Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          Bl1aRRfvhlQw8eeGsoLHX9t51iL6e6Y2fGT+6y05OLk=
Subject key identifier:   61:FF:8A:15:DD:76:EA:73:6A:A8:0C:B2:92:29:EF:17:63:A3:04:F8
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       7636016E7DD37611CE5B7205381333828563D566
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39342e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 21 May 2024 08:14:46 +0000
ROA not before:           Tue 21 May 2024 08:09:46 +0000
ROA not after:            Tue 20 May 2025 08:14:46 +0000
asID:                     9009
IP address blocks:        213.139.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:36:01:6e:7d:d3:76:11:ce:5b:72:05:38:13:33:82:85:63:d5:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 21 08:09:46 2024 GMT
            Not After : May 20 08:14:46 2025 GMT
        Subject: CN=61FF8A15DD76EA736AA80CB29229EF1763A304F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:69:6c:b4:ed:43:b9:9a:a3:76:40:28:62:0f:
                    44:e9:d7:df:c5:f8:3d:63:fd:f6:56:40:3e:16:1c:
                    1a:a5:83:a7:5e:ce:b3:e9:4b:4c:cb:14:97:ab:75:
                    4b:2a:93:2f:02:33:d0:7c:c6:d3:6e:3b:7a:80:bb:
                    81:e7:64:38:d7:a2:89:89:00:19:ef:12:c8:f4:7f:
                    68:3b:c2:7e:29:b7:11:d1:bf:99:c7:30:98:5b:88:
                    19:7f:e4:1c:22:3e:e7:70:c0:ba:51:bf:9f:45:13:
                    3b:35:38:41:ad:ce:7d:4d:2f:b8:f6:b9:c7:f5:1d:
                    82:73:ab:b0:21:e5:59:ff:cd:8a:dd:78:6a:ff:6b:
                    78:d7:2a:f7:96:15:cd:c0:b8:1c:14:51:57:d2:53:
                    15:e5:e2:db:74:62:01:f5:c7:b2:75:22:8a:85:ad:
                    fa:71:f9:24:63:cb:d4:4a:49:ee:bf:02:35:d3:de:
                    44:f2:18:b2:d3:13:ea:bc:18:a5:51:1e:75:a2:50:
                    22:98:b2:b7:cd:0e:ae:17:96:50:1b:6a:01:95:3b:
                    1c:b3:a4:3a:ff:43:41:6f:d0:38:3e:a7:02:cb:fc:
                    90:5c:c0:56:d2:aa:70:81:14:33:a4:09:55:3c:a0:
                    7c:2f:7f:00:b5:dc:b1:65:ff:07:e2:b3:82:a1:67:
                    b0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FF:8A:15:DD:76:EA:73:6A:A8:0C:B2:92:29:EF:17:63:A3:04:F8
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:1a:ae:d6:93:bd:89:b2:00:45:1f:4f:ca:95:01:ba:c4:98:
         79:42:90:63:10:6a:32:04:36:90:ba:a2:34:a7:ee:d6:ff:f7:
         d8:e6:16:a6:52:dc:00:8c:6e:11:50:8c:00:63:46:47:64:68:
         7f:59:30:7c:f0:6d:23:76:90:9f:5a:57:d8:c7:e3:4d:b8:73:
         b3:39:69:ce:e5:04:01:4e:e1:1c:46:f9:96:dc:72:c7:38:c7:
         db:f0:1b:eb:c8:f2:ce:bf:8b:f8:7d:1c:3f:0f:9b:79:85:73:
         61:f2:2d:f6:2d:1a:0d:ea:74:ce:84:9b:9d:6c:72:87:5b:00:
         80:d5:a2:93:63:76:e9:50:e8:5f:00:ee:9f:32:e3:ff:c7:88:
         94:45:52:4e:41:b5:d7:dc:76:99:ff:ad:b8:32:20:ee:06:e8:
         62:f9:2a:95:fb:94:67:e8:a1:5b:00:28:24:04:10:2f:80:77:
         dc:82:85:18:e4:d8:2f:02:cd:0b:cf:ba:84:8a:0e:42:60:c2:
         89:0a:20:f5:96:7e:c5:95:a9:cd:fe:b5:9c:a1:c4:89:bd:4c:
         70:27:0f:d7:4a:7e:e2:0f:91:05:86:57:db:f7:f0:7c:81:48:
         83:62:ff:db:5f:5a:18:53:d4:c8:b2:30:7b:6c:0e:2c:eb:c1:
         44:3f:a2:0e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdjYBbn3TdhHOW3IFOBMzgoVj1WYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjEwODA5NDZaFw0yNTA1MjAwODE0NDZaMDMxMTAvBgNV
BAMTKDYxRkY4QTE1REQ3NkVBNzM2QUE4MENCMjkyMjlFRjE3NjNBMzA0RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZaWy07UO5mqN2QChiD0Tp19/F
+D1j/fZWQD4WHBqlg6dezrPpS0zLFJerdUsqky8CM9B8xtNuO3qAu4HnZDjXoomJ
ABnvEsj0f2g7wn4ptxHRv5nHMJhbiBl/5BwiPudwwLpRv59FEzs1OEGtzn1NL7j2
ucf1HYJzq7Ah5Vn/zYrdeGr/a3jXKveWFc3AuBwUUVfSUxXl4tt0YgH1x7J1IoqF
rfpx+SRjy9RKSe6/AjXT3kTyGLLTE+q8GKVRHnWiUCKYsrfNDq4XllAbagGVOxyz
pDr/Q0Fv0Dg+pwLL/JBcwFbSqnCBFDOkCVU8oHwvfwC13LFl/wfis4KhZ7ApAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYf+KFd126nNqqAyykinvF2OjBPgwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
XjANBgkqhkiG9w0BAQsFAAOCAQEAfhqu1pO9ibIARR9PypUBusSYeUKQYxBqMgQ2
kLqiNKfu1v/32OYWplLcAIxuEVCMAGNGR2Rof1kwfPBtI3aQn1pX2MfjTbhzszlp
zuUEAU7hHEb5ltxyxzjH2/Ab68jyzr+L+H0cPw+beYVzYfIt9i0aDep0zoSbnWxy
h1sAgNWik2N26VDoXwDunzLj/8eIlEVSTkG119x2mf+tuDIg7gboYvkqlfuUZ+ih
WwAoJAQQL4B33IKFGOTYLwLNC8+6hIoOQmDCiQog9ZZ+xZWpzf61nKHEib1McCcP
10p+4g+RBYZX2/fwfIFIg2L/219aGFPUyLIwe2wOLOvBRD+iDg==
-----END CERTIFICATE-----