Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38352e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          of9+QBHzVFeRCikR2/nTKS/SdWnbBqij0UrrT6Ws2zo=
Subject key identifier:   C1:40:39:F4:06:B1:B7:D6:46:3E:1F:69:40:04:54:2C:C4:6D:24:0A
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       019A2AF52C7C0861EA830AEA674AC7EB4A43B2BF
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 20 May 2024 10:11:20 +0000
ROA not before:           Mon 20 May 2024 10:06:20 +0000
ROA not after:            Mon 19 May 2025 10:11:20 +0000
asID:                     9009
IP address blocks:        213.139.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:f5:2c:7c:08:61:ea:83:0a:ea:67:4a:c7:eb:4a:43:b2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 20 10:06:20 2024 GMT
            Not After : May 19 10:11:20 2025 GMT
        Subject: CN=C14039F406B1B7D6463E1F694004542CC46D240A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:81:28:ec:e9:19:2c:63:30:2c:46:91:8b:d7:
                    6e:40:47:28:97:ff:01:d7:41:8a:46:22:30:58:4d:
                    3f:49:5c:fc:d2:8a:63:b6:c9:17:4e:e3:cc:d5:f0:
                    24:f3:88:56:9e:23:a4:41:0c:9a:6e:3f:72:16:a0:
                    de:6e:cb:2f:ef:37:c3:20:4a:11:d6:52:9f:72:73:
                    70:25:b8:25:4a:9a:b4:c5:c9:79:c0:bf:39:85:51:
                    67:68:82:e6:7a:5f:2d:e4:2d:28:70:fe:d9:aa:e2:
                    69:f4:a8:80:ad:98:46:d8:d3:0c:12:12:e1:e4:bc:
                    af:6c:8b:c7:a5:5b:52:dd:b8:2e:9c:be:57:53:0c:
                    b9:8a:eb:3e:26:29:5d:5e:76:d6:a8:51:d7:c5:f5:
                    fd:48:c6:c3:55:67:4c:d8:44:34:1a:99:32:c3:15:
                    68:d1:d2:7b:86:43:8b:8e:1d:04:dd:61:3a:45:61:
                    95:a6:52:ec:6c:01:37:11:5e:ed:6a:97:39:39:34:
                    2b:9c:c2:46:75:5b:a6:de:55:e4:4d:1c:63:23:d1:
                    52:49:d5:e2:10:e3:5a:04:57:62:03:48:2f:c7:49:
                    82:11:8f:9e:1a:9e:d6:4d:c0:b0:5c:88:b8:80:10:
                    01:00:20:cd:12:64:3f:12:10:0c:12:11:ea:d6:0c:
                    06:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:40:39:F4:06:B1:B7:D6:46:3E:1F:69:40:04:54:2C:C4:6D:24:0A
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:d5:22:ac:62:85:d2:2c:42:00:2d:9a:28:f7:cc:40:3b:f7:
         e8:b7:5e:35:41:65:f2:48:10:fa:f1:b6:6b:2b:ec:ff:b3:53:
         57:c4:ab:f0:25:1d:7e:91:3e:ce:f4:d4:39:49:8e:1f:2b:b7:
         c4:ed:3d:0a:e0:bd:a8:a7:33:8e:84:31:e3:fa:5b:e9:70:a1:
         8f:49:d4:0a:99:32:17:80:40:18:0c:77:08:73:5e:59:6a:e4:
         b1:f4:c8:ea:0c:77:e7:2f:12:a3:4d:bc:68:1f:5e:59:a8:77:
         1a:7f:1d:74:ab:88:75:ae:f7:13:3e:c3:9f:3e:e5:47:0e:23:
         9c:85:0f:f9:98:6d:68:66:8e:ac:51:82:84:aa:d7:b7:3e:39:
         f3:fe:19:3c:e8:9c:dc:58:7b:b4:b6:1c:ed:39:e2:f9:d8:1d:
         bb:88:d0:86:6d:35:22:64:32:58:a2:bc:bc:10:b5:2b:8f:be:
         3c:e7:c8:d0:74:62:88:b6:36:45:b7:ef:31:a5:fb:73:dd:bd:
         01:d1:ff:34:54:bc:22:1e:d6:4a:57:63:a4:7a:df:e5:76:1b:
         5b:d9:d9:15:e8:20:35:cb:34:2a:3c:94:5b:54:f4:e7:13:91:
         a7:63:8a:38:8b:a0:57:3e:e8:ad:40:73:62:36:8d:e2:5c:d4:
         0a:d4:cb:d8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAZoq9Sx8CGHqgwrqZ0rH60pDsr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjAxMDA2MjBaFw0yNTA1MTkxMDExMjBaMDMxMTAvBgNV
BAMTKEMxNDAzOUY0MDZCMUI3RDY0NjNFMUY2OTQwMDQ1NDJDQzQ2RDI0MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgSjs6RksYzAsRpGL125ARyiX
/wHXQYpGIjBYTT9JXPzSimO2yRdO48zV8CTziFaeI6RBDJpuP3IWoN5uyy/vN8Mg
ShHWUp9yc3AluCVKmrTFyXnAvzmFUWdoguZ6Xy3kLShw/tmq4mn0qICtmEbY0wwS
EuHkvK9si8elW1LduC6cvldTDLmK6z4mKV1edtaoUdfF9f1IxsNVZ0zYRDQamTLD
FWjR0nuGQ4uOHQTdYTpFYZWmUuxsATcRXu1qlzk5NCucwkZ1W6beVeRNHGMj0VJJ
1eIQ41oEV2IDSC/HSYIRj54antZNwLBciLiAEAEAIM0SZD8SEAwSEerWDAY/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwUA59Aaxt9ZGPh9pQARULMRtJAowHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VTANBgkqhkiG9w0BAQsFAAOCAQEAMtUirGKF0ixCAC2aKPfMQDv36LdeNUFl8kgQ
+vG2ayvs/7NTV8Sr8CUdfpE+zvTUOUmOHyu3xO09CuC9qKczjoQx4/pb6XChj0nU
CpkyF4BAGAx3CHNeWWrksfTI6gx35y8So028aB9eWah3Gn8ddKuIda73Ez7Dnz7l
Rw4jnIUP+ZhtaGaOrFGChKrXtz458/4ZPOic3Fh7tLYc7Tni+dgdu4jQhm01ImQy
WKK8vBC1K4++POfI0HRiiLY2RbfvMaX7c929AdH/NFS8Ih7WSldjpHrf5XYbW9nZ
FeggNcs0KjyUW1T05xORp2OKOIugVz7orUBzYjaN4lzUCtTL2A==
-----END CERTIFICATE-----