Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          Ag6bDXTIkeP3S1yYyObakXBVS3meRtUEDwW2GPMInYg=
Subject key identifier:   5A:FC:74:6F:F7:3F:3D:A1:B4:D0:10:A0:4B:4E:5C:C1:21:51:ED:AE
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       188A34575B54DE2C7DE06C7D8C1EE0AD1A5D6BB5
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 17 May 2024 15:43:29 +0000
ROA not before:           Fri 17 May 2024 15:38:29 +0000
ROA not after:            Fri 16 May 2025 15:43:29 +0000
asID:                     9009
IP address blocks:        213.139.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:8a:34:57:5b:54:de:2c:7d:e0:6c:7d:8c:1e:e0:ad:1a:5d:6b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 17 15:38:29 2024 GMT
            Not After : May 16 15:43:29 2025 GMT
        Subject: CN=5AFC746FF73F3DA1B4D010A04B4E5CC12151EDAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:60:07:2f:e7:6c:62:e1:a6:c5:a8:56:c6:2e:
                    1c:43:b8:4b:f0:2a:d6:ce:d3:b8:4f:29:5f:89:0e:
                    c4:a5:78:d5:39:1e:51:b5:77:eb:51:ff:cb:49:8e:
                    86:9c:ef:ab:17:fc:3a:2a:90:38:b4:e7:d1:11:94:
                    ef:d1:57:38:ee:dd:2d:14:ec:f5:b1:fd:7a:4f:59:
                    c9:1b:80:f1:65:c3:74:00:cd:69:1d:a3:84:91:d9:
                    e4:b9:60:69:f2:96:28:aa:40:ac:f3:9c:ee:69:42:
                    d1:ea:ae:de:57:4b:12:ae:8a:7d:b8:51:3c:05:26:
                    76:6f:1f:cd:28:23:fd:0b:bf:83:28:94:a5:c2:d6:
                    81:66:8f:0f:6d:80:31:e5:30:e3:23:58:a6:4a:10:
                    16:fa:47:18:5b:00:0c:9e:e7:d7:84:e3:33:20:af:
                    fb:45:f4:e1:20:92:01:62:c4:c1:4a:a8:61:30:2c:
                    e1:ba:89:f1:3e:83:c9:81:b5:b9:cc:e5:ad:32:f7:
                    59:fb:3d:c3:57:b4:d0:6d:ef:13:41:c5:a9:79:48:
                    8f:1f:02:49:61:17:8a:4a:bd:17:a5:a5:58:fa:c7:
                    c8:0a:f7:d5:79:c4:fe:1b:b6:24:a8:c3:3d:40:6c:
                    b0:2e:0b:2a:6f:bc:92:c0:1d:0c:ad:38:6e:bd:4b:
                    5c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FC:74:6F:F7:3F:3D:A1:B4:D0:10:A0:4B:4E:5C:C1:21:51:ED:AE
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:4b:ed:ff:d4:c2:a0:fd:d2:a8:bb:53:38:69:02:87:75:3d:
         3c:d2:bc:3c:ba:8a:59:dd:a2:5e:53:e3:c4:d5:f8:44:dd:f6:
         8f:fd:25:23:2a:f8:8d:92:d4:ef:36:b5:82:e1:39:8d:52:9b:
         8d:ca:ff:d1:10:ea:50:8e:ae:74:78:14:11:c6:df:bd:7d:3d:
         13:32:6b:fc:f3:93:00:20:6c:bd:00:90:ca:8e:e0:90:25:8e:
         c7:c8:91:49:e2:53:dd:6e:37:22:2e:61:d7:cd:d1:2e:5d:1f:
         2e:9f:06:7c:c9:5f:62:ab:4d:db:ee:84:5c:56:fe:cb:46:13:
         5c:56:b1:87:dd:4c:ec:a5:e6:45:82:8b:fa:51:03:25:90:1e:
         bf:84:da:5c:8f:40:49:c1:c3:68:2d:47:de:5d:5b:75:ca:c7:
         39:97:00:66:d6:a5:16:09:c9:38:47:7b:d0:36:2d:98:58:8d:
         4f:13:81:12:10:cf:ab:52:e3:c3:f8:ef:62:e3:d7:f4:7f:c2:
         1f:eb:1a:81:49:8e:5d:5c:04:86:4e:34:58:b8:c9:01:e2:23:
         be:98:7d:73:55:96:65:b1:3c:54:44:2b:42:ad:18:59:db:47:
         a3:a7:08:63:a9:e0:ce:0d:ec:96:3a:42:0c:c2:2c:4e:a4:d2:
         d4:70:39:07
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGIo0V1tU3ix94Gx9jB7grRpda7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MTcxNTM4MjlaFw0yNTA1MTYxNTQzMjlaMDMxMTAvBgNV
BAMTKDVBRkM3NDZGRjczRjNEQTFCNEQwMTBBMDRCNEU1Q0MxMjE1MUVEQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKYAcv52xi4abFqFbGLhxDuEvw
KtbO07hPKV+JDsSleNU5HlG1d+tR/8tJjoac76sX/DoqkDi059ERlO/RVzju3S0U
7PWx/XpPWckbgPFlw3QAzWkdo4SR2eS5YGnyliiqQKzznO5pQtHqrt5XSxKuin24
UTwFJnZvH80oI/0Lv4MolKXC1oFmjw9tgDHlMOMjWKZKEBb6RxhbAAye59eE4zMg
r/tF9OEgkgFixMFKqGEwLOG6ifE+g8mBtbnM5a0y91n7PcNXtNBt7xNBxal5SI8f
AklhF4pKvRelpVj6x8gK99V5xP4btiSowz1AbLAuCypvvJLAHQytOG69S1x3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWvx0b/c/PaG00BCgS05cwSFR7a4wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VDANBgkqhkiG9w0BAQsFAAOCAQEAaUvt/9TCoP3SqLtTOGkCh3U9PNK8PLqKWd2i
XlPjxNX4RN32j/0lIyr4jZLU7za1guE5jVKbjcr/0RDqUI6udHgUEcbfvX09EzJr
/POTACBsvQCQyo7gkCWOx8iRSeJT3W43Ii5h183RLl0fLp8GfMlfYqtN2+6EXFb+
y0YTXFaxh91M7KXmRYKL+lEDJZAev4TaXI9AScHDaC1H3l1bdcrHOZcAZtalFgnJ
OEd70DYtmFiNTxOBEhDPq1Ljw/jvYuPX9H/CH+sagUmOXVwEhk40WLjJAeIjvph9
c1WWZbE8VEQrQq0YWdtHo6cIY6ngzg3sljpCDMIsTqTS1HA5Bw==
-----END CERTIFICATE-----