Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e36342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          pcqczpZd3N8rkxbwgnioI5KV9SeSdrdvwmseTG1EX1s=
Subject key identifier:   00:89:DB:B2:A0:D3:25:F2:85:98:92:B9:7F:D0:1D:D9:C7:0F:4F:98
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       73B34FEB62C86A7FFB15725D84A7C6935FF06E00
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 24 Oct 2024 11:43:25 +0000
ROA not before:           Thu 24 Oct 2024 11:38:25 +0000
ROA not after:            Thu 23 Oct 2025 11:43:25 +0000
asID:                     9009
IP address blocks:        213.139.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b3:4f:eb:62:c8:6a:7f:fb:15:72:5d:84:a7:c6:93:5f:f0:6e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Oct 24 11:38:25 2024 GMT
            Not After : Oct 23 11:43:25 2025 GMT
        Subject: CN=0089DBB2A0D325F2859892B97FD01DD9C70F4F98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8e:e2:a4:59:54:bd:94:3b:0f:ae:8f:10:00:
                    7f:6c:ea:07:e5:92:f0:01:e6:64:f4:90:de:26:31:
                    4c:c0:e7:04:3a:d6:0a:07:a3:4c:35:f6:af:9a:e3:
                    a0:c7:03:07:b0:04:99:82:cf:c4:5d:c9:fc:7d:14:
                    85:5b:95:0d:b1:26:8c:34:f4:4b:92:2d:4d:7c:dc:
                    35:15:0e:5b:4c:ac:62:3c:c0:1a:88:f2:5f:5e:d3:
                    62:78:b1:76:16:74:6b:b5:5b:32:a9:3c:2c:76:68:
                    1c:16:b7:22:35:4b:1f:f4:97:71:c9:2e:f8:96:0d:
                    5d:42:85:13:51:5f:4c:57:ba:76:1c:5c:8d:7d:e4:
                    7f:a2:e3:a9:38:8a:c0:04:d3:d2:2f:ba:03:63:63:
                    11:a2:bc:b1:5a:92:11:8a:2b:ba:ec:4d:77:6c:41:
                    9c:bf:1d:3c:08:bc:3f:53:06:69:87:8d:f0:ae:31:
                    23:d1:97:3f:70:a7:6b:0e:1c:3d:a3:4b:ba:6d:de:
                    fd:23:d6:88:e6:9f:d0:ee:bd:34:99:e1:8c:11:30:
                    d3:04:31:11:17:d9:c5:80:f6:f9:0c:1c:b7:e9:d0:
                    f0:b7:de:33:ce:9a:f2:8c:c4:ba:f3:e2:ec:6c:a3:
                    7c:8a:49:2f:89:e8:3e:d9:18:a9:91:b9:89:53:7e:
                    88:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:89:DB:B2:A0:D3:25:F2:85:98:92:B9:7F:D0:1D:D9:C7:0F:4F:98
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f7:02:f9:ea:2b:00:3f:86:fc:ab:bf:22:0e:e8:bf:c8:28:
         af:da:b3:5c:fd:53:cd:05:14:1c:fd:5a:f8:02:44:15:2c:f3:
         c1:1b:c0:6d:21:8f:a7:89:cc:f3:4f:c6:bf:fb:47:db:d9:92:
         ff:8c:21:db:2c:e3:88:6e:63:90:2c:1a:25:42:96:88:4c:6e:
         42:d9:33:ae:b5:ec:d3:a0:1e:d2:1f:98:e3:3c:c3:4d:a3:69:
         a0:7a:42:bf:3b:07:23:2c:3b:c7:29:d5:8a:fc:02:30:b3:0d:
         d4:1f:83:87:af:52:be:66:4e:5e:fd:7e:4e:36:5c:6f:12:56:
         6c:7d:b6:fc:b0:58:2e:ea:48:fc:95:b0:a3:33:4d:c6:8d:1b:
         41:80:69:42:1f:c2:ca:54:08:79:d8:17:dd:85:73:ff:8e:f2:
         0a:df:21:8c:92:2a:3b:26:e0:ea:ad:4f:6c:a5:89:53:c7:9c:
         06:ba:6d:da:a5:d7:40:f7:6a:89:10:9c:37:3b:55:92:db:86:
         28:45:95:4e:39:c0:42:34:a5:b1:7c:68:9b:fd:43:11:73:35:
         71:8a:db:a9:cf:5d:50:ae:bf:02:30:1c:48:f7:7b:10:b9:86:
         ba:b3:67:4c:35:ad:3d:7b:dd:f6:73:09:37:32:50:32:66:df:
         d5:20:5a:02
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUc7NP62LIan/7FXJdhKfGk1/wbgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDEwMjQxMTM4MjVaFw0yNTEwMjMxMTQzMjVaMDMxMTAvBgNV
BAMTKDAwODlEQkIyQTBEMzI1RjI4NTk4OTJCOTdGRDAxREQ5QzcwRjRGOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9juKkWVS9lDsPro8QAH9s6gfl
kvAB5mT0kN4mMUzA5wQ61goHo0w19q+a46DHAwewBJmCz8Rdyfx9FIVblQ2xJow0
9EuSLU183DUVDltMrGI8wBqI8l9e02J4sXYWdGu1WzKpPCx2aBwWtyI1Sx/0l3HJ
LviWDV1ChRNRX0xXunYcXI195H+i46k4isAE09IvugNjYxGivLFakhGKK7rsTXds
QZy/HTwIvD9TBmmHjfCuMSPRlz9wp2sOHD2jS7pt3v0j1ojmn9DuvTSZ4YwRMNME
MREX2cWA9vkMHLfp0PC33jPOmvKMxLrz4uxso3yKSS+J6D7ZGKmRuYlTfohbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAInbsqDTJfKFmJK5f9Ad2ccPT5gwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
QDANBgkqhkiG9w0BAQsFAAOCAQEAIfcC+eorAD+G/Ku/Ig7ov8gor9qzXP1TzQUU
HP1a+AJEFSzzwRvAbSGPp4nM80/Gv/tH29mS/4wh2yzjiG5jkCwaJUKWiExuQtkz
rrXs06Ae0h+Y4zzDTaNpoHpCvzsHIyw7xynVivwCMLMN1B+Dh69SvmZOXv1+TjZc
bxJWbH22/LBYLupI/JWwozNNxo0bQYBpQh/CylQIedgX3YVz/47yCt8hjJIqOybg
6q1PbKWJU8ecBrpt2qXXQPdqiRCcNztVktuGKEWVTjnAQjSlsXxom/1DEXM1cYrb
qc9dUK6/AjAcSPd7ELmGurNnTDWtPXvd9nMJNzJQMmbf1SBaAg==
-----END CERTIFICATE-----