Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa
File:                     3231332e3133392e37392e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          PtRMyKTdbfZGfPE5XdhdhFh3qhxKx8+kxVjMWXNcsWU=
Subject key identifier:   5E:7B:AF:AC:E2:98:34:29:BB:18:A9:73:18:4C:8F:8D:AA:6D:BC:31
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       13AD007016789C3F1F9477996028B902BB907F8B
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa
Signing time:             Thu 06 Feb 2025 00:38:01 +0000
ROA not before:           Thu 06 Feb 2025 00:33:01 +0000
ROA not after:            Thu 05 Feb 2026 00:38:01 +0000
asID:                     3320
IP address blocks:        213.139.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ad:00:70:16:78:9c:3f:1f:94:77:99:60:28:b9:02:bb:90:7f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Feb  6 00:33:01 2025 GMT
            Not After : Feb  5 00:38:01 2026 GMT
        Subject: CN=5E7BAFACE2983429BB18A973184C8F8DAA6DBC31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9c:1d:31:94:2c:17:c2:58:fe:e7:ed:c9:f1:
                    c6:1e:74:51:3a:51:8d:98:3e:f5:0e:c7:a3:bf:49:
                    0f:79:d2:63:f5:dc:d1:76:6b:c3:44:23:25:af:90:
                    ba:2a:6a:ee:3a:4f:98:eb:96:80:ea:0b:ad:75:a2:
                    e5:b6:c9:4e:69:78:f2:3c:15:57:2a:06:33:64:35:
                    74:36:7d:54:6f:46:98:e1:4b:67:00:7e:3c:40:31:
                    4d:89:d4:c6:0c:18:23:89:ff:1b:75:d1:1f:07:1d:
                    60:ef:cc:80:0b:27:f8:6f:c2:d7:d5:38:e5:23:1e:
                    54:c2:f6:55:a4:35:3d:e4:6a:b2:1f:52:c6:2a:1c:
                    06:2b:1b:a4:bb:38:3c:af:39:d7:c9:e3:e2:4b:1b:
                    70:57:bf:05:77:5f:b3:fd:40:ea:1f:4e:dd:42:0d:
                    00:4b:d2:ff:4c:42:56:07:32:94:20:be:7f:26:5a:
                    2f:0d:eb:67:b7:5d:c3:11:48:aa:d0:a6:1a:da:a9:
                    c4:36:73:c4:87:f4:d8:88:e8:ec:c8:34:e2:77:00:
                    16:ed:16:3f:ad:f5:61:94:94:e8:32:b9:65:f7:fa:
                    eb:8f:bd:4a:96:87:71:63:76:4f:18:ec:e7:9a:38:
                    b3:98:bc:3f:20:a4:fa:75:6f:53:9d:5e:8d:87:df:
                    9e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7B:AF:AC:E2:98:34:29:BB:18:A9:73:18:4C:8F:8D:AA:6D:BC:31
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:bc:bd:39:22:07:ce:6d:ed:be:0b:32:91:f3:e8:ab:f7:be:
         7b:36:b8:7a:fa:2f:c9:6b:d8:0a:d6:84:33:c7:ad:10:49:9a:
         e6:84:e3:02:03:b2:b7:1b:76:a6:58:68:4f:90:fa:75:20:8a:
         73:36:11:ef:b3:14:49:e5:c6:73:2a:1b:a0:e0:ea:a6:50:1f:
         a5:6c:e1:26:d9:52:19:1e:70:f0:cc:c6:ba:ca:10:6a:8e:1d:
         2d:66:40:73:fb:e9:10:9c:08:01:68:5f:99:e6:44:05:ce:fe:
         66:b4:fd:a4:4b:09:1a:b7:9e:28:65:8f:b7:5c:90:af:0e:57:
         9d:09:04:b8:6b:43:b0:62:65:02:38:33:7b:9c:82:2f:d1:ea:
         8d:26:79:6c:61:f7:c3:6d:af:fe:1d:43:3a:eb:88:86:0f:fc:
         a2:55:36:87:f6:34:6e:bb:d1:22:9e:1a:a0:f3:7d:7c:28:fe:
         80:1c:8f:76:e5:d3:cc:14:7a:f0:30:ea:72:ab:03:bb:9e:46:
         f1:94:b7:ef:75:4d:a1:61:76:fa:f1:bb:49:c5:64:2f:31:e3:
         de:2e:79:54:d7:24:91:43:92:97:b4:23:7a:43:b3:8a:ec:f6:
         53:09:57:cb:43:41:9d:47:dd:55:89:83:a9:3b:c9:82:81:fd:
         e6:82:69:46
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE60AcBZ4nD8flHeZYCi5AruQf4swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTAyMDYwMDMzMDFaFw0yNjAyMDUwMDM4MDFaMDMxMTAvBgNV
BAMTKDVFN0JBRkFDRTI5ODM0MjlCQjE4QTk3MzE4NEM4RjhEQUE2REJDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWnB0xlCwXwlj+5+3J8cYedFE6
UY2YPvUOx6O/SQ950mP13NF2a8NEIyWvkLoqau46T5jrloDqC611ouW2yU5pePI8
FVcqBjNkNXQ2fVRvRpjhS2cAfjxAMU2J1MYMGCOJ/xt10R8HHWDvzIALJ/hvwtfV
OOUjHlTC9lWkNT3karIfUsYqHAYrG6S7ODyvOdfJ4+JLG3BXvwV3X7P9QOofTt1C
DQBL0v9MQlYHMpQgvn8mWi8N62e3XcMRSKrQphraqcQ2c8SH9NiI6OzINOJ3ABbt
Fj+t9WGUlOgyuWX3+uuPvUqWh3Fjdk8Y7OeaOLOYvD8gpPp1b1OdXo2H355HAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXnuvrOKYNCm7GKlzGEyPjaptvDEwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM3
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
TzANBgkqhkiG9w0BAQsFAAOCAQEAkLy9OSIHzm3tvgsykfPoq/e+eza4evovyWvY
CtaEM8etEEma5oTjAgOytxt2plhoT5D6dSCKczYR77MUSeXGcyoboODqplAfpWzh
JtlSGR5w8MzGusoQao4dLWZAc/vpEJwIAWhfmeZEBc7+ZrT9pEsJGreeKGWPt1yQ
rw5XnQkEuGtDsGJlAjgze5yCL9HqjSZ5bGH3w22v/h1DOuuIhg/8olU2h/Y0brvR
Ip4aoPN9fCj+gByPduXTzBR68DDqcqsDu55G8ZS373VNoWF2+vG7ScVkLzHj3i55
VNckkUOSl7QjekOziuz2UwlXy0NBnUfdVYmDqTvJgoH95oJpRg==
-----END CERTIFICATE-----