Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/39322e3131392e31322e302f32322d3232203d3e203632333837.roa
File:                     39322e3131392e31322e302f32322d3232203d3e203632333837.roa (raw, json)
Hash identifier:          kNzMCVZ7lMmghucnUg3L175ht/j6ZP6kdDr3HRBSsGc=
Subject key identifier:   3D:CA:51:AB:2F:2D:13:CE:B8:76:10:3B:F7:C8:D8:46:D7:01:08:5D
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       05D1BAEA81280A018CB93B98C8D7BF0E6C2F116E
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/39322e3131392e31322e302f32322d3232203d3e203632333837.roa
Signing time:             Mon 12 Aug 2024 17:05:19 +0000
ROA not before:           Mon 12 Aug 2024 17:00:19 +0000
ROA not after:            Mon 11 Aug 2025 17:05:19 +0000
asID:                     62387
IP address blocks:        92.119.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:d1:ba:ea:81:28:0a:01:8c:b9:3b:98:c8:d7:bf:0e:6c:2f:11:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Aug 12 17:00:19 2024 GMT
            Not After : Aug 11 17:05:19 2025 GMT
        Subject: CN=3DCA51AB2F2D13CEB876103BF7C8D846D701085D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ae:b0:13:bb:82:42:fb:9a:ea:86:e8:6d:62:
                    d4:57:f6:c7:66:bd:70:2d:97:1a:9a:74:25:9f:bf:
                    94:cc:de:e3:cc:90:15:b8:a2:81:ec:ce:25:12:d5:
                    79:c4:28:ca:ba:4b:18:e7:68:11:08:68:09:ea:d9:
                    d7:50:cc:89:95:91:23:0b:9c:42:02:28:27:63:4f:
                    59:c8:82:c4:fe:f3:23:4f:5f:46:56:6f:53:9f:e1:
                    9f:0d:06:d4:78:87:42:14:b3:37:86:3f:1a:46:31:
                    af:be:99:ff:35:61:e5:2e:4c:67:c4:22:e1:34:20:
                    ce:42:ac:50:14:51:32:9f:ba:3f:e1:85:2d:de:25:
                    ad:47:4a:25:12:39:3b:f7:fb:2d:8e:a8:31:9a:42:
                    0e:f3:90:24:45:4f:97:4b:80:78:69:45:4c:d5:64:
                    55:97:5b:6b:48:93:32:a7:19:90:e7:32:be:85:a7:
                    86:69:f9:e4:55:6a:5c:a0:df:ff:c1:0c:08:94:4e:
                    5f:83:95:e2:3b:31:fb:2b:9c:27:1e:f3:ff:76:ff:
                    ba:b0:b9:8e:2b:fb:a0:cd:61:f8:ab:e1:04:b9:eb:
                    d5:71:4f:a2:dc:6f:a3:7b:6c:68:25:7c:da:78:40:
                    09:fc:b2:2d:18:99:dc:e4:6d:e0:b2:74:8b:a6:c1:
                    91:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:CA:51:AB:2F:2D:13:CE:B8:76:10:3B:F7:C8:D8:46:D7:01:08:5D
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/39322e3131392e31322e302f32322d3232203d3e203632333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:42:9c:46:f4:04:02:fd:b9:7b:ca:af:92:9e:f2:c4:25:2c:
         50:16:85:1c:84:1f:44:d8:43:f5:b0:e7:32:9c:1c:98:cf:be:
         26:d6:0f:03:6c:50:c4:bf:95:c4:26:46:75:a0:33:1c:0d:77:
         57:2b:0e:36:52:a0:e2:ff:92:fe:c4:8b:f3:4c:bc:92:d1:e9:
         23:c1:35:e6:20:af:84:53:60:5e:f3:cf:55:4b:78:9f:c9:b9:
         b3:35:48:e0:74:35:2f:73:60:1a:b4:7c:85:e2:83:79:4b:57:
         93:66:93:67:b3:f2:b0:f1:a9:b4:db:73:dd:ef:f1:8e:14:36:
         8f:84:71:df:e0:05:f0:ae:f2:ed:38:53:a8:c7:0f:1e:54:d8:
         9c:64:94:8f:77:47:d4:c4:31:0f:9e:17:1e:ec:69:6b:41:27:
         2b:a7:ee:c1:be:5d:86:7d:34:33:77:7a:a0:7c:58:06:5e:50:
         be:5a:46:c0:d0:fa:df:74:48:49:0e:98:35:ee:39:64:96:50:
         d8:27:4b:cd:80:a7:e2:e3:2c:77:70:7e:b9:2e:4e:44:dd:38:
         b7:52:3a:66:bf:f9:db:76:d8:45:34:aa:ca:a3:04:b7:4f:ef:
         b1:6d:72:2b:79:f1:dd:c0:4d:90:79:fc:2b:b6:fc:df:38:5e:
         60:d9:af:03
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBdG66oEoCgGMuTuYyNe/DmwvEW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA4MTIxNzAwMTlaFw0yNTA4MTExNzA1MTlaMDMxMTAvBgNV
BAMTKDNEQ0E1MUFCMkYyRDEzQ0VCODc2MTAzQkY3QzhEODQ2RDcwMTA4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWrrATu4JC+5rqhuhtYtRX9sdm
vXAtlxqadCWfv5TM3uPMkBW4ooHsziUS1XnEKMq6SxjnaBEIaAnq2ddQzImVkSML
nEICKCdjT1nIgsT+8yNPX0ZWb1Of4Z8NBtR4h0IUszeGPxpGMa++mf81YeUuTGfE
IuE0IM5CrFAUUTKfuj/hhS3eJa1HSiUSOTv3+y2OqDGaQg7zkCRFT5dLgHhpRUzV
ZFWXW2tIkzKnGZDnMr6Fp4Zp+eRValyg3//BDAiUTl+DleI7MfsrnCce8/92/7qw
uY4r+6DNYfir4QS569VxT6Lcb6N7bGglfNp4QAn8si0YmdzkbeCydIumwZEJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPcpRqy8tE864dhA798jYRtcBCF0wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzkzMjJlMzEzMTM5MmUzMTMy
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzYzMjMzMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlx3
DDANBgkqhkiG9w0BAQsFAAOCAQEAdEKcRvQEAv25e8qvkp7yxCUsUBaFHIQfRNhD
9bDnMpwcmM++JtYPA2xQxL+VxCZGdaAzHA13VysONlKg4v+S/sSL80y8ktHpI8E1
5iCvhFNgXvPPVUt4n8m5szVI4HQ1L3NgGrR8heKDeUtXk2aTZ7PysPGptNtz3e/x
jhQ2j4Rx3+AF8K7y7ThTqMcPHlTYnGSUj3dH1MQxD54XHuxpa0EnK6fuwb5dhn00
M3d6oHxYBl5QvlpGwND633RISQ6YNe45ZJZQ2CdLzYCn4uMsd3B+uS5ORN04t1I6
Zr/523bYRTSqyqMEt0/vsW1yK3nx3cBNkHn8K7b83zheYNmvAw==
-----END CERTIFICATE-----