF
hDANBgkqhkiG9w0BAQsFAAOCAQEAF31yzPvzUAFamSoiVZ8J6LjwGNKKA4R1fwnX
0rb9X5VdLXkoYaNVkM/XAAk9rsi3ZpP0dBb65+W99IKcavvL/0loxcCtaDKiBp6S
fJ6xGB+jwB2gA+I7PORUVYgvEIzMWX+pQ7TJs6/qEqTPVJSkdk3hJNcpVi3kp0MC
sgmmJ1hOGtdeTYa/CX39bp7n6Dvt+ez8it/aJ5JiQL9EW9WeAv2tZD4Q7PfS7rUy
bazPi2K5a9EkbhACShCWf5Wo8PLiOy3CE5KGcHxUB9Ub4h22hErMvMk8FuLb0TDH
8s0T4+ai+g1xo9fN4OsXPOHdlu0Y4Hk8XkwLTnci7zf9pGW/HA==
-----END CERTIFICATE-----