Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39352e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39352e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          FVZySD2qYJGzeA33TZ6k9nKfV57UUqtM3Y9RFiezkdM=
Subject key identifier:   01:2C:78:2F:68:E1:C8:3F:FD:52:AF:27:7C:3E:66:D8:F2:53:DA:F1
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       3589EA87038A523B105C96485B1C86B9B7A3CE34
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39352e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 21 May 2024 08:14:45 +0000
ROA not before:           Tue 21 May 2024 08:09:45 +0000
ROA not after:            Tue 20 May 2025 08:14:45 +0000
asID:                     9009
IP address blocks:        213.139.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:89:ea:87:03:8a:52:3b:10:5c:96:48:5b:1c:86:b9:b7:a3:ce:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: May 21 08:09:45 2024 GMT
            Not After : May 20 08:14:45 2025 GMT
        Subject: CN=012C782F68E1C83FFD52AF277C3E66D8F253DAF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2f:25:21:2a:56:99:6f:d5:47:19:f8:43:5a:
                    d7:84:3e:05:39:33:db:3f:91:de:5a:fd:27:6c:0c:
                    0f:1d:61:ea:6a:95:c5:5d:37:ab:21:2a:ad:9d:11:
                    dd:3b:34:f9:9e:77:5c:fe:49:34:70:f6:ce:f5:da:
                    48:fe:e1:2e:b0:3d:2e:a3:a6:ab:5d:2a:b1:03:36:
                    e0:44:4f:14:1e:80:da:ac:bc:7a:89:78:7f:1c:85:
                    1b:27:c1:ca:0a:98:04:cd:8a:4d:33:17:f5:25:eb:
                    c9:51:13:ac:25:93:51:d6:65:bd:d1:15:55:0d:90:
                    8e:a6:3d:de:a5:06:69:24:24:e1:e5:0e:2f:98:b5:
                    c6:3a:22:c9:94:ca:bc:13:ac:14:83:14:b0:5e:24:
                    16:27:41:ad:16:62:c4:70:06:9e:d7:78:f9:c8:c1:
                    bd:5a:27:97:42:b4:d2:10:65:3e:04:42:b0:db:2b:
                    7b:fd:37:06:bd:73:4a:49:18:2d:93:08:3b:04:f0:
                    52:44:75:fb:e5:19:7f:f7:11:37:b0:6c:4f:cc:38:
                    c6:d1:07:6d:09:44:aa:46:a7:96:c4:58:8c:c0:bf:
                    a8:9a:1a:58:62:2e:d1:1d:b7:f5:7f:93:a0:c2:00:
                    be:30:e5:37:02:bc:76:c8:bd:50:e5:bb:cc:34:f6:
                    c1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:2C:78:2F:68:E1:C8:3F:FD:52:AF:27:7C:3E:66:D8:F2:53:DA:F1
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39352e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:f1:07:d0:5f:d5:d5:7a:31:06:f5:d8:52:7a:93:bb:4f:de:
         67:c6:66:f2:74:07:88:73:06:66:0f:20:6d:c3:ba:83:aa:d0:
         32:5e:57:d6:a2:2b:09:b1:5d:77:c0:f3:90:3f:30:3f:c9:05:
         f9:f5:9d:54:6f:7f:a6:04:30:92:29:19:75:c7:f9:48:19:f8:
         76:d8:18:05:09:d3:2e:cf:90:40:65:1f:ea:18:b0:bb:ab:e1:
         18:ac:25:f0:cb:3a:36:93:d0:29:ca:80:5f:61:99:f5:8c:e8:
         af:db:52:61:a9:25:90:24:f0:41:52:04:64:a0:18:bb:d0:06:
         cd:82:fe:f8:32:49:34:95:e2:74:89:23:ec:97:d5:15:98:af:
         ce:90:77:02:88:37:94:e0:92:94:f8:c8:d0:fe:1d:59:2d:e8:
         78:26:10:b3:43:d1:87:2e:30:dd:21:a2:0c:07:31:d3:37:a2:
         9f:20:35:89:89:3b:42:d2:66:72:c5:1c:22:78:a6:f0:87:4f:
         fc:cc:8d:b0:9a:3a:ae:70:68:b6:2f:1c:ff:f3:f5:bd:fa:28:
         28:87:89:28:9c:0e:6d:1b:26:a4:4e:6c:89:85:10:44:5e:5c:
         f2:65:9b:51:32:31:29:37:07:15:6d:ab:12:2f:71:62:eb:34:
         aa:88:de:c6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNYnqhwOKUjsQXJZIWxyGubejzjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNDA1MjEwODA5NDVaFw0yNTA1MjAwODE0NDVaMDMxMTAvBgNV
BAMTKDAxMkM3ODJGNjhFMUM4M0ZGRDUyQUYyNzdDM0U2NkQ4RjI1M0RBRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfLyUhKlaZb9VHGfhDWteEPgU5
M9s/kd5a/SdsDA8dYepqlcVdN6shKq2dEd07NPmed1z+STRw9s712kj+4S6wPS6j
pqtdKrEDNuBETxQegNqsvHqJeH8chRsnwcoKmATNik0zF/Ul68lRE6wlk1HWZb3R
FVUNkI6mPd6lBmkkJOHlDi+YtcY6IsmUyrwTrBSDFLBeJBYnQa0WYsRwBp7XePnI
wb1aJ5dCtNIQZT4EQrDbK3v9Nwa9c0pJGC2TCDsE8FJEdfvlGX/3ETewbE/MOMbR
B20JRKpGp5bEWIzAv6iaGlhiLtEdt/V/k6DCAL4w5TcCvHbIvVDlu8w09sGjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUASx4L2jhyD/9Uq8nfD5m2PJT2vEwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
XzANBgkqhkiG9w0BAQsFAAOCAQEAKvEH0F/V1XoxBvXYUnqTu0/eZ8Zm8nQHiHMG
Zg8gbcO6g6rQMl5X1qIrCbFdd8DzkD8wP8kF+fWdVG9/pgQwkikZdcf5SBn4dtgY
BQnTLs+QQGUf6hiwu6vhGKwl8Ms6NpPQKcqAX2GZ9Yzor9tSYaklkCTwQVIEZKAY
u9AGzYL++DJJNJXidIkj7JfVFZivzpB3Aog3lOCSlPjI0P4dWS3oeCYQs0PRhy4w
3SGiDAcx0zeinyA1iYk7QtJmcsUcInim8IdP/MyNsJo6rnBoti8c//P1vfooKIeJ
KJwObRsmpE5siYUQRF5c8mWbUTIxKTcHFW2rEi9xYus0qojexg==
-----END CERTIFICATE-----