Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
File:                     3231332e3133392e38302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          qiWvZJxXyA1T8nIVbLoZ99OExdcS5mc15RZxXCZOFJM=
Subject key identifier:   53:A4:6C:86:22:F9:19:88:79:0D:B7:AB:C3:8D:98:71:89:E0:59:31
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       13467FF805B56F5BAE73B84222B501ED27668E62
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
Signing time:             Thu 19 Dec 2024 00:02:40 +0000
ROA not before:           Wed 18 Dec 2024 23:57:40 +0000
ROA not after:            Thu 18 Dec 2025 00:02:40 +0000
asID:                     834
IP address blocks:        213.139.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:46:7f:f8:05:b5:6f:5b:ae:73:b8:42:22:b5:01:ed:27:66:8e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Dec 18 23:57:40 2024 GMT
            Not After : Dec 18 00:02:40 2025 GMT
        Subject: CN=53A46C8622F91988790DB7ABC38D987189E05931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:73:4d:da:1a:36:7d:bb:24:40:f0:9a:25:0a:
                    bf:50:98:5c:88:e6:0a:bb:4a:78:2e:27:6b:18:c8:
                    75:4b:09:13:6e:8e:f1:98:89:ae:12:c1:0a:e0:51:
                    f4:f3:24:14:ec:27:ea:77:7d:2f:3e:c6:61:6d:a2:
                    da:0a:cf:88:a7:35:77:c5:d5:fa:4b:37:b2:da:75:
                    ca:88:f7:3d:1c:92:0a:de:2d:36:de:63:08:0d:0e:
                    44:5a:37:c8:e6:00:1f:0d:5e:df:95:b2:c2:29:63:
                    10:c9:1b:06:c8:fd:71:2e:59:bd:1f:3f:dd:88:8e:
                    2c:90:78:64:58:69:02:0f:55:c8:59:ac:f9:20:61:
                    63:a4:69:6d:b9:dd:55:2a:3d:9d:c0:50:00:27:60:
                    f1:2b:e7:e3:cd:4d:01:ce:76:58:8d:f0:e3:63:c4:
                    92:64:31:ce:c2:d2:3b:bd:f6:06:56:81:a5:4a:96:
                    32:1e:39:09:3d:62:9a:25:9f:ea:5b:95:83:14:91:
                    39:41:d8:a2:70:cc:97:0b:3b:09:75:33:35:a2:09:
                    07:61:ac:0e:35:cc:08:a6:3a:8a:c6:ad:2c:9d:f3:
                    ee:b7:b1:47:1c:4d:db:60:98:a9:0a:4f:f7:1f:81:
                    a4:5d:70:91:40:33:4e:bb:16:ef:81:e6:e7:af:f5:
                    35:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A4:6C:86:22:F9:19:88:79:0D:B7:AB:C3:8D:98:71:89:E0:59:31
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:e1:ee:cd:ce:1a:49:41:ef:c9:24:04:c6:39:07:ce:e3:f7:
         4e:92:59:9b:fb:c1:5d:ff:fd:b4:56:c8:47:a4:e5:64:ae:4c:
         00:4a:2a:6a:62:9b:49:f4:2b:0f:ee:75:8b:8e:5a:e6:64:0b:
         53:37:11:b4:62:01:5c:22:7e:fe:01:ae:9c:54:d8:ad:82:b4:
         7b:79:07:60:8c:b3:cb:d1:b8:b3:d1:7b:c9:64:d8:5b:17:80:
         c7:62:1a:89:e3:7d:b8:c9:31:1e:76:a7:86:a6:0a:6a:07:e1:
         a2:84:96:7f:f5:00:23:b9:88:94:39:e6:b8:88:e5:ea:1a:d2:
         b4:ef:e0:12:40:a3:27:b9:10:39:23:18:6f:8d:fc:80:75:ad:
         db:bd:a8:09:77:7c:99:71:97:eb:8c:0a:27:90:2c:14:dc:5a:
         e0:7f:f0:77:b9:47:a5:41:fd:eb:bd:05:a3:6c:6f:7b:42:91:
         1d:12:6c:90:a3:e4:ce:18:16:77:0e:9a:8c:2b:c9:12:99:25:
         24:01:e8:55:a5:71:a4:62:8b:ec:11:41:fa:bc:42:e3:50:70:
         e9:a3:b7:e3:1c:6b:2b:4e:e5:f1:9f:6d:26:9a:5f:33:3a:54:
         e1:df:b8:be:b7:be:14:dc:87:61:d5:93:3e:0e:b5:a4:47:35:
         5f:8c:26:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUE0Z/+AW1b1uuc7hCIrUB7SdmjmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDEyMTgyMzU3NDBaFw0yNTEyMTgwMDAyNDBaMDMxMTAvBgNV
BAMTKDUzQTQ2Qzg2MjJGOTE5ODg3OTBEQjdBQkMzOEQ5ODcxODlFMDU5MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4c03aGjZ9uyRA8JolCr9QmFyI
5gq7SnguJ2sYyHVLCRNujvGYia4SwQrgUfTzJBTsJ+p3fS8+xmFtotoKz4inNXfF
1fpLN7LadcqI9z0ckgreLTbeYwgNDkRaN8jmAB8NXt+VssIpYxDJGwbI/XEuWb0f
P92IjiyQeGRYaQIPVchZrPkgYWOkaW253VUqPZ3AUAAnYPEr5+PNTQHOdliN8ONj
xJJkMc7C0ju99gZWgaVKljIeOQk9Ypoln+pblYMUkTlB2KJwzJcLOwl1MzWiCQdh
rA41zAimOorGrSyd8+63sUccTdtgmKkKT/cfgaRdcJFAM067Fu+B5uev9TWTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUU6RshiL5GYh5Dberw42YcYngWTEwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHVi1Aw
DQYJKoZIhvcNAQELBQADggEBAIXh7s3OGklB78kkBMY5B87j906SWZv7wV3//bRW
yEek5WSuTABKKmpim0n0Kw/udYuOWuZkC1M3EbRiAVwifv4BrpxU2K2CtHt5B2CM
s8vRuLPRe8lk2FsXgMdiGonjfbjJMR52p4amCmoH4aKEln/1ACO5iJQ55riI5eoa
0rTv4BJAoye5EDkjGG+N/IB1rdu9qAl3fJlxl+uMCieQLBTcWuB/8He5R6VB/eu9
BaNsb3tCkR0SbJCj5M4YFncOmowryRKZJSQB6FWlcaRii+wRQfq8QuNQcOmjt+Mc
aytO5fGfbSaaXzM6VOHfuL63vhTch2HVkz4OtaRHNV+MJh0=
-----END CERTIFICATE-----