Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38392e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          J06WMDxk0vMK8pfigTls8zgcVFUgtvOJyAs44qQdbiE=
Subject key identifier:   0C:9E:BE:1C:B8:20:A7:1A:9A:3E:A3:AE:2D:74:57:4F:76:E6:2F:CE
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       68940D37DA8645283BBCF7C4C732C4C621BDE43A
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 20 May 2024 10:11:18 +0000
ROA not before:           Mon 20 May 2024 10:06:18 +0000
ROA not after:            Mon 19 May 2025 10:11:18 +0000
asID:                     9009
IP address blocks:        213.139.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:94:0d:37:da:86:45:28:3b:bc:f7:c4:c7:32:c4:c6:21:bd:e4:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 20 10:06:18 2024 GMT
            Not After : May 19 10:11:18 2025 GMT
        Subject: CN=0C9EBE1CB820A71A9A3EA3AE2D74574F76E62FCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0e:fe:23:18:e5:9e:8f:89:1f:71:c9:4c:3e:
                    c8:42:56:8b:f1:b9:d0:3a:1b:17:b0:64:b5:19:f9:
                    91:fe:54:97:21:11:60:14:f3:bb:c6:a7:a4:b6:f2:
                    b6:ff:84:28:55:0e:09:b7:19:fa:f0:43:c0:20:ca:
                    97:20:f4:c4:12:dc:23:22:a1:2b:b3:8c:63:1d:8f:
                    54:35:2b:a8:3d:17:98:c7:af:f5:b0:6c:62:39:62:
                    b3:ee:e9:ba:7d:c5:86:9a:91:91:a8:10:d0:e1:85:
                    81:30:6a:25:23:40:c4:27:c5:26:60:1a:6d:cf:2e:
                    fb:30:57:4b:41:9c:02:00:b0:91:4d:66:8e:b8:0c:
                    56:27:38:86:ef:6c:e1:df:a4:4d:8d:eb:6d:20:a5:
                    d6:f7:87:4e:75:f3:78:20:1f:ab:6e:74:39:dd:a7:
                    22:f8:0e:39:48:17:c9:cd:77:7b:39:78:8c:f1:ab:
                    56:aa:1f:c9:63:2b:d6:41:73:ec:23:33:6b:98:2b:
                    56:37:f3:3a:d3:bd:db:8a:6a:9e:3a:de:48:44:c3:
                    19:c7:6b:e1:49:0b:5f:f6:56:0a:06:06:6f:18:b9:
                    00:10:3c:47:5a:8d:f3:cb:26:d5:45:c4:c2:b0:c2:
                    fc:fb:ea:8e:ae:ec:3a:1d:a2:f7:ac:91:3a:2f:0b:
                    ab:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9E:BE:1C:B8:20:A7:1A:9A:3E:A3:AE:2D:74:57:4F:76:E6:2F:CE
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:55:8b:4a:c8:02:f3:72:44:31:96:53:99:20:37:15:ea:ef:
         a3:54:63:bf:8e:73:0e:f6:f4:8e:7c:76:76:8f:e5:dd:54:fa:
         b2:ed:1d:ef:fc:50:0d:fd:85:e2:b6:ec:44:ff:cb:27:c4:be:
         f9:27:4c:49:a5:e0:27:a9:e3:e8:f7:a0:01:32:cb:9b:20:ae:
         9f:06:cd:ae:ec:1d:6d:0d:1b:e8:f2:81:84:20:99:79:66:31:
         bf:b6:c2:88:fa:2c:1b:0d:b9:b1:84:6a:1c:81:cc:dd:d6:2a:
         4c:5b:01:6f:0f:59:01:f9:55:15:d8:9a:b9:eb:80:9d:0c:74:
         45:a1:42:fd:e6:58:b9:c8:e2:99:a4:ab:7e:34:97:83:be:14:
         41:c4:68:aa:b1:47:1a:17:50:73:7d:b1:47:f7:8a:66:66:5d:
         85:ff:f5:78:c1:7a:01:2d:2e:7a:4b:fa:e6:f1:c7:c4:c7:0d:
         6c:c2:59:f8:27:e8:34:e0:e1:18:80:6b:73:5d:88:fa:d2:9f:
         af:75:8b:54:b0:c2:f3:38:87:9d:54:4b:dc:f6:c8:bf:1c:30:
         de:41:e7:64:f7:85:c0:96:6f:c8:ee:48:0f:f8:71:bc:fd:c3:
         68:29:4b:ae:90:d8:c1:47:55:c8:d2:05:2f:69:99:dd:a4:00:
         27:aa:8f:cb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaJQNN9qGRSg7vPfExzLExiG95DowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjAxMDA2MThaFw0yNTA1MTkxMDExMThaMDMxMTAvBgNV
BAMTKDBDOUVCRTFDQjgyMEE3MUE5QTNFQTNBRTJENzQ1NzRGNzZFNjJGQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFDv4jGOWej4kfcclMPshCVovx
udA6GxewZLUZ+ZH+VJchEWAU87vGp6S28rb/hChVDgm3GfrwQ8Agypcg9MQS3CMi
oSuzjGMdj1Q1K6g9F5jHr/WwbGI5YrPu6bp9xYaakZGoENDhhYEwaiUjQMQnxSZg
Gm3PLvswV0tBnAIAsJFNZo64DFYnOIbvbOHfpE2N620gpdb3h05183ggH6tudDnd
pyL4DjlIF8nNd3s5eIzxq1aqH8ljK9ZBc+wjM2uYK1Y38zrTvduKap463khEwxnH
a+FJC1/2VgoGBm8YuQAQPEdajfPLJtVFxMKwwvz76o6u7DodoveskTovC6sbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDJ6+HLggpxqaPqOuLXRXT3bmL84wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WTANBgkqhkiG9w0BAQsFAAOCAQEAh1WLSsgC83JEMZZTmSA3Fervo1Rjv45zDvb0
jnx2do/l3VT6su0d7/xQDf2F4rbsRP/LJ8S++SdMSaXgJ6nj6PegATLLmyCunwbN
ruwdbQ0b6PKBhCCZeWYxv7bCiPosGw25sYRqHIHM3dYqTFsBbw9ZAflVFdiaueuA
nQx0RaFC/eZYucjimaSrfjSXg74UQcRoqrFHGhdQc32xR/eKZmZdhf/1eMF6AS0u
ekv65vHHxMcNbMJZ+CfoNODhGIBrc12I+tKfr3WLVLDC8ziHnVRL3PbIvxww3kHn
ZPeFwJZvyO5ID/hxvP3DaClLrpDYwUdVyNIFL2mZ3aQAJ6qPyw==
-----END CERTIFICATE-----