Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38312e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e38312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          E6vU8PpaL/9i3InYi0evlTE13nQ+KIDlp46gtqWEKU0=
Subject key identifier:   08:C1:74:50:18:E1:3C:25:2C:37:65:7B:2B:85:C3:63:30:E8:38:BC
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       098DDF220BBD8A7870A310BCB28B761EA0D05089
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38312e302f32342d3234203d3e20383334.roa
Signing time:             Tue 19 Nov 2024 16:37:08 +0000
ROA not before:           Tue 19 Nov 2024 16:32:08 +0000
ROA not after:            Tue 18 Nov 2025 16:37:08 +0000
asID:                     834
IP address blocks:        213.139.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:8d:df:22:0b:bd:8a:78:70:a3:10:bc:b2:8b:76:1e:a0:d0:50:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Nov 19 16:32:08 2024 GMT
            Not After : Nov 18 16:37:08 2025 GMT
        Subject: CN=08C1745018E13C252C37657B2B85C36330E838BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b1:07:1b:93:b9:dd:94:39:90:4c:09:82:fc:
                    55:0a:81:ff:24:b5:2c:80:0d:3f:04:34:93:3c:c9:
                    7b:6b:45:db:be:7e:ca:d0:0e:b9:de:c0:08:a4:0f:
                    ba:e0:d4:db:ba:77:89:27:55:ef:00:77:24:71:94:
                    ab:63:7d:9e:d1:26:4c:48:da:d9:28:f2:d5:bf:a7:
                    77:3f:66:a3:9e:2d:01:f7:25:c9:35:a4:c8:f1:5b:
                    65:0c:8c:e8:6a:9a:8e:b8:5f:14:06:61:74:e3:e6:
                    33:7c:2d:8b:cd:85:4f:c3:0a:fe:9e:64:50:24:6a:
                    49:76:18:ca:63:53:e1:9a:19:64:77:94:c1:9e:40:
                    5a:4c:89:80:2f:41:db:31:74:94:47:0b:80:be:5a:
                    25:ba:91:8e:6f:de:d1:1f:61:e5:95:1a:6f:3f:aa:
                    99:73:b7:f8:ba:4a:31:34:70:eb:2e:00:c1:6e:cd:
                    48:12:7f:c7:6f:4e:2a:f2:f9:57:27:d7:2b:0e:59:
                    33:3e:a8:a1:58:bc:5f:04:1c:6c:0c:74:5d:a5:8f:
                    1a:c5:4e:db:f9:af:2d:0e:7e:06:cc:25:2f:4e:21:
                    60:9f:ed:31:c5:3f:35:5e:14:af:40:e3:0c:56:92:
                    34:f3:c0:4d:b7:c5:87:5d:5e:26:e1:e0:eb:a2:d6:
                    84:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C1:74:50:18:E1:3C:25:2C:37:65:7B:2B:85:C3:63:30:E8:38:BC
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:72:6f:23:5e:40:0c:1c:88:d6:c4:94:69:03:91:e4:7e:f8:
         2e:d8:d7:57:43:d5:0a:06:50:10:e4:12:c9:53:2e:82:68:0f:
         7d:d3:fd:d3:23:8c:73:73:d3:c5:9c:15:5e:d4:e8:bc:58:44:
         9a:0c:0a:33:3a:4a:ee:3c:39:f2:bc:4d:53:75:c0:be:b0:5e:
         25:50:05:93:66:72:ec:e4:22:5e:38:90:3e:8c:17:cd:aa:8a:
         fe:5e:e1:37:b0:df:2e:6f:a1:8b:ce:3e:d2:ce:6b:ac:80:05:
         22:38:d5:88:f3:e9:77:71:18:fd:5b:90:4b:4d:36:3f:f5:ab:
         48:07:79:ab:07:93:a6:ee:ec:a9:fd:a8:4d:14:26:b6:97:72:
         92:18:96:9a:72:fa:52:53:e3:ec:68:bd:e5:7d:96:a0:14:26:
         c5:52:28:87:fa:02:2d:f9:0d:3c:53:08:3a:f9:02:99:5e:ab:
         da:b0:9d:72:c9:73:a2:3b:7f:c2:63:71:5e:63:a7:3c:4a:6e:
         c0:97:fb:4c:75:87:aa:5b:28:7b:2a:73:60:51:4a:1d:55:99:
         22:20:bb:19:ba:9b:57:be:2c:ed:1d:fe:5c:9c:c7:0f:87:c9:
         fb:1f:a8:ae:8c:73:0f:92:34:f1:07:53:a5:cd:b0:0c:22:c1:
         77:ac:8a:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCY3fIgu9inhwoxC8sot2HqDQUIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDExMTkxNjMyMDhaFw0yNTExMTgxNjM3MDhaMDMxMTAvBgNV
BAMTKDA4QzE3NDUwMThFMTNDMjUyQzM3NjU3QjJCODVDMzYzMzBFODM4QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXsQcbk7ndlDmQTAmC/FUKgf8k
tSyADT8ENJM8yXtrRdu+fsrQDrnewAikD7rg1Nu6d4knVe8AdyRxlKtjfZ7RJkxI
2tko8tW/p3c/ZqOeLQH3Jck1pMjxW2UMjOhqmo64XxQGYXTj5jN8LYvNhU/DCv6e
ZFAkakl2GMpjU+GaGWR3lMGeQFpMiYAvQdsxdJRHC4C+WiW6kY5v3tEfYeWVGm8/
qplzt/i6SjE0cOsuAMFuzUgSf8dvTiry+Vcn1ysOWTM+qKFYvF8EHGwMdF2ljxrF
Ttv5ry0OfgbMJS9OIWCf7THFPzVeFK9A4wxWkjTzwE23xYddXibh4Oui1oRjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCMF0UBjhPCUsN2V7K4XDYzDoOLwwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi1Ew
DQYJKoZIhvcNAQELBQADggEBAB5ybyNeQAwciNbElGkDkeR++C7Y11dD1QoGUBDk
EslTLoJoD33T/dMjjHNz08WcFV7U6LxYRJoMCjM6Su48OfK8TVN1wL6wXiVQBZNm
cuzkIl44kD6MF82qiv5e4Tew3y5voYvOPtLOa6yABSI41Yjz6XdxGP1bkEtNNj/1
q0gHeasHk6bu7Kn9qE0UJraXcpIYlppy+lJT4+xoveV9lqAUJsVSKIf6Ai35DTxT
CDr5Apleq9qwnXLJc6I7f8JjcV5jpzxKbsCX+0x1h6pbKHsqc2BRSh1VmSIguxm6
m1e+LO0d/lycxw+HyfsfqK6Mcw+SNPEHU6XNsAwiwXesipE=
-----END CERTIFICATE-----