Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36382e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e36382e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          3sBgBPhXGekAATE8XJ410DzQWJqVxKjP0XKZZazqwjc=
Subject key identifier:   A5:9B:A5:90:AD:E0:9C:4B:89:2A:AF:D2:D2:78:02:76:46:C3:A1:CB
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       1ECE811497E6E085D487F3DFB339A71BE035BA28
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36382e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 07 Jan 2025 11:53:51 +0000
ROA not before:           Tue 07 Jan 2025 11:48:51 +0000
ROA not after:            Tue 06 Jan 2026 11:53:51 +0000
asID:                     9009
IP address blocks:        213.139.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:ce:81:14:97:e6:e0:85:d4:87:f3:df:b3:39:a7:1b:e0:35:ba:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jan  7 11:48:51 2025 GMT
            Not After : Jan  6 11:53:51 2026 GMT
        Subject: CN=A59BA590ADE09C4B892AAFD2D278027646C3A1CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3e:72:0e:87:02:37:1a:d4:cf:b1:48:44:84:
                    38:f7:ce:7a:f5:34:a5:81:86:2f:42:92:7e:21:30:
                    91:71:0e:b3:3a:5c:5a:0d:2b:3b:43:8b:da:9b:e2:
                    8f:cc:69:6c:f6:63:fe:02:68:d4:9d:5f:9e:9b:90:
                    65:fe:66:89:21:82:56:24:3a:c7:5f:b3:dd:1f:20:
                    c9:eb:c3:4f:bd:d9:5b:ab:b7:89:e0:07:d2:ee:bc:
                    c9:43:0c:f6:2d:66:a6:af:25:d7:49:3f:f8:f7:40:
                    07:b0:d9:0a:91:e0:79:d6:26:a8:c1:58:3b:03:89:
                    84:2e:93:d9:9c:98:d3:de:4c:f3:79:75:c3:9b:45:
                    84:70:e6:c2:e5:7f:d9:4f:0c:bf:2a:82:23:28:d7:
                    43:d7:74:c2:27:e7:09:57:e6:ee:d1:89:55:42:1b:
                    f2:1b:7c:fa:72:7d:1b:fc:8b:41:f6:83:0e:bf:50:
                    7b:d1:fd:27:eb:7a:83:a3:d1:b5:67:fe:48:39:de:
                    23:95:2b:97:f0:4c:10:da:df:1f:ad:52:db:a3:e2:
                    81:d3:78:2f:e0:6a:4b:75:fd:b7:f7:33:c0:a6:b6:
                    cf:d5:d1:1a:47:cf:dd:89:c0:90:03:b9:cf:ac:2c:
                    ea:c6:8a:ad:86:2e:23:79:0b:ce:f1:06:5c:1d:d8:
                    8a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:9B:A5:90:AD:E0:9C:4B:89:2A:AF:D2:D2:78:02:76:46:C3:A1:CB
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36382e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6d:25:94:f3:62:8d:91:36:20:1b:3f:68:05:1d:29:b0:fa:
         57:cf:d2:bb:e1:cb:15:fa:34:69:45:a5:88:50:22:c8:55:e0:
         d4:a8:21:fe:86:d8:6a:86:c0:e0:1c:77:e7:72:4b:2f:38:1d:
         ba:39:f9:e9:7b:02:34:fb:a9:06:a7:36:83:25:01:f3:11:b1:
         a0:c4:39:44:51:af:d1:1a:f0:58:3d:29:f3:bb:ee:c2:11:67:
         4a:5a:e6:51:1e:51:f0:92:f6:d9:3d:f3:32:ce:68:e2:e4:55:
         cc:fb:00:f6:96:94:8e:f3:de:71:e6:dd:c1:75:21:35:5b:ad:
         a5:21:9c:7a:2c:f0:f3:14:ad:8c:23:5d:3c:13:bc:f7:12:62:
         e3:a6:26:c8:84:01:5d:b8:46:aa:a8:f7:81:3a:1b:3d:cd:22:
         d5:c3:28:f1:6c:3a:be:3b:ce:75:78:aa:5e:c2:5f:01:5e:aa:
         3f:42:ed:3e:f5:5e:90:a3:cd:fc:a3:b7:79:ee:18:0e:0e:c4:
         11:18:80:28:87:c3:d7:87:1a:86:c3:21:08:f0:cb:5e:df:8b:
         87:50:33:ed:67:2d:52:6d:cc:92:39:5e:38:89:8c:53:b5:2c:
         63:ae:b1:13:30:5b:79:0c:89:51:ed:92:7f:0f:00:6d:4b:ff:
         d4:ef:cc:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHs6BFJfm4IXUh/PfszmnG+A1uigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTAxMDcxMTQ4NTFaFw0yNjAxMDYxMTUzNTFaMDMxMTAvBgNV
BAMTKEE1OUJBNTkwQURFMDlDNEI4OTJBQUZEMkQyNzgwMjc2NDZDM0ExQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4PnIOhwI3GtTPsUhEhDj3znr1
NKWBhi9Ckn4hMJFxDrM6XFoNKztDi9qb4o/MaWz2Y/4CaNSdX56bkGX+ZokhglYk
Osdfs90fIMnrw0+92Vurt4ngB9LuvMlDDPYtZqavJddJP/j3QAew2QqR4HnWJqjB
WDsDiYQuk9mcmNPeTPN5dcObRYRw5sLlf9lPDL8qgiMo10PXdMIn5wlX5u7RiVVC
G/IbfPpyfRv8i0H2gw6/UHvR/SfreoOj0bVn/kg53iOVK5fwTBDa3x+tUtuj4oHT
eC/gakt1/bf3M8Cmts/V0RpHz92JwJADuc+sLOrGiq2GLiN5C87xBlwd2IrlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpZulkK3gnEuJKq/S0ngCdkbDocswHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
RDANBgkqhkiG9w0BAQsFAAOCAQEABW0llPNijZE2IBs/aAUdKbD6V8/Su+HLFfo0
aUWliFAiyFXg1Kgh/obYaobA4Bx353JLLzgdujn56XsCNPupBqc2gyUB8xGxoMQ5
RFGv0RrwWD0p87vuwhFnSlrmUR5R8JL22T3zMs5o4uRVzPsA9paUjvPecebdwXUh
NVutpSGceizw8xStjCNdPBO89xJi46YmyIQBXbhGqqj3gTobPc0i1cMo8Ww6vjvO
dXiqXsJfAV6qP0LtPvVekKPN/KO3ee4YDg7EERiAKIfD14cahsMhCPDLXt+Lh1Az
7WctUm3MkjleOImMU7UsY66xEzBbeQyJUe2Sfw8AbUv/1O/M/w==
-----END CERTIFICATE-----