Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e392e302f32342d3234203d3e203339333638.roa
File:                     3139332e33392e392e302f32342d3234203d3e203339333638.roa (raw, json)
Hash identifier:          07Nz120HmVW7g6Xyh9RZUWBndg1bsAhVxB7Z1kIQ1Fs=
Subject key identifier:   04:1B:8E:64:21:8D:4A:24:34:1D:8C:C4:E3:A6:C7:6B:BC:9D:67:59
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       04D40AA31883A784F1DC1EB3A264CE7D6B63EC66
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e392e302f32342d3234203d3e203339333638.roa
Signing time:             Wed 21 Feb 2024 19:05:13 +0000
ROA not before:           Wed 21 Feb 2024 19:00:13 +0000
ROA not after:            Wed 19 Feb 2025 19:05:13 +0000
asID:                     39368
IP address blocks:        193.39.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d4:0a:a3:18:83:a7:84:f1:dc:1e:b3:a2:64:ce:7d:6b:63:ec:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:13 2024 GMT
            Not After : Feb 19 19:05:13 2025 GMT
        Subject: CN=041B8E64218D4A24341D8CC4E3A6C76BBC9D6759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a8:b3:17:d3:5a:9d:b6:67:8a:f4:df:44:b0:
                    c5:25:30:06:e3:ed:5d:8b:00:4b:c2:cb:66:a5:49:
                    30:b6:0b:5f:d0:87:eb:04:9b:53:ca:32:7a:15:32:
                    ef:bc:6d:79:2b:2f:27:d8:5f:a5:85:cc:b8:f4:1b:
                    98:4d:a7:bb:e7:ab:63:7a:fb:b7:81:af:a8:c8:04:
                    c8:be:04:94:eb:6f:6e:ee:23:bf:87:55:bd:e7:21:
                    1d:ac:41:1b:fa:70:68:49:7e:17:6a:c0:00:cd:12:
                    bc:0c:4c:b2:5d:26:e9:eb:62:a1:0e:9e:c0:2d:ba:
                    76:04:6e:c9:85:41:93:c7:75:e3:65:30:2e:b8:ef:
                    5d:3f:8f:a5:ac:d2:66:af:40:14:a1:d1:ca:7a:2d:
                    6d:ab:aa:c4:df:2a:31:9a:e4:56:5b:8c:1a:fc:86:
                    55:bb:9d:75:6f:97:81:92:7a:31:0b:1d:a3:6e:75:
                    c2:7b:75:c4:5b:e4:57:eb:bd:2b:98:a0:8a:53:db:
                    bc:c4:c2:d3:43:eb:24:46:cf:f4:6d:c0:e1:4a:b9:
                    23:81:c6:f0:6f:f4:51:c5:eb:46:cd:f8:49:bf:c4:
                    19:cc:96:de:5f:d0:3a:6f:dc:33:d3:af:10:5d:cc:
                    14:33:51:d3:f7:66:5c:0f:61:8f:00:6d:31:5c:40:
                    15:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1B:8E:64:21:8D:4A:24:34:1D:8C:C4:E3:A6:C7:6B:BC:9D:67:59
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e392e302f32342d3234203d3e203339333638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:e6:e9:46:82:39:0e:ec:bf:07:86:13:88:ca:5b:fe:3f:2b:
         86:b1:f8:a1:e7:ea:a0:9a:01:00:59:0f:a8:4e:38:cb:d2:36:
         03:fd:d6:2d:47:a1:11:53:94:dc:63:2a:d5:a3:01:a7:40:ac:
         2e:cb:b8:ec:51:7f:e9:d5:2a:cb:11:4f:89:68:55:ca:59:25:
         63:fc:d0:93:e6:2a:02:8d:c8:ee:55:3a:41:69:76:cc:5c:dc:
         97:3f:95:09:6f:3a:9b:8e:28:01:8b:93:07:b9:84:47:23:91:
         0c:1f:4c:db:bf:3d:57:16:7d:4f:cb:0e:02:52:66:46:32:fc:
         d0:8f:01:fc:30:f3:3c:7a:8c:f2:2c:13:46:18:62:ae:b7:e0:
         ac:c3:7e:6e:df:16:d7:c8:5b:1f:53:a5:f7:35:17:28:af:81:
         1a:cf:88:37:fe:d2:10:fd:30:c8:62:cd:c1:fd:54:52:f7:6a:
         83:14:4d:ed:d3:3b:c1:ea:42:4c:2d:5e:98:cc:a3:39:c3:1d:
         94:90:bb:fe:be:c5:04:14:a2:67:91:d3:4d:83:06:45:ba:d2:
         ff:ec:ab:c5:0e:89:0d:5a:c6:d9:92:80:2f:14:ab:84:cf:d4:
         5d:c6:13:eb:c7:61:50:e2:cb:17:88:9a:b7:dc:5f:28:d5:2a:
         a0:86:55:dd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBNQKoxiDp4Tx3B6zomTOfWtj7GYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTNaFw0yNTAyMTkxOTA1MTNaMDMxMTAvBgNV
BAMTKDA0MUI4RTY0MjE4RDRBMjQzNDFEOENDNEUzQTZDNzZCQkM5RDY3NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLqLMX01qdtmeK9N9EsMUlMAbj
7V2LAEvCy2alSTC2C1/Qh+sEm1PKMnoVMu+8bXkrLyfYX6WFzLj0G5hNp7vnq2N6
+7eBr6jIBMi+BJTrb27uI7+HVb3nIR2sQRv6cGhJfhdqwADNErwMTLJdJunrYqEO
nsAtunYEbsmFQZPHdeNlMC64710/j6Ws0mavQBSh0cp6LW2rqsTfKjGa5FZbjBr8
hlW7nXVvl4GSejELHaNudcJ7dcRb5FfrvSuYoIpT27zEwtND6yRGz/RtwOFKuSOB
xvBv9FHF60bN+Em/xBnMlt5f0Dpv3DPTrxBdzBQzUdP3ZlwPYY8AbTFcQBWFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBBuOZCGNSiQ0HYzE46bHa7ydZ1kwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzMzM5MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzMzM2Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBJwkw
DQYJKoZIhvcNAQELBQADggEBALHm6UaCOQ7svweGE4jKW/4/K4ax+KHn6qCaAQBZ
D6hOOMvSNgP91i1HoRFTlNxjKtWjAadArC7LuOxRf+nVKssRT4loVcpZJWP80JPm
KgKNyO5VOkFpdsxc3Jc/lQlvOpuOKAGLkwe5hEcjkQwfTNu/PVcWfU/LDgJSZkYy
/NCPAfww8zx6jPIsE0YYYq634KzDfm7fFtfIWx9Tpfc1FyivgRrPiDf+0hD9MMhi
zcH9VFL3aoMUTe3TO8HqQkwtXpjMoznDHZSQu/6+xQQUomeR002DBkW60v/sq8UO
iQ1axtmSgC8Uq4TP1F3GE+vHYVDiyxeImrfcXyjVKqCGVd0=
-----END CERTIFICATE-----