Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa
File:                     39332e39322e32312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          fW+zXQmtdqPL01ivRHM0ry5dwDotUJmdzQHE3ZemyUE=
Subject key identifier:   3F:52:30:26:F2:31:7C:67:C0:33:46:7B:A6:66:13:BA:08:6C:3E:22
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       379850CE8E49F0DEA52A907CB1BBA5F22DA031EB
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 01 Apr 2025 11:54:00 +0000
ROA not before:           Tue 01 Apr 2025 11:49:00 +0000
ROA not after:            Tue 31 Mar 2026 11:54:00 +0000
asID:                     61317
IP address blocks:        93.92.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 06:09:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:98:50:ce:8e:49:f0:de:a5:2a:90:7c:b1:bb:a5:f2:2d:a0:31:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Apr  1 11:49:00 2025 GMT
            Not After : Mar 31 11:54:00 2026 GMT
        Subject: CN=3F523026F2317C67C033467BA66613BA086C3E22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:31:ce:3c:e1:66:2a:85:b5:a7:44:d7:d0:
                    b9:db:68:aa:26:2f:42:f8:9c:93:0f:1f:df:66:5d:
                    1f:5c:75:50:28:58:e2:9e:5f:73:cc:5e:27:ea:b1:
                    85:14:66:5b:4a:bf:b9:ed:dc:5c:8a:3e:e5:2f:52:
                    31:c9:52:02:83:9e:ed:6b:cc:cd:37:45:75:bd:0c:
                    3f:34:4d:81:ca:75:7a:24:1f:12:40:b9:82:5f:b5:
                    32:86:96:c3:1a:c6:80:59:33:f4:21:4b:b8:7b:ee:
                    7e:3e:29:53:9e:39:2a:dd:9c:86:93:35:e7:97:e4:
                    71:ed:31:e8:8f:7d:fa:d1:3b:a8:af:c2:55:a0:40:
                    e6:e3:fe:74:cb:d5:83:c5:17:29:ed:7f:5d:71:99:
                    81:52:26:33:5a:4d:af:6f:de:53:a9:ce:0c:33:24:
                    7d:67:b5:49:04:1b:df:46:9b:44:21:6d:74:d5:e9:
                    15:e5:19:65:0d:db:5f:f6:6f:65:35:ba:b4:cb:bb:
                    78:d5:97:7c:d4:16:a0:eb:8d:be:bd:49:66:b7:8c:
                    68:54:d7:fa:82:66:f0:ac:e5:95:6a:d1:ca:27:3f:
                    9d:84:cb:84:bf:79:36:1f:82:3b:f9:4d:c7:2b:df:
                    56:2c:64:17:8f:56:c7:a5:e0:39:2f:9b:31:f2:42:
                    a3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:52:30:26:F2:31:7C:67:C0:33:46:7B:A6:66:13:BA:08:6C:3E:22
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:85:c3:fb:be:4c:4b:9e:e6:0f:8d:81:7c:ff:aa:a5:c2:fd:
         e5:64:5b:b4:54:4c:c8:3c:0d:3e:aa:5e:22:03:ea:83:33:ed:
         f0:d2:9d:3b:8d:0d:c9:ae:a0:a9:12:5c:4d:ff:89:95:2b:d5:
         55:1d:8d:f1:f6:33:75:25:f6:9a:77:86:32:2b:23:f2:9b:52:
         07:49:01:b4:ce:4c:97:07:ed:d9:53:1d:5f:88:fd:9a:18:2b:
         9c:a2:28:2f:3f:d1:4f:02:58:5b:d8:90:d4:6b:cd:eb:68:e9:
         4d:2a:d8:b4:45:ee:af:88:51:6a:22:a1:af:0f:1a:dc:82:d5:
         02:74:c6:e0:c6:74:6d:b7:b9:fe:d2:ac:71:f2:4f:4e:9e:f8:
         12:ab:e6:9a:49:b8:cb:50:14:ea:95:91:77:0a:1e:25:f0:f1:
         3d:c5:3b:f4:c8:8b:64:0c:87:05:07:8c:28:34:73:79:3e:68:
         ae:1f:80:93:6f:cb:6a:a7:92:20:82:02:f1:fa:2c:0a:0b:cf:
         75:84:a7:51:e1:f5:bd:25:e3:04:56:2d:d0:ee:36:d8:90:81:
         84:4b:c8:d2:fe:c4:3d:c0:18:6d:34:5e:08:dd:1e:71:82:d9:
         0a:4b:13:09:ff:33:56:d7:e5:bc:8a:42:61:aa:bd:c1:0a:f7:
         fc:5b:24:4e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN5hQzo5J8N6lKpB8sbul8i2gMeswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA0MDExMTQ5MDBaFw0yNjAzMzExMTU0MDBaMDMxMTAvBgNV
BAMTKDNGNTIzMDI2RjIzMTdDNjdDMDMzNDY3QkE2NjYxM0JBMDg2QzNFMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNTHOPOFmKoW1p0TX0LnbaKom
L0L4nJMPH99mXR9cdVAoWOKeX3PMXifqsYUUZltKv7nt3FyKPuUvUjHJUgKDnu1r
zM03RXW9DD80TYHKdXokHxJAuYJftTKGlsMaxoBZM/QhS7h77n4+KVOeOSrdnIaT
NeeX5HHtMeiPffrRO6ivwlWgQObj/nTL1YPFFyntf11xmYFSJjNaTa9v3lOpzgwz
JH1ntUkEG99Gm0QhbXTV6RXlGWUN21/2b2U1urTLu3jVl3zUFqDrjb69SWa3jGhU
1/qCZvCs5ZVq0conP52Ey4S/eTYfgjv5Tccr31YsZBePVsel4DkvmzHyQqNlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUP1IwJvIxfGfAM0Z7pmYTughsPiIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdXBUw
DQYJKoZIhvcNAQELBQADggEBAFGFw/u+TEue5g+NgXz/qqXC/eVkW7RUTMg8DT6q
XiID6oMz7fDSnTuNDcmuoKkSXE3/iZUr1VUdjfH2M3Ul9pp3hjIrI/KbUgdJAbTO
TJcH7dlTHV+I/ZoYK5yiKC8/0U8CWFvYkNRrzeto6U0q2LRF7q+IUWoioa8PGtyC
1QJ0xuDGdG23uf7SrHHyT06e+BKr5ppJuMtQFOqVkXcKHiXw8T3FO/TIi2QMhwUH
jCg0c3k+aK4fgJNvy2qnkiCCAvH6LAoLz3WEp1Hh9b0l4wRWLdDuNtiQgYRLyNL+
xD3AGG00XgjdHnGC2QpLEwn/M1bX5byKQmGqvcEK9/xbJE4=
-----END CERTIFICATE-----