Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e342e302f32342d3234203d3e203231383539.roa
File:                     3139332e3234362e342e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          iisXo7tt/EOoR40Zq4dWFrL4aQJ5N/mysm6fOdjl4Ag=
Subject key identifier:   34:21:05:CA:61:DC:C3:C2:69:62:68:A2:34:54:68:87:44:6B:B4:B1
Certificate issuer:       /CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
Certificate serial:       031205DD30F46A2B48390EF0F434CEAAAD40D19A
Authority key identifier: C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e342e302f32342d3234203d3e203231383539.roa
Signing time:             Wed 26 Jun 2024 06:53:11 +0000
ROA not before:           Wed 26 Jun 2024 06:48:11 +0000
ROA not after:            Wed 25 Jun 2025 06:53:11 +0000
asID:                     21859
IP address blocks:        193.246.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:12:05:dd:30:f4:6a:2b:48:39:0e:f0:f4:34:ce:aa:ad:40:d1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c79d02c618861ad45baf78ce39023cbcb494a7bf
        Validity
            Not Before: Jun 26 06:48:11 2024 GMT
            Not After : Jun 25 06:53:11 2025 GMT
        Subject: CN=342105CA61DCC3C2696268A234546887446BB4B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:62:80:a2:c3:d0:25:d1:a1:d6:61:94:82:12:
                    55:3f:c5:02:4a:ba:ef:d2:76:86:4b:e2:18:81:bd:
                    33:06:bc:81:97:41:7f:75:57:49:b1:4d:38:7a:d8:
                    1f:a5:4c:de:63:2e:25:a4:83:e5:ad:0b:02:3b:bf:
                    8f:10:8c:f4:66:7d:65:e4:e9:fe:68:c1:22:4a:1c:
                    91:9d:3b:af:d8:70:80:b8:99:98:2e:c6:5e:97:db:
                    4e:2d:b7:ab:32:3a:dc:e6:9b:f7:04:65:9b:74:77:
                    ec:96:97:c8:ee:95:3c:1f:6d:0c:a6:e7:7c:85:bf:
                    91:2b:42:c5:ae:69:d4:74:67:ab:10:c4:4e:38:34:
                    02:c8:73:33:38:77:b1:3a:e3:96:2c:d0:3f:f1:12:
                    7d:eb:62:fe:5b:c4:e5:c5:9b:fa:bf:f4:7f:26:cd:
                    6f:5b:60:3e:af:11:98:83:ff:66:16:89:93:53:8e:
                    c2:17:b4:60:19:d7:8f:06:7e:55:b3:14:32:4c:4b:
                    6f:d8:25:86:42:c8:a5:d3:d4:da:ef:6e:b5:c0:7f:
                    dd:a5:f5:a2:8b:39:42:e7:7e:06:4d:f9:31:96:ea:
                    64:95:2e:97:cf:64:cb:d9:c3:a0:ea:bd:4b:db:9b:
                    25:6e:7d:ad:88:40:31:0e:f1:c0:e1:79:08:69:da:
                    cf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:21:05:CA:61:DC:C3:C2:69:62:68:A2:34:54:68:87:44:6B:B4:B1
            X509v3 Authority Key Identifier:
