Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa
File:                     38392e3130372e392e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          oTEHHdlTSy91uMRkmt3c1nHCzBIf1Hthtpz/nE54xxo=
Subject key identifier:   CE:6F:30:59:21:6C:26:F0:13:DB:0F:1C:99:63:05:AE:4F:F9:DE:B5
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       55CE21CECFA23BD49164366FE2BC922E9D783B46
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa
Signing time:             Tue 27 Aug 2024 02:05:19 +0000
ROA not before:           Tue 27 Aug 2024 02:00:19 +0000
ROA not after:            Tue 26 Aug 2025 02:05:19 +0000
asID:                     20473
IP address blocks:        89.107.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:ce:21:ce:cf:a2:3b:d4:91:64:36:6f:e2:bc:92:2e:9d:78:3b:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Aug 27 02:00:19 2024 GMT
            Not After : Aug 26 02:05:19 2025 GMT
        Subject: CN=CE6F3059216C26F013DB0F1C996305AE4FF9DEB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5a:34:65:8a:0c:fe:fa:16:d5:02:87:c0:f9:
                    a7:aa:86:61:56:f5:83:bd:43:9f:f4:a8:45:f7:b4:
                    ea:9a:ce:ea:fc:26:82:23:35:c0:ca:6c:33:c1:ab:
                    42:a5:d8:ad:a0:40:b0:8c:1b:ce:e2:f1:3c:93:77:
                    d9:93:49:2f:08:30:59:20:af:69:4f:58:12:0a:ce:
                    41:fa:26:20:c2:fc:a8:f0:cb:ea:28:47:64:7c:79:
                    ab:e9:33:b3:7e:9d:ec:35:55:84:d1:ca:f8:00:bd:
                    6f:5e:9e:64:db:2c:84:0c:57:e5:fc:12:73:a2:3b:
                    f5:dd:8b:98:cc:e8:4a:2b:b2:e1:36:05:e3:63:16:
                    1d:79:cc:4f:46:bb:60:87:13:d4:eb:cd:b2:a0:0e:
                    c2:03:b2:65:52:7c:f4:a3:5f:ba:80:7a:59:94:69:
                    7e:d6:b4:cc:6d:a8:f8:25:a8:90:91:90:c2:80:61:
                    dc:7b:b3:d5:b7:08:81:5a:aa:b9:35:e7:3c:0b:74:
                    e9:ee:33:dc:9c:3c:9f:e9:50:8c:be:80:94:6f:9a:
                    e5:3e:63:c2:5f:13:ea:b7:0d:40:8b:b1:07:d7:17:
                    49:ea:47:6f:f2:92:3b:16:67:18:2d:ac:2c:23:a2:
                    6a:49:8e:9f:73:39:5e:d8:b9:33:25:be:5b:71:17:
                    d8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6F:30:59:21:6C:26:F0:13:DB:0F:1C:99:63:05:AE:4F:F9:DE:B5
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/38392e3130372e392e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:b9:84:85:46:b7:a3:12:b1:e2:70:e1:31:f2:ec:b4:f9:22:
         93:d2:03:52:c5:59:27:28:b9:b4:5e:3c:de:ec:66:a9:57:a1:
         33:7e:bd:59:1d:a9:ce:c2:21:50:f5:0a:c2:2d:03:7c:ac:ec:
         d9:0d:94:56:e4:b5:bd:b9:93:bc:1f:e6:77:16:be:17:1e:81:
         f6:85:6b:b9:aa:3c:6d:fa:9b:fb:76:e9:72:e0:3d:9d:77:a1:
         2d:ad:ff:76:25:da:7f:80:a8:3c:f8:e0:f1:11:ce:0d:76:5e:
         35:bd:06:e6:8c:88:1c:9d:5e:3c:99:db:2c:22:68:6e:45:bf:
         34:c0:03:a5:71:6e:d7:ad:d9:30:6b:b0:83:34:b5:03:b2:19:
         a1:7c:6b:62:a5:6a:ca:34:11:1f:83:ad:47:bf:30:d7:56:80:
         24:36:25:8a:9d:09:d9:bd:96:f4:87:97:40:de:bf:13:81:c1:
         a2:59:0e:90:4a:7e:c7:db:dd:c0:f6:d9:fb:d6:3c:13:d4:ce:
         38:ad:9f:ca:c9:1e:c7:da:2f:b9:04:a4:56:be:3e:c9:51:b8:
         42:0e:23:47:4c:f0:a0:29:58:49:b8:fe:2f:1e:18:90:27:cd:
         62:2b:90:d3:38:45:97:fa:a3:e7:7b:a3:61:e8:a9:15:cc:41:
         1d:ae:bf:a4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVc4hzs+iO9SRZDZv4rySLp14O0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA4MjcwMjAwMTlaFw0yNTA4MjYwMjA1MTlaMDMxMTAvBgNV
BAMTKENFNkYzMDU5MjE2QzI2RjAxM0RCMEYxQzk5NjMwNUFFNEZGOURFQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeWjRligz++hbVAofA+aeqhmFW
9YO9Q5/0qEX3tOqazur8JoIjNcDKbDPBq0Kl2K2gQLCMG87i8TyTd9mTSS8IMFkg
r2lPWBIKzkH6JiDC/Kjwy+ooR2R8eavpM7N+new1VYTRyvgAvW9enmTbLIQMV+X8
EnOiO/Xdi5jM6EorsuE2BeNjFh15zE9Gu2CHE9TrzbKgDsIDsmVSfPSjX7qAelmU
aX7WtMxtqPglqJCRkMKAYdx7s9W3CIFaqrk15zwLdOnuM9ycPJ/pUIy+gJRvmuU+
Y8JfE+q3DUCLsQfXF0nqR2/ykjsWZxgtrCwjompJjp9zOV7YuTMlvltxF9gJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUzm8wWSFsJvAT2w8cmWMFrk/53rUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzgzOTJlMzEzMDM3MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZawkw
DQYJKoZIhvcNAQELBQADggEBAMa5hIVGt6MSseJw4THy7LT5IpPSA1LFWScoubRe
PN7sZqlXoTN+vVkdqc7CIVD1CsItA3ys7NkNlFbktb25k7wf5ncWvhcegfaFa7mq
PG36m/t26XLgPZ13oS2t/3Yl2n+AqDz44PERzg12XjW9BuaMiBydXjyZ2ywiaG5F
vzTAA6Vxbtet2TBrsIM0tQOyGaF8a2Klaso0ER+DrUe/MNdWgCQ2JYqdCdm9lvSH
l0DevxOBwaJZDpBKfsfb3cD22fvWPBPUzjitn8rJHsfaL7kEpFa+PslRuEIOI0dM
8KApWEm4/i8eGJAnzWIrkNM4RZf6o+d7o2HoqRXMQR2uv6Q=
-----END CERTIFICATE-----