Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
File:                     39332e39322e32322e302f32332d3234203d3e203534333339.roa (raw, json)
Hash identifier:          MlVhq9YMUDch69apYFS1riPDRY/vCEBSVcnZ0AXUbzA=
Subject key identifier:   12:84:2B:55:29:DA:68:F1:BA:1E:5C:8B:31:24:EB:02:54:53:C6:DA
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       1997401C3CF5FEB5F3B23E7882DA0A9940365D8D
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
Signing time:             Fri 15 Nov 2024 12:43:28 +0000
ROA not before:           Fri 15 Nov 2024 12:38:28 +0000
ROA not after:            Fri 14 Nov 2025 12:43:28 +0000
asID:                     54339
IP address blocks:        93.92.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:97:40:1c:3c:f5:fe:b5:f3:b2:3e:78:82:da:0a:99:40:36:5d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Nov 15 12:38:28 2024 GMT
            Not After : Nov 14 12:43:28 2025 GMT
        Subject: CN=12842B5529DA68F1BA1E5C8B3124EB025453C6DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7f:c4:be:8e:40:d1:8f:c9:44:7f:d6:84:28:
                    a4:e5:c0:3b:65:38:f6:c8:51:ad:65:7e:30:76:a1:
                    77:a0:62:d3:93:91:5b:de:38:3b:f5:d7:fc:a3:85:
                    47:63:b0:4b:10:a1:78:12:30:ab:b4:fe:ac:75:c5:
                    d1:5b:fd:aa:e6:d6:00:af:31:c7:b0:93:5b:9d:30:
                    75:71:b4:f2:4a:3e:0a:b1:c1:78:42:ae:e7:cd:c5:
                    7d:36:ad:4c:52:32:75:fa:9b:95:9f:9e:01:fb:c0:
                    93:c9:f4:63:84:cb:7b:3b:c9:27:2a:42:b6:9e:2b:
                    f4:e4:16:cf:7a:2a:fd:ab:d6:28:80:d1:f1:36:19:
                    8e:f0:56:7a:46:e7:45:72:1b:23:92:b2:f9:29:02:
                    9c:0f:ce:4c:a4:05:53:bd:95:0b:be:7a:38:ab:c5:
                    7a:d1:21:0d:27:b0:cf:43:e9:5d:4b:fa:7f:c6:77:
                    02:dd:25:42:99:6a:56:fd:86:a4:6d:8e:d8:a0:27:
                    07:d9:48:d7:83:6a:48:be:92:06:e2:bf:4c:07:92:
                    c2:3c:53:f4:1d:50:2d:63:6b:34:55:f0:1a:89:44:
                    bc:b8:69:54:d8:71:57:b7:f2:0f:0f:b2:26:6b:cc:
                    05:97:8b:9f:1f:e3:08:8c:d4:f2:66:7d:9c:56:c0:
                    1e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:84:2B:55:29:DA:68:F1:BA:1E:5C:8B:31:24:EB:02:54:53:C6:DA
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:7c:a0:a9:f7:06:2e:29:8a:8f:d8:de:9a:75:7f:3e:86:ce:
         d2:23:16:e7:7a:9e:0d:ee:ff:eb:e6:fb:a7:9c:8e:52:fd:f4:
         f4:27:49:53:83:3f:97:bf:83:16:7f:65:bd:85:1c:39:a8:e1:
         1e:df:0c:77:79:97:96:bb:c6:01:ab:24:8b:93:eb:da:cf:92:
         58:31:50:92:c4:ac:fb:58:58:d2:db:a5:e7:b5:9d:da:82:79:
         bc:69:19:62:33:5e:3f:f2:e6:94:9c:dc:cb:08:7d:23:d2:2e:
         1c:ca:cc:48:50:87:d8:24:b7:22:fe:d3:e1:46:db:8d:f8:91:
         8d:63:d7:12:46:46:61:91:fa:a4:2f:47:6d:c5:90:76:c5:fd:
         00:3b:de:4c:80:6e:74:7c:ab:72:05:b4:9a:5b:11:cf:e5:be:
         39:5b:8c:b6:14:cb:f5:e1:a7:37:68:de:f8:da:fe:18:22:e6:
         6f:cb:ed:a6:aa:c1:03:1b:bb:3a:5d:48:e6:6c:be:02:40:39:
         c2:f4:76:03:3f:ca:91:5b:e0:04:af:17:6e:0c:16:f7:b4:48:
         b1:48:2b:0c:3e:06:40:e0:dc:a7:de:31:00:28:a9:0c:eb:cf:
         b3:03:45:1d:d5:da:27:a6:05:ea:b1:ff:7d:0e:0b:8d:b8:40:
         93:45:17:9b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGZdAHDz1/rXzsj54gtoKmUA2XY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDExMTUxMjM4MjhaFw0yNTExMTQxMjQzMjhaMDMxMTAvBgNV
BAMTKDEyODQyQjU1MjlEQTY4RjFCQTFFNUM4QjMxMjRFQjAyNTQ1M0M2REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCff8S+jkDRj8lEf9aEKKTlwDtl
OPbIUa1lfjB2oXegYtOTkVveODv11/yjhUdjsEsQoXgSMKu0/qx1xdFb/arm1gCv
Mcewk1udMHVxtPJKPgqxwXhCrufNxX02rUxSMnX6m5WfngH7wJPJ9GOEy3s7yScq
QraeK/TkFs96Kv2r1iiA0fE2GY7wVnpG50VyGyOSsvkpApwPzkykBVO9lQu+ejir
xXrRIQ0nsM9D6V1L+n/GdwLdJUKZalb9hqRtjtigJwfZSNeDaki+kgbiv0wHksI8
U/QdUC1jazRV8BqJRLy4aVTYcVe38g8PsiZrzAWXi58f4wiM1PJmfZxWwB7NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEoQrVSnaaPG6HlyLMSTrAlRTxtowHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM1MzQzMzMzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFdXBYw
DQYJKoZIhvcNAQELBQADggEBAEt8oKn3Bi4pio/Y3pp1fz6GztIjFud6ng3u/+vm
+6ecjlL99PQnSVODP5e/gxZ/Zb2FHDmo4R7fDHd5l5a7xgGrJIuT69rPklgxUJLE
rPtYWNLbpee1ndqCebxpGWIzXj/y5pSc3MsIfSPSLhzKzEhQh9gktyL+0+FG2434
kY1j1xJGRmGR+qQvR23FkHbF/QA73kyAbnR8q3IFtJpbEc/lvjlbjLYUy/Xhpzdo
3vja/hgi5m/L7aaqwQMbuzpdSOZsvgJAOcL0dgM/ypFb4ASvF24MFve0SLFIKww+
BkDg3KfeMQAoqQzrz7MDRR3V2iemBeqx/30OC424QJNFF5s=
-----END CERTIFICATE-----