                keyid:C7:9D:02:C6:18:86:1A:D4:5B:AF:78:CE:39:02:3C:BC:B4:94:A7:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/C79D02C618861AD45BAF78CE39023CBCB494A7BF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x50CxhiGGtRbr3jOOQI8vLSUp78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d90a935a-a74d-4b98-9430-bc7ae5c24f28/0/3139332e3234362e342e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:69:59:64:fe:50:67:9b:d4:cb:f0:b8:2b:1d:7f:18:6a:a5:
         85:a4:7e:b8:3a:cb:bd:f1:f3:88:02:15:d6:02:77:f0:4d:1a:
         20:da:77:36:ad:53:e1:34:0a:83:30:7e:80:cf:ad:01:12:34:
         90:75:e2:b5:d4:ab:a0:e0:c0:ed:03:b9:0c:50:b8:bc:18:85:
         66:e0:15:48:21:b2:c3:c9:8f:8b:83:aa:ae:cb:01:ce:fc:43:
         a3:54:25:34:a8:de:11:0d:ef:0c:36:ac:93:64:bd:1a:63:2f:
         c3:1f:55:6a:fb:54:d8:1f:c4:93:9c:c7:18:34:38:00:0c:0f:
         cf:66:04:8e:c7:57:70:44:a4:7f:c7:9f:36:54:61:e3:94:a2:
         e0:34:01:73:d9:1c:b2:a1:73:8b:12:23:b7:31:18:49:4b:27:
         28:67:1c:c9:90:03:61:84:39:a8:c5:eb:80:f0:14:54:fb:e4:
         d0:2c:78:66:cd:22:b7:52:85:79:b6:10:f1:a1:cd:5c:6b:5d:
         4d:83:d2:d6:90:7d:70:2a:02:25:fa:89:45:0b:21:98:bd:28:
         d5:0c:a3:9e:9c:a5:fe:51:25:72:37:36:e2:72:a6:fb:a1:ba:
         a8:fc:08:3e:b7:73:ad:9a:86:a5:a7:99:90:65:c4:05:c7:dd:
         8a:db:7e:5d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAxIF3TD0aitIOQ7w9DTOqq1A0ZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc5ZDAyYzYxODg2MWFkNDViYWY3OGNlMzkwMjNjYmNi
NDk0YTdiZjAeFw0yNDA2MjYwNjQ4MTFaFw0yNTA2MjUwNjUzMTFaMDMxMTAvBgNV
BAMTKDM0MjEwNUNBNjFEQ0MzQzI2OTYyNjhBMjM0NTQ2ODg3NDQ2QkI0QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBYoCiw9Al0aHWYZSCElU/xQJK
uu/SdoZL4hiBvTMGvIGXQX91V0mxTTh62B+lTN5jLiWkg+WtCwI7v48QjPRmfWXk
6f5owSJKHJGdO6/YcIC4mZguxl6X204tt6syOtzmm/cEZZt0d+yWl8julTwfbQym
53yFv5ErQsWuadR0Z6sQxE44NALIczM4d7E645Ys0D/xEn3rYv5bxOXFm/q/9H8m
zW9bYD6vEZiD/2YWiZNTjsIXtGAZ148GflWzFDJMS2/YJYZCyKXT1NrvbrXAf92l
9aKLOULnfgZN+TGW6mSVLpfPZMvZw6DqvUvbmyVufa2IQDEO8cDheQhp2s/RAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNCEFymHcw8JpYmiiNFRoh0RrtLEwHwYDVR0j
BBgwFoAUx50CxhiGGtRbr3jOOQI8vLSUp78wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEtYTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0
ZjI4LzAvQzc5RDAyQzYxODg2MUFENDVCQUY3OENFMzkwMjNDQkNCNDk0QTdCRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3g1MEN4aGlHR3RSYnIzak9PUUk4dkxT
VXA3OC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDkwYTkzNWEt
YTc0ZC00Yjk4LTk0MzAtYmM3YWU1YzI0ZjI4LzAvMzEzOTMzMmUzMjM0MzYyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMH2
BDANBgkqhkiG9w0BAQsFAAOCAQEAMWlZZP5QZ5vUy/C4Kx1/GGqlhaR+uDrLvfHz
iAIV1gJ38E0aINp3Nq1T4TQKgzB+gM+tARI0kHXitdSroODA7QO5DFC4vBiFZuAV
SCGyw8mPi4OqrssBzvxDo1QlNKjeEQ3vDDask2S9GmMvwx9VavtU2B/Ek5zHGDQ4
AAwPz2YEjsdXcESkf8efNlRh45Si4DQBc9kcsqFzixIjtzEYSUsnKGccyZADYYQ5
qMXrgPAUVPvk0Cx4Zs0it1KFebYQ8aHNXGtdTYPS1pB9cCoCJfqJRQshmL0o1Qyj
npyl/lElcjc24nKm+6G6qPwIPrdzrZqGpaeZkGXEBcfditt+XQ==
-----END CERTIFICATE-----