Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38322e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38322e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          Byq8JepWqrcVEWnX2vthyW2wZas5MvW5yy9NQn72V5M=
Subject key identifier:   E0:01:C2:C0:73:4E:FF:5A:BC:A9:02:B5:3D:59:C7:B0:70:11:86:76
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       54EB64F5D7BDB4987E50DFF4A04D3651F28972B0
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38322e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 17 May 2024 15:43:28 +0000
ROA not before:           Fri 17 May 2024 15:38:28 +0000
ROA not after:            Fri 16 May 2025 15:43:28 +0000
asID:                     9009
IP address blocks:        213.139.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:eb:64:f5:d7:bd:b4:98:7e:50:df:f4:a0:4d:36:51:f2:89:72:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 17 15:38:28 2024 GMT
            Not After : May 16 15:43:28 2025 GMT
        Subject: CN=E001C2C0734EFF5ABCA902B53D59C7B070118676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:25:01:67:83:d8:4e:96:8d:ca:2f:07:54:6e:
                    66:ba:98:50:e3:2b:67:9f:3a:22:7e:14:87:cf:b1:
                    3a:5f:99:70:41:52:98:c8:09:c5:d8:b6:d9:df:72:
                    99:17:79:8f:7a:fe:93:66:16:c8:f3:a8:81:75:b4:
                    44:3d:d5:4a:eb:12:ad:6e:66:f6:71:de:b2:b3:07:
                    76:56:44:c3:a5:2b:d1:1a:89:d2:83:b4:e6:61:9b:
                    e0:7e:07:4f:22:d2:18:d1:61:7c:f2:4f:2c:77:6c:
                    36:a1:e5:3c:71:90:ad:3a:7f:64:7d:4f:93:27:c2:
                    a6:92:b4:8c:65:61:c1:39:16:c6:12:04:96:49:b4:
                    22:96:c5:1d:f9:75:50:21:af:f2:94:cf:85:4a:82:
                    f3:30:cf:1a:70:3f:a2:7b:70:52:bc:19:f2:9b:a5:
                    73:5c:f7:9c:c9:e2:75:35:ae:a8:54:43:96:95:f5:
                    83:9b:b1:29:d0:b2:1b:b0:a9:f6:20:a5:cc:1e:42:
                    c1:47:80:0a:db:88:29:b2:d3:d8:2a:90:e3:8a:a9:
                    54:ac:a5:47:42:5d:e3:11:75:9e:a9:71:0f:3c:81:
                    15:60:fb:c6:07:19:94:cb:b6:96:a4:9d:cd:48:fb:
                    d0:ab:35:df:04:cf:9c:5b:61:1c:be:dc:2d:e7:63:
                    31:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:01:C2:C0:73:4E:FF:5A:BC:A9:02:B5:3D:59:C7:B0:70:11:86:76
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38322e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:bc:25:72:79:ce:d0:09:3f:4a:1c:f2:01:fa:04:7f:ed:26:
         4e:3f:ab:25:aa:c1:0e:8d:91:80:51:54:3e:56:8b:21:32:c1:
         1e:ec:15:da:c3:8e:53:61:98:60:5e:41:d8:45:96:89:bf:94:
         bd:51:3c:24:84:c8:b6:0c:b1:65:c9:57:13:64:24:47:ef:c3:
         57:cd:7a:a0:91:f9:66:d1:ad:e6:0d:dd:64:e9:c0:29:37:be:
         d4:ab:4f:64:d0:84:86:0e:eb:e4:b5:e1:17:ff:51:fe:89:52:
         5f:95:6a:7f:6d:c1:41:9d:ef:fc:bd:3e:8c:19:43:fb:df:03:
         09:e4:14:eb:cd:75:5b:d6:fa:1d:b8:25:ae:ad:f0:c5:ff:86:
         af:81:69:56:5a:62:18:e8:7e:4f:69:ce:fb:02:3f:83:b8:88:
         31:98:23:41:65:28:7f:24:21:65:a3:cc:8c:ae:5d:a3:c6:a0:
         7d:9d:53:07:d6:de:b3:41:93:df:72:0b:b9:8f:f7:f5:af:44:
         64:b3:25:4d:0e:fd:e3:56:5f:b9:07:df:6b:82:90:3e:d7:c5:
         39:27:49:c0:02:fb:a1:99:e5:59:57:21:8d:07:3c:57:3a:cb:
         c6:43:48:bf:e0:10:69:79:76:79:35:1e:f2:cb:2f:10:09:13:
         0b:ee:0b:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVOtk9de9tJh+UN/0oE02UfKJcrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MTcxNTM4MjhaFw0yNTA1MTYxNTQzMjhaMDMxMTAvBgNV
BAMTKEUwMDFDMkMwNzM0RUZGNUFCQ0E5MDJCNTNENTlDN0IwNzAxMTg2NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJQFng9hOlo3KLwdUbma6mFDj
K2efOiJ+FIfPsTpfmXBBUpjICcXYttnfcpkXeY96/pNmFsjzqIF1tEQ91UrrEq1u
ZvZx3rKzB3ZWRMOlK9EaidKDtOZhm+B+B08i0hjRYXzyTyx3bDah5TxxkK06f2R9
T5MnwqaStIxlYcE5FsYSBJZJtCKWxR35dVAhr/KUz4VKgvMwzxpwP6J7cFK8GfKb
pXNc95zJ4nU1rqhUQ5aV9YObsSnQshuwqfYgpcweQsFHgArbiCmy09gqkOOKqVSs
pUdCXeMRdZ6pcQ88gRVg+8YHGZTLtpaknc1I+9CrNd8Ez5xbYRy+3C3nYzGPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4AHCwHNO/1q8qQK1PVnHsHARhnYwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
UjANBgkqhkiG9w0BAQsFAAOCAQEAHLwlcnnO0Ak/ShzyAfoEf+0mTj+rJarBDo2R
gFFUPlaLITLBHuwV2sOOU2GYYF5B2EWWib+UvVE8JITItgyxZclXE2QkR+/DV816
oJH5ZtGt5g3dZOnAKTe+1KtPZNCEhg7r5LXhF/9R/olSX5Vqf23BQZ3v/L0+jBlD
+98DCeQU6811W9b6Hbglrq3wxf+Gr4FpVlpiGOh+T2nO+wI/g7iIMZgjQWUofyQh
ZaPMjK5do8agfZ1TB9bes0GT33ILuY/39a9EZLMlTQ7941ZfuQffa4KQPtfFOSdJ
wAL7oZnlWVchjQc8VzrLxkNIv+AQaXl2eTUe8ssvEAkTC+4L5Q==
-----END CERTIFICATE-----