Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
File:                     3231332e3133392e38302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          rYc87PX3iN2A2WLhIGdP9DosLVfsPx1yZr+jcSqyRCw=
Subject key identifier:   93:55:5A:67:4E:06:DD:68:A2:F3:6A:42:7F:B5:40:7D:8F:A9:51:7D
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       2382B9AE321B605F62DDEF41CF46342E16C10BA3
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
Signing time:             Tue 23 Apr 2024 08:05:16 +0000
ROA not before:           Tue 23 Apr 2024 08:00:16 +0000
ROA not after:            Tue 22 Apr 2025 08:05:16 +0000
asID:                     834
IP address blocks:        213.139.80.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:82:b9:ae:32:1b:60:5f:62:dd:ef:41:cf:46:34:2e:16:c1:0b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 23 08:00:16 2024 GMT
            Not After : Apr 22 08:05:16 2025 GMT
        Subject: CN=93555A674E06DD68A2F36A427FB5407D8FA9517D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:72:fc:3a:29:8f:ed:5d:d4:4b:14:a4:e9:9b:
                    10:66:46:39:d3:a3:a1:7d:07:81:35:27:6c:18:bc:
                    cb:67:b6:c0:23:21:da:15:8b:f3:a1:db:8d:9b:db:
                    bd:50:c1:35:6d:cb:10:ab:60:71:79:59:30:ec:7a:
                    f5:f0:ce:d7:2f:f9:be:38:80:40:e9:89:5c:f7:6a:
                    d8:da:07:52:35:fb:57:07:cb:83:38:75:14:1e:b3:
                    3e:8f:be:ad:47:8a:40:8e:b2:00:7b:eb:01:1b:bc:
                    4d:22:c9:73:6d:6d:d9:49:09:cc:b1:b0:c6:de:70:
                    44:19:65:f9:58:73:17:ca:9b:33:8a:a7:6c:a5:9b:
                    63:05:59:74:45:b4:cd:d2:c6:1c:ec:be:05:96:e9:
                    47:90:73:1b:a1:e1:fc:e1:c3:44:b4:87:06:52:5d:
                    23:b3:71:1e:eb:9b:56:61:58:24:7a:d4:05:14:fe:
                    0d:e5:69:21:c8:f3:87:11:31:4c:63:fa:84:e5:99:
                    54:6b:02:c0:5e:34:c5:7f:ff:38:90:e7:1e:9f:49:
                    9b:27:2b:7a:8b:ff:64:14:4f:c8:93:22:fe:e4:fe:
                    cd:09:5c:c9:b8:4c:19:4e:ca:3d:27:0f:d3:9b:ef:
                    8a:0c:b0:bc:a9:cf:35:c2:f0:0d:08:7e:a7:06:fe:
                    b6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:55:5A:67:4E:06:DD:68:A2:F3:6A:42:7F:B5:40:7D:8F:A9:51:7D
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:07:65:dc:ac:4d:03:d6:9c:d7:64:67:02:00:b9:24:90:a7:
         c0:47:1b:90:1b:9d:46:55:c9:5e:6c:06:57:05:b7:19:f3:9f:
         d3:58:ef:13:11:f0:5a:76:99:d2:49:a8:a5:b2:a3:aa:42:a4:
         9f:c4:75:8e:b2:72:31:5f:5f:a9:d1:77:8b:27:56:09:34:60:
         23:01:b4:9a:26:d6:4b:a0:dc:0e:b9:b9:80:05:3b:ba:c2:67:
         18:82:8b:55:7a:11:4e:8e:de:6c:32:9d:c1:4b:40:65:5a:f8:
         7d:b1:ca:79:d7:57:fb:8b:f3:20:84:9e:d6:8c:59:43:14:e7:
         cd:9f:5a:98:ff:8d:72:09:5c:84:35:2c:44:2a:90:38:17:91:
         a3:c0:02:1c:98:e9:2e:ec:b7:ce:55:fe:09:b0:8b:56:83:19:
         e3:9d:70:7f:3d:a7:d3:6a:46:76:09:3e:74:c9:b2:24:ce:12:
         9d:75:9d:2c:d3:62:37:78:d0:f6:85:22:f8:3a:3d:61:39:16:
         c3:c0:94:4e:aa:87:08:e8:3a:30:fd:87:4b:05:63:f9:a3:87:
         7b:eb:5b:bd:99:e9:cd:5a:dd:53:0d:82:f8:54:05:6e:a0:1f:
         f6:00:57:58:a6:94:21:20:91:ca:67:7f:e6:42:95:4c:ab:d3:
         de:91:39:45
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUI4K5rjIbYF9i3e9Bz0Y0LhbBC6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA0MjMwODAwMTZaFw0yNTA0MjIwODA1MTZaMDMxMTAvBgNV
BAMTKDkzNTU1QTY3NEUwNkRENjhBMkYzNkE0MjdGQjU0MDdEOEZBOTUxN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2cvw6KY/tXdRLFKTpmxBmRjnT
o6F9B4E1J2wYvMtntsAjIdoVi/Oh242b271QwTVtyxCrYHF5WTDsevXwztcv+b44
gEDpiVz3atjaB1I1+1cHy4M4dRQesz6Pvq1HikCOsgB76wEbvE0iyXNtbdlJCcyx
sMbecEQZZflYcxfKmzOKp2ylm2MFWXRFtM3SxhzsvgWW6UeQcxuh4fzhw0S0hwZS
XSOzcR7rm1ZhWCR61AUU/g3laSHI84cRMUxj+oTlmVRrAsBeNMV//ziQ5x6fSZsn
K3qL/2QUT8iTIv7k/s0JXMm4TBlOyj0nD9Ob74oMsLypzzXC8A0IfqcG/rbNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUk1VaZ04G3Wii82pCf7VAfY+pUX0wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHVi1Aw
DQYJKoZIhvcNAQELBQADggEBAGUHZdysTQPWnNdkZwIAuSSQp8BHG5AbnUZVyV5s
BlcFtxnzn9NY7xMR8Fp2mdJJqKWyo6pCpJ/EdY6ycjFfX6nRd4snVgk0YCMBtJom
1kug3A65uYAFO7rCZxiCi1V6EU6O3mwyncFLQGVa+H2xynnXV/uL8yCEntaMWUMU
582fWpj/jXIJXIQ1LEQqkDgXkaPAAhyY6S7st85V/gmwi1aDGeOdcH89p9NqRnYJ
PnTJsiTOEp11nSzTYjd40PaFIvg6PWE5FsPAlE6qhwjoOjD9h0sFY/mjh3vrW72Z
6c1a3VMNgvhUBW6gH/YAV1imlCEgkcpnf+ZClUyr096ROUU=
-----END CERTIFICATE-----