Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e20313335343032.roa
File:                     38392e3130372e392e302f32342d3234203d3e20313335343032.roa (raw, json)
Hash identifier:          CF1o19b2G6YoxRL+aWvNU/mAV5Rfml4vxNpjr2wCa6Y=
Subject key identifier:   37:EF:C7:D0:B7:08:B0:93:9B:34:7A:5A:5C:01:6D:A0:24:07:98:FA
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       32CFCFB9906BE29192B262D83315D07662615B20
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e20313335343032.roa
Signing time:             Mon 03 Mar 2025 03:49:21 +0000
ROA not before:           Mon 03 Mar 2025 03:44:21 +0000
ROA not after:            Mon 02 Mar 2026 03:49:21 +0000
asID:                     135402
IP address blocks:        89.107.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:48:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:cf:cf:b9:90:6b:e2:91:92:b2:62:d8:33:15:d0:76:62:61:5b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Mar  3 03:44:21 2025 GMT
            Not After : Mar  2 03:49:21 2026 GMT
        Subject: CN=37EFC7D0B708B0939B347A5A5C016DA0240798FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8c:fb:c5:87:76:4b:fe:b7:8f:a5:39:88:0f:
                    79:3f:21:66:8a:a9:68:45:45:92:0b:f4:74:35:d4:
                    3e:f5:67:70:e2:4b:a1:3c:6d:5d:21:e4:39:9b:ff:
                    36:65:49:f0:f7:f8:da:f2:50:bd:f4:35:02:c0:b8:
                    2d:47:95:59:c4:26:ba:9f:d7:89:19:23:38:44:9c:
                    ea:1f:9a:de:37:db:bc:b0:92:2a:33:d8:43:ae:ac:
                    38:e9:6b:4e:bb:3a:bf:7f:11:32:95:f2:0e:6b:88:
                    c1:42:3a:bd:67:e7:21:fd:9a:ef:b9:9e:ef:b4:90:
                    fe:ea:ae:da:d8:d0:ec:96:f6:f7:39:24:24:3d:d7:
                    5e:95:90:5e:94:7a:70:60:17:bb:cc:17:1a:24:81:
                    d8:b0:44:d4:b9:2f:51:c0:e4:ec:3d:dc:f7:3e:a3:
                    06:f5:00:5f:b1:4d:eb:11:48:72:54:1a:50:d6:99:
                    a4:7f:70:cd:a5:89:c4:0b:3f:a9:a3:a2:30:81:0b:
                    f7:62:1a:c7:b0:97:3f:49:e9:d8:b3:a2:40:be:7c:
                    e4:a8:83:a1:7c:0d:36:fb:1c:06:7d:72:d1:ad:80:
                    8b:15:a6:36:f0:17:85:9c:4f:7c:cf:ad:b5:f6:d1:
                    06:55:42:24:5b:31:17:f4:6b:26:8e:31:5e:aa:3f:
                    80:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EF:C7:D0:B7:08:B0:93:9B:34:7A:5A:5C:01:6D:A0:24:07:98:FA
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e20313335343032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a0:36:50:66:d3:1b:3c:fb:c0:cf:c4:29:7d:50:af:4f:27:
         0f:4a:00:75:d7:59:8d:b4:ac:56:15:44:0a:d1:5d:42:ca:86:
         6b:5d:37:1e:be:3e:96:0c:9c:2a:0e:e6:10:f5:e4:ad:14:d9:
         a9:6f:f8:fa:c4:cb:29:a5:b6:b3:04:41:4e:00:89:e4:10:41:
         89:c6:da:33:f3:42:78:25:c9:1e:15:84:1b:2a:04:7a:1e:ee:
         4d:3f:75:1c:64:86:3f:f2:74:81:7e:b2:6b:19:b1:40:dd:0c:
         8c:f0:9b:5e:54:fd:95:77:11:6f:cb:e5:88:31:fa:b9:c4:b6:
         b6:01:56:9f:99:ea:05:85:c7:c1:98:a2:aa:72:a7:f3:ca:b3:
         16:1a:62:f3:61:4c:63:5b:c3:89:ec:c3:d7:10:f8:66:1c:eb:
         12:6d:48:7b:18:14:32:21:ef:f1:75:3d:7c:a7:ff:48:ad:3d:
         1b:65:f7:ae:22:2f:41:68:cb:e9:7b:b9:48:ff:75:03:74:51:
         51:92:db:2c:df:55:58:01:17:6a:ae:25:ac:f9:72:5d:6f:2a:
         b4:7b:1c:d8:86:65:24:80:0f:02:ea:44:a9:66:00:17:e4:f2:
         a0:f3:0b:0e:cc:2e:a2:76:2b:fe:73:0c:32:5a:a9:b7:2f:bd:
         f0:7a:af:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMs/PuZBr4pGSsmLYMxXQdmJhWyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTAzMDMwMzQ0MjFaFw0yNjAzMDIwMzQ5MjFaMDMxMTAvBgNV
BAMTKDM3RUZDN0QwQjcwOEIwOTM5QjM0N0E1QTVDMDE2REEwMjQwNzk4RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbjPvFh3ZL/rePpTmID3k/IWaK
qWhFRZIL9HQ11D71Z3DiS6E8bV0h5Dmb/zZlSfD3+NryUL30NQLAuC1HlVnEJrqf
14kZIzhEnOofmt4327ywkioz2EOurDjpa067Or9/ETKV8g5riMFCOr1n5yH9mu+5
nu+0kP7qrtrY0OyW9vc5JCQ9116VkF6UenBgF7vMFxokgdiwRNS5L1HA5Ow93Pc+
owb1AF+xTesRSHJUGlDWmaR/cM2licQLP6mjojCBC/diGsewlz9J6dizokC+fOSo
g6F8DTb7HAZ9ctGtgIsVpjbwF4WcT3zPrbX20QZVQiRbMRf0ayaOMV6qP4AZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN+/H0LcIsJObNHpaXAFtoCQHmPowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzgzOTJlMzEzMDM3MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNTM0MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFlr
CTANBgkqhkiG9w0BAQsFAAOCAQEAYKA2UGbTGzz7wM/EKX1Qr08nD0oAdddZjbSs
VhVECtFdQsqGa103Hr4+lgycKg7mEPXkrRTZqW/4+sTLKaW2swRBTgCJ5BBBicba
M/NCeCXJHhWEGyoEeh7uTT91HGSGP/J0gX6yaxmxQN0MjPCbXlT9lXcRb8vliDH6
ucS2tgFWn5nqBYXHwZiiqnKn88qzFhpi82FMY1vDiezD1xD4ZhzrEm1IexgUMiHv
8XU9fKf/SK09G2X3riIvQWjL6Xu5SP91A3RRUZLbLN9VWAEXaq4lrPlyXW8qtHsc
2IZlJIAPAupEqWYAF+TyoPMLDswuonYr/nMMMlqpty+98HqvSQ==
-----END CERTIFICATE-----