Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e2039323332.roa
File:                     39312e3230392e3137392e302f32342d3234203d3e2039323332.roa (raw, json)
Hash identifier:          DUgBG+DDM8ST08Z0XIhaDsSEtBOUn3VXDgiNBjQq7a4=
Subject key identifier:   BE:80:0E:75:21:40:35:09:0E:BB:45:74:03:EA:80:52:D5:66:EC:A7
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       7291E6630148A7AF0BB7C09E47C55C43ED303DA3
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e2039323332.roa
Signing time:             Tue 25 Mar 2025 06:19:53 +0000
ROA not before:           Tue 25 Mar 2025 06:14:53 +0000
ROA not after:            Tue 24 Mar 2026 06:19:53 +0000
asID:                     9232
IP address blocks:        91.209.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:91:e6:63:01:48:a7:af:0b:b7:c0:9e:47:c5:5c:43:ed:30:3d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar 25 06:14:53 2025 GMT
            Not After : Mar 24 06:19:53 2026 GMT
        Subject: CN=BE800E75214035090EBB457403EA8052D566ECA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d4:61:0f:16:27:c4:62:26:e4:f9:f1:83:8e:
                    d3:3d:fd:a8:de:28:0a:7e:df:6c:e4:9b:d4:2f:45:
                    69:7e:b6:8c:23:00:7f:7f:8f:2f:21:50:48:fc:35:
                    07:8a:8f:3e:f5:1c:18:37:56:9a:49:06:e6:47:3b:
                    65:50:04:0c:5d:78:7f:b8:ef:b3:f8:4c:c2:ef:d1:
                    78:21:86:f7:02:0e:c8:39:8e:67:7d:4e:a4:92:4b:
                    74:73:c2:ee:8c:18:8c:e0:95:2d:a5:61:f9:7b:17:
                    d4:fe:bc:d2:90:bb:64:97:dc:32:7b:9b:5e:94:43:
                    4b:79:9e:84:58:85:e6:eb:46:80:fa:37:b9:08:e1:
                    ed:5e:46:8a:5b:7c:c0:06:90:93:d1:42:19:0b:89:
                    ac:28:69:c2:ac:a4:2c:11:68:7c:e7:d4:cf:f5:88:
                    70:72:87:6f:1a:3d:58:a2:53:e1:52:47:c0:f5:fb:
                    07:93:c7:63:f5:e0:20:92:7d:8f:8e:90:03:f4:e7:
                    7d:76:b4:ce:7e:b5:4c:57:be:eb:ff:7e:a8:33:3f:
                    c2:07:54:20:b1:f1:68:63:f1:cf:ee:eb:35:e9:77:
                    e7:9f:0f:d4:0e:8c:a7:61:a1:f3:88:dd:37:db:52:
                    22:d4:d8:aa:7e:a1:7f:53:f7:15:a1:70:11:f7:3d:
                    97:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:80:0E:75:21:40:35:09:0E:BB:45:74:03:EA:80:52:D5:66:EC:A7
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e2039323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:18:c1:7b:84:07:42:18:4c:c2:d9:06:fa:d6:40:ad:75:2b:
         50:b4:b7:74:c0:73:ac:47:52:55:1b:d5:e5:fb:6c:e5:e8:d6:
         80:c3:dc:26:9c:85:4e:29:57:de:64:b5:98:df:18:9a:b0:d2:
         00:a3:b7:76:48:30:86:d5:07:3f:ee:bc:c7:8f:37:c4:e5:02:
         70:c4:c2:b1:d9:4d:40:09:cb:f5:1f:c6:b2:c0:11:a4:65:bf:
         cb:b9:50:b4:d8:3d:2d:f2:19:c1:bc:a8:c9:30:4b:35:52:bb:
         75:b4:e8:fd:49:3a:1e:3e:15:f4:7a:3d:bf:44:6b:15:b5:69:
         d1:a4:2d:b3:17:ed:08:64:50:26:e4:d3:3b:82:74:b4:1c:e7:
         f5:ef:f7:a3:00:c0:2b:60:37:13:8c:3b:57:77:5a:46:a0:bc:
         c9:db:ed:5e:00:e6:6c:ae:38:17:8c:44:18:eb:5e:cd:eb:ba:
         aa:45:21:5b:71:f5:04:90:84:54:c7:46:15:1c:cc:bc:c7:7c:
         a3:e6:57:de:f1:a3:a3:57:36:a6:0d:6a:b4:b4:01:c1:9d:73:
         01:0b:e9:36:76:69:df:db:b1:8d:cd:42:cc:34:d6:00:99:37:
         a9:02:cc:42:96:cc:e6:f8:dc:78:6e:87:8f:c7:cc:93:d7:b4:
         f0:d3:fc:b3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcpHmYwFIp68Lt8CeR8VcQ+0wPaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTAzMjUwNjE0NTNaFw0yNjAzMjQwNjE5NTNaMDMxMTAvBgNV
BAMTKEJFODAwRTc1MjE0MDM1MDkwRUJCNDU3NDAzRUE4MDUyRDU2NkVDQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm1GEPFifEYibk+fGDjtM9/aje
KAp+32zkm9QvRWl+towjAH9/jy8hUEj8NQeKjz71HBg3VppJBuZHO2VQBAxdeH+4
77P4TMLv0XghhvcCDsg5jmd9TqSSS3Rzwu6MGIzglS2lYfl7F9T+vNKQu2SX3DJ7
m16UQ0t5noRYhebrRoD6N7kI4e1eRopbfMAGkJPRQhkLiawoacKspCwRaHzn1M/1
iHByh28aPViiU+FSR8D1+weTx2P14CCSfY+OkAP05312tM5+tUxXvuv/fqgzP8IH
VCCx8Whj8c/u6zXpd+efD9QOjKdhofOI3TfbUiLU2Kp+oX9T9xWhcBH3PZd7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvoAOdSFANQkOu0V0A+qAUtVm7KcwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzkzMTJlMzIzMDM5MmUzMTM3
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMyMzMzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvR
szANBgkqhkiG9w0BAQsFAAOCAQEAXRjBe4QHQhhMwtkG+tZArXUrULS3dMBzrEdS
VRvV5fts5ejWgMPcJpyFTilX3mS1mN8YmrDSAKO3dkgwhtUHP+68x483xOUCcMTC
sdlNQAnL9R/GssARpGW/y7lQtNg9LfIZwbyoyTBLNVK7dbTo/Uk6Hj4V9Ho9v0Rr
FbVp0aQtsxftCGRQJuTTO4J0tBzn9e/3owDAK2A3E4w7V3daRqC8ydvtXgDmbK44
F4xEGOtezeu6qkUhW3H1BJCEVMdGFRzMvMd8o+ZX3vGjo1c2pg1qtLQBwZ1zAQvp
NnZp39uxjc1CzDTWAJk3qQLMQpbM5vjceG6Hj8fMk9e08NP8sw==
-----END CERTIFICATE-----