Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
File:                     39332e39322e32322e302f32332d3234203d3e203534333339.roa (raw, json)
Hash identifier:          UmTKWU8Rjfv1oqZAY+cQX/Xz6npt/6m3VOBsULJ1aQE=
Subject key identifier:   B9:0E:79:F1:90:A9:28:AF:12:3D:C9:E0:B5:0D:30:7E:4C:DD:E9:96
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       7960E95F55D0334DC37460D53E6930F302E84788
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa
Signing time:             Fri 15 Dec 2023 12:08:01 +0000
ROA not before:           Fri 15 Dec 2023 12:03:01 +0000
ROA not after:            Fri 13 Dec 2024 12:08:01 +0000
asID:                     54339
IP address blocks:        93.92.22.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:60:e9:5f:55:d0:33:4d:c3:74:60:d5:3e:69:30:f3:02:e8:47:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Dec 15 12:03:01 2023 GMT
            Not After : Dec 13 12:08:01 2024 GMT
        Subject: CN=B90E79F190A928AF123DC9E0B50D307E4CDDE996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c7:06:68:85:1b:97:54:d1:b2:e9:ca:4f:cb:
                    4c:80:0f:e1:99:8d:81:15:e9:ae:2b:36:c6:22:50:
                    f9:63:1c:45:ee:87:db:9e:a1:b2:a4:2c:0e:2b:35:
                    27:21:6b:b7:e9:0e:f1:7a:93:da:d6:69:b2:a7:9b:
                    54:d0:8d:2a:1b:65:5a:e7:91:90:6e:0d:78:0c:fe:
                    b5:00:db:8a:44:d5:7e:cc:d7:65:dd:e6:03:fa:5d:
                    55:73:2b:62:84:24:b1:37:02:7c:2b:cf:04:1d:fc:
                    8f:3f:b7:40:83:54:db:df:90:f3:e9:e3:91:6e:08:
                    c5:17:7f:5e:e8:1d:a9:fa:04:a0:2f:39:ec:03:2d:
                    d3:fd:7d:05:d4:c9:e3:1a:a7:2e:ae:88:29:7f:5d:
                    be:ea:18:fb:03:2f:3a:e2:0c:48:7d:6b:c0:28:c1:
                    c6:2f:ed:42:80:d9:17:ee:3b:03:f6:b6:93:02:7e:
                    52:6c:6d:f2:58:e5:56:31:69:c1:0a:2b:74:ab:a2:
                    af:67:e6:09:83:a3:ce:e8:d1:d4:5a:3a:97:c0:35:
                    82:d0:fe:d6:bd:6a:5e:b4:99:e3:c1:bc:69:b9:1e:
                    74:70:50:43:f6:18:20:2f:10:e1:aa:fe:01:1e:0a:
                    59:3f:87:44:1b:48:e0:aa:66:28:a1:35:fc:a1:0b:
                    34:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:0E:79:F1:90:A9:28:AF:12:3D:C9:E0:B5:0D:30:7E:4C:DD:E9:96
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e203534333339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:e1:e8:1f:fb:de:39:c1:7f:72:bf:24:e3:2d:29:f4:d9:f6:
         20:f1:a8:f6:ee:8e:e3:cf:3e:fb:cd:a5:99:74:dd:ff:ac:01:
         af:2b:17:46:42:40:cc:65:5e:90:2d:15:12:05:e2:c5:e3:03:
         05:7f:14:b8:b2:15:ec:ba:d0:0f:27:17:e3:52:b1:26:f1:0b:
         f9:cb:01:8b:ea:e0:b1:b2:b8:2e:7c:83:83:32:f9:53:3c:a8:
         38:91:d9:65:b8:2e:4e:13:2b:83:97:2c:d4:30:64:0f:81:ba:
         aa:f3:e8:fb:d1:36:b3:93:5a:17:20:0c:ae:d3:f1:2b:db:ab:
         5b:30:79:0c:ad:dc:0e:01:ac:73:b5:34:32:de:ca:6d:e1:6f:
         47:f3:71:04:e8:81:12:29:c1:12:cd:70:5b:22:7b:bf:f9:b5:
         05:9d:8d:db:70:77:8a:8c:a2:51:91:22:c8:68:b4:fc:c6:d5:
         2a:46:8d:25:09:3e:a5:cc:a2:fd:64:c8:e9:f8:e3:55:de:ef:
         e9:5f:51:8e:19:42:06:01:e0:03:28:2b:6a:8d:27:81:33:97:
         62:e6:20:05:6a:48:b3:75:fa:ca:e4:5e:01:49:ea:1a:9a:8a:
         f1:56:13:48:f7:fd:14:71:98:30:10:b3:4a:de:07:64:8f:f8:
         46:d6:f5:c8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeWDpX1XQM03DdGDVPmkw8wLoR4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzEyMTUxMjAzMDFaFw0yNDEyMTMxMjA4MDFaMDMxMTAvBgNV
BAMTKEI5MEU3OUYxOTBBOTI4QUYxMjNEQzlFMEI1MEQzMDdFNENEREU5OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHxwZohRuXVNGy6cpPy0yAD+GZ
jYEV6a4rNsYiUPljHEXuh9ueobKkLA4rNScha7fpDvF6k9rWabKnm1TQjSobZVrn
kZBuDXgM/rUA24pE1X7M12Xd5gP6XVVzK2KEJLE3AnwrzwQd/I8/t0CDVNvfkPPp
45FuCMUXf17oHan6BKAvOewDLdP9fQXUyeMapy6uiCl/Xb7qGPsDLzriDEh9a8Ao
wcYv7UKA2RfuOwP2tpMCflJsbfJY5VYxacEKK3Sroq9n5gmDo87o0dRaOpfANYLQ
/ta9al60mePBvGm5HnRwUEP2GCAvEOGq/gEeClk/h0QbSOCqZiihNfyhCzQNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuQ558ZCpKK8SPcngtQ0wfkzd6ZYwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM1MzQzMzMzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFdXBYw
DQYJKoZIhvcNAQELBQADggEBAArh6B/73jnBf3K/JOMtKfTZ9iDxqPbujuPPPvvN
pZl03f+sAa8rF0ZCQMxlXpAtFRIF4sXjAwV/FLiyFey60A8nF+NSsSbxC/nLAYvq
4LGyuC58g4My+VM8qDiR2WW4Lk4TK4OXLNQwZA+Buqrz6PvRNrOTWhcgDK7T8Svb
q1sweQyt3A4BrHO1NDLeym3hb0fzcQTogRIpwRLNcFsie7/5tQWdjdtwd4qMolGR
IshotPzG1SpGjSUJPqXMov1kyOn441Xe7+lfUY4ZQgYB4AMoK2qNJ4Ezl2LmIAVq
SLN1+srkXgFJ6hqaivFWE0j3/RRxmDAQs0reB2SP+EbW9cg=
-----END CERTIFICATE-----