Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa
File:                     39312e3233312e3132362e302f32342d3234203d3e2035363530.roa (raw, json)
Hash identifier:          it6kdqtvQIR1fmnyxGg95/2ozlg9ybLYZncNwT8sS4M=
Subject key identifier:   ED:CE:CF:6A:68:91:4B:0C:EA:7C:18:08:04:AF:A1:EF:AE:35:88:AA
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       79662B2A2785A99B46C7A68F279A57EE5AB6BAF7
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa
Signing time:             Fri 23 May 2025 12:37:22 +0000
ROA not before:           Fri 23 May 2025 12:32:22 +0000
ROA not after:            Fri 22 May 2026 12:37:22 +0000
asID:                     5650
IP address blocks:        91.231.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 02:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:66:2b:2a:27:85:a9:9b:46:c7:a6:8f:27:9a:57:ee:5a:b6:ba:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: May 23 12:32:22 2025 GMT
            Not After : May 22 12:37:22 2026 GMT
        Subject: CN=EDCECF6A68914B0CEA7C180804AFA1EFAE3588AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d7:11:fb:4f:af:93:14:2a:bd:89:e1:0d:e2:
                    3d:28:d3:67:5f:31:84:b8:96:e4:8b:a3:e0:eb:49:
                    d6:64:ed:73:d8:01:af:e6:5e:4b:4d:11:22:9d:4f:
                    94:c0:51:5f:6d:1f:cc:9b:b3:2d:57:57:a6:7f:c4:
                    b2:b5:16:ea:62:7b:5e:4f:af:5d:a0:e1:47:a7:77:
                    59:f8:fe:ca:2a:53:ed:93:20:22:84:bf:fc:e8:1b:
                    13:e5:2b:be:a9:5b:ec:87:c8:94:02:27:ad:57:1c:
                    15:60:1f:94:36:7d:ad:bd:d3:de:31:cc:62:02:ff:
                    03:e2:01:ac:29:61:4e:2e:fa:7c:c4:0d:f6:4c:f1:
                    e1:fd:a4:0e:14:2a:5a:e0:35:e0:f0:38:cb:df:b1:
                    23:b8:36:bc:7c:3b:64:23:fb:a8:3e:4c:27:d4:da:
                    22:c5:2d:5f:23:a6:45:5b:6a:c6:e4:2e:ac:c2:ad:
                    55:5d:78:6b:99:93:2a:ae:e0:fb:17:ec:63:c0:6f:
                    3c:4a:55:a6:e2:cb:f8:26:ef:9a:84:22:4b:9b:d1:
                    fb:33:de:cb:0f:38:db:65:60:0e:87:86:91:ce:ca:
                    88:1a:fc:15:11:f1:17:45:fa:19:a6:f1:f3:29:79:
                    62:e9:eb:8c:1f:4d:3b:b8:1e:42:d7:5b:24:5e:dd:
                    ba:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:CE:CF:6A:68:91:4B:0C:EA:7C:18:08:04:AF:A1:EF:AE:35:88:AA
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:60:80:3c:ad:52:2d:8a:14:57:a7:37:ba:ef:cf:10:c4:e5:
         a5:fd:4d:0b:88:8b:99:9e:fe:57:7e:51:08:00:16:3c:24:eb:
         9e:d8:86:8c:67:ac:45:aa:e4:7f:9c:06:6d:b9:7f:93:d7:75:
         39:90:8f:93:60:96:7e:d0:e6:5e:58:84:f5:ca:cd:98:0a:b1:
         67:1a:5c:58:cf:55:64:a7:f3:d6:e0:2d:76:24:ee:5b:a2:4a:
         c1:6d:d8:38:9a:71:a7:49:2b:01:74:4a:84:8c:27:1f:60:13:
         de:81:df:5a:01:4c:36:80:e2:df:2b:18:dc:51:76:a4:6e:10:
         7f:ed:30:d6:2d:3d:32:21:d3:14:89:54:23:35:94:2a:8d:7b:
         65:e6:8d:38:4c:cf:4a:24:5b:42:64:1a:e3:7e:4e:e4:d4:b0:
         65:72:4f:18:97:a7:03:47:db:3b:d0:c0:e5:11:68:19:d4:09:
         05:ba:e3:19:b3:0f:94:13:d7:9b:0a:ad:8a:62:80:38:a6:a6:
         f9:d0:89:e6:65:09:31:a1:dc:67:65:13:c2:51:b8:1c:e8:41:
         d0:65:61:ae:97:79:d0:27:ed:17:9c:4b:47:c8:c6:07:b0:bd:
         bc:d3:22:34:8c:a7:cf:0e:0b:b5:1c:a5:89:48:b4:d8:b5:98:
         15:19:75:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeWYrKieFqZtGx6aPJ5pX7lq2uvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNTA1MjMxMjMyMjJaFw0yNjA1MjIxMjM3MjJaMDMxMTAvBgNV
BAMTKEVEQ0VDRjZBNjg5MTRCMENFQTdDMTgwODA0QUZBMUVGQUUzNTg4QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe1xH7T6+TFCq9ieEN4j0o02df
MYS4luSLo+DrSdZk7XPYAa/mXktNESKdT5TAUV9tH8ybsy1XV6Z/xLK