Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31392e302f32342d3234203d3e203631333137.roa
File:                     39332e39322e31392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          bCly8plczaq5qd0H9MlQ1Z8xZKSunOI/jFWKgR1UqBg=
Subject key identifier:   BD:29:34:23:A9:7A:49:52:9E:AC:38:8B:C3:F6:12:0F:9C:D4:D1:62
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       01356E4248388402B1BDF13304870C444B41BB9B
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 06 Mar 2025 12:53:56 +0000
ROA not before:           Thu 06 Mar 2025 12:48:56 +0000
ROA not after:            Thu 05 Mar 2026 12:53:56 +0000
asID:                     61317
IP address blocks:        93.92.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 06:09:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:35:6e:42:48:38:84:02:b1:bd:f1:33:04:87:0c:44:4b:41:bb:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Mar  6 12:48:56 2025 GMT
            Not After : Mar  5 12:53:56 2026 GMT
        Subject: CN=BD293423A97A49529EAC388BC3F6120F9CD4D162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:07:09:3e:26:90:03:8b:d1:fe:1e:b7:25:21:
                    91:8f:3d:1d:cd:d2:43:e3:41:8a:5d:3f:ce:0e:ca:
                    b9:f1:5b:91:11:69:1b:7d:ff:33:4e:68:38:8e:ba:
                    be:fd:85:c8:43:c4:9d:d4:97:8b:29:34:9a:77:0d:
                    08:c7:db:26:46:63:41:6d:1a:90:7f:c9:b1:c2:66:
                    b2:07:37:00:62:b3:92:3e:8d:4d:ab:04:ea:c7:d6:
                    95:1a:d2:09:fd:97:52:db:b7:f9:6d:81:92:14:28:
                    05:32:74:39:9f:5c:ca:d9:d3:0e:6b:b5:5a:f5:83:
                    fd:54:e2:25:3f:09:9c:c6:6c:32:55:d6:c2:64:35:
                    e3:9c:77:73:ca:53:d8:62:35:8f:ab:6a:82:ad:5d:
                    ec:b4:f6:ab:89:52:76:93:39:54:66:e0:d7:e8:45:
                    bb:69:da:27:37:42:6a:79:0b:82:7a:23:80:c3:65:
                    1a:38:bc:a6:b9:af:d6:78:1f:7f:33:2f:68:02:a2:
                    a3:44:fa:69:05:5b:88:24:6f:46:61:b3:03:6b:5d:
                    26:e4:47:67:16:8a:f0:4e:29:4f:3a:08:1a:cf:d3:
                    b0:8d:7a:17:e4:f1:33:ab:a1:fe:d4:c4:fe:0c:f0:
                    7c:c0:a2:eb:a4:2b:fb:9e:15:41:5b:a5:65:25:8b:
                    0a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:29:34:23:A9:7A:49:52:9E:AC:38:8B:C3:F6:12:0F:9C:D4:D1:62
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e31392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f6:c1:0a:8b:0d:fc:54:c3:d8:e5:db:74:5a:82:cf:ab:58:
         b9:eb:ee:f2:23:4d:e9:02:0f:fc:da:6c:30:fc:24:eb:81:14:
         ed:00:3a:31:49:2e:cd:f7:b1:87:8d:2c:85:4c:ad:09:05:a7:
         80:2c:a7:f0:6b:2e:d3:55:d8:11:61:38:7d:4c:3f:64:14:e6:
         1f:3f:b5:a2:59:54:c7:04:99:6c:d5:7c:02:46:38:79:ff:34:
         b2:f6:a1:b2:6d:f0:50:ed:a0:d7:00:4e:a3:b4:e9:0e:d3:dc:
         72:1b:ce:ac:ab:b1:56:7f:4f:7e:5c:71:10:9b:70:a8:86:e6:
         2b:f7:b5:c8:f0:4b:66:e8:ff:65:c9:d6:a3:cb:07:e3:a9:db:
         68:e1:1e:4d:6f:cc:ae:2d:55:17:83:d9:04:28:54:6d:f8:5f:
         11:ff:44:50:17:a3:85:69:d2:9a:0d:2c:31:1d:ba:f6:5b:2c:
         b1:4b:64:a6:9d:c3:5b:cd:7c:8f:b1:33:26:7c:10:fc:46:be:
         d1:f6:9e:06:51:33:0e:cd:a6:3c:a0:8b:6d:56:b1:2f:14:e1:
         8f:fd:4b:29:bc:12:46:ed:5b:69:0d:cc:59:15:10:f4:b3:c7:
         4c:ec:87:c3:61:a2:5d:6c:66:49:da:30:b3:98:58:14:b6:35:
         42:37:68:27
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUATVuQkg4hAKxvfEzBIcMREtBu5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTAzMDYxMjQ4NTZaFw0yNjAzMDUxMjUzNTZaMDMxMTAvBgNV
BAMTKEJEMjkzNDIzQTk3QTQ5NTI5RUFDMzg4QkMzRjYxMjBGOUNENEQxNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYBwk+JpADi9H+HrclIZGPPR3N
0kPjQYpdP84OyrnxW5ERaRt9/zNOaDiOur79hchDxJ3Ul4spNJp3DQjH2yZGY0Ft
GpB/ybHCZrIHNwBis5I+jU2rBOrH1pUa0gn9l1Lbt/ltgZIUKAUydDmfXMrZ0w5r
tVr1g/1U4iU/CZzGbDJV1sJkNeOcd3PKU9hiNY+raoKtXey09quJUnaTOVRm4Nfo
Rbtp2ic3Qmp5C4J6I4DDZRo4vKa5r9Z4H38zL2gCoqNE+mkFW4gkb0ZhswNrXSbk
R2cWivBOKU86CBrP07CNehfk8TOrof7UxP4M8HzAouukK/ueFUFbpWUliwr/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvSk0I6l6SVKerDiLw/YSD5zU0WIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzEzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdXBMw
DQYJKoZIhvcNAQELBQADggEBADf2wQqLDfxUw9jl23Rags+rWLnr7vIjTekCD/za
bDD8JOuBFO0AOjFJLs33sYeNLIVMrQkFp4Asp/BrLtNV2BFhOH1MP2QU5h8/taJZ
VMcEmWzVfAJGOHn/NLL2obJt8FDtoNcATqO06Q7T3HIbzqyrsVZ/T35ccRCbcKiG
5iv3tcjwS2bo/2XJ1qPLB+Op22jhHk1vzK4tVReD2QQoVG34XxH/RFAXo4Vp0poN
LDEduvZbLLFLZKadw1vNfI+xMyZ8EPxGvtH2ngZRMw7Npjygi21WsS8U4Y/9Sym8
EkbtW2kNzFkVEPSzx0zsh8Nhol1sZknaMLOYWBS2NUI3aCc=
-----END CERTIFICATE-----