Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e39322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6Jy9wWlUlUHCaXgvzl/QdTAZFj96twj6nqzC95T3heA=
Subject key identifier:   97:81:16:F1:93:2D:D7:0F:BC:E5:D7:26:8E:F5:D1:0D:F6:DC:0C:BF
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       1BB2E144EB68DA1DAC9C24499B481129EAB2EB22
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 May 2024 08:15:35 +0000
ROA not before:           Tue 21 May 2024 08:10:35 +0000
ROA not after:            Tue 20 May 2025 08:15:35 +0000
asID:                     834
IP address blocks:        213.139.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:b2:e1:44:eb:68:da:1d:ac:9c:24:49:9b:48:11:29:ea:b2:eb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 21 08:10:35 2024 GMT
            Not After : May 20 08:15:35 2025 GMT
        Subject: CN=978116F1932DD70FBCE5D7268EF5D10DF6DC0CBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b3:80:61:42:7c:f3:37:d3:63:cf:57:df:2a:
                    5c:60:65:12:ce:8c:42:68:1f:ee:cb:2d:0f:7b:73:
                    92:44:fa:7f:d6:9e:5d:96:95:9e:08:d9:19:da:a4:
                    12:a4:2e:a6:4f:ca:58:1a:bb:1b:d7:5f:8a:89:77:
                    41:77:7e:3a:19:5e:11:d7:b9:42:ab:cf:56:a4:c9:
                    01:58:ec:ed:ce:32:60:0e:54:40:18:e1:25:c3:5b:
                    84:2d:5a:c4:83:fc:d1:04:74:80:04:13:b0:b8:4a:
                    c3:ad:a4:72:ac:73:4d:0c:9b:cb:76:22:75:cd:f7:
                    ad:73:dc:bf:68:f9:a2:b8:a5:fa:23:20:16:38:d1:
                    11:d0:56:43:f5:1d:b5:d6:5c:a2:0c:23:68:88:be:
                    9e:28:59:ad:bd:f3:97:31:6c:06:bb:f7:5e:2f:d9:
                    67:8b:9c:2f:84:15:87:fd:47:96:80:8a:f1:30:ab:
                    34:07:41:41:22:11:26:9b:d8:65:e9:84:8f:21:17:
                    d1:6d:9d:ba:2b:5f:44:b2:9a:3e:d2:79:d4:32:ad:
                    ed:df:d6:d2:63:dd:5d:97:d9:5c:e8:61:e2:1d:8d:
                    7b:b3:13:3c:fc:cb:ce:f1:be:ce:bf:44:c7:75:8e:
                    36:7c:b3:07:54:0a:86:ec:84:c1:8d:69:6a:31:2c:
                    ec:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:81:16:F1:93:2D:D7:0F:BC:E5:D7:26:8E:F5:D1:0D:F6:DC:0C:BF
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:1a:cf:9e:49:6e:5b:99:b3:18:f4:9a:3d:45:b9:dd:91:f7:
         42:48:90:99:9e:cb:4f:0c:a0:35:dc:ee:e8:06:3c:40:6f:29:
         16:1a:da:dc:30:02:eb:e2:cf:45:10:46:bb:7a:d3:28:44:25:
         92:74:29:7c:0c:67:b9:d8:9b:84:23:1e:cc:cd:89:90:80:44:
         83:32:d6:12:cf:7c:fd:97:1a:57:19:14:ab:f3:7e:df:77:9a:
         7c:55:fc:a7:20:23:4a:ca:87:26:38:35:1a:45:80:c2:1b:06:
         37:22:91:37:3a:d3:a2:9e:e2:6d:5d:00:7c:3e:ad:b6:ea:92:
         32:01:f4:f4:21:57:56:70:8f:c9:ea:75:c3:92:d5:a9:9f:4d:
         56:16:37:fd:24:88:a4:1e:69:a8:70:0a:4c:37:24:62:01:8c:
         0e:9f:a4:3d:f8:41:94:1d:16:67:e9:a9:d1:f7:8c:9c:f0:d9:
         6b:ec:f5:b9:69:9f:b8:b6:47:46:03:a9:75:39:26:11:cc:93:
         38:d4:53:d4:d3:4f:d0:3e:f2:b7:71:8c:fc:2d:ac:6c:02:3b:
         a3:59:e7:bc:54:36:90:00:1f:4f:e0:72:93:dd:1a:3c:7c:4e:
         1b:b6:86:12:a8:76:0d:25:9f:2f:93:84:98:63:f8:c1:07:03:
         03:39:7b:64
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUG7LhROto2h2snCRJm0gRKeqy6yIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjEwODEwMzVaFw0yNTA1MjAwODE1MzVaMDMxMTAvBgNV
BAMTKDk3ODExNkYxOTMyREQ3MEZCQ0U1RDcyNjhFRjVEMTBERjZEQzBDQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1s4BhQnzzN9Njz1ffKlxgZRLO
jEJoH+7LLQ97c5JE+n/Wnl2WlZ4I2RnapBKkLqZPylgauxvXX4qJd0F3fjoZXhHX
uUKrz1akyQFY7O3OMmAOVEAY4SXDW4QtWsSD/NEEdIAEE7C4SsOtpHKsc00Mm8t2
InXN961z3L9o+aK4pfojIBY40RHQVkP1HbXWXKIMI2iIvp4oWa2985cxbAa7914v
2WeLnC+EFYf9R5aAivEwqzQHQUEiESab2GXphI8hF9FtnborX0Symj7SedQyre3f
1tJj3V2X2VzoYeIdjXuzEzz8y87xvs6/RMd1jjZ8swdUCobshMGNaWoxLOw1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUl4EW8ZMt1w+85dcmjvXRDfbcDL8wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi1ww
DQYJKoZIhvcNAQELBQADggEBAFwaz55JbluZsxj0mj1Fud2R90JIkJmey08MoDXc
7ugGPEBvKRYa2twwAuviz0UQRrt60yhEJZJ0KXwMZ7nYm4QjHszNiZCARIMy1hLP
fP2XGlcZFKvzft93mnxV/KcgI0rKhyY4NRpFgMIbBjcikTc606Ke4m1dAHw+rbbq
kjIB9PQhV1Zwj8nqdcOS1amfTVYWN/0kiKQeaahwCkw3JGIBjA6fpD34QZQdFmfp
qdH3jJzw2Wvs9blpn7i2R0YDqXU5JhHMkzjUU9TTT9A+8rdxjPwtrGwCO6NZ57xU
NpAAH0/gcpPdGjx8Thu2hhKodg0lny+ThJhj+MEHAwM5e2Q=
-----END CERTIFICATE-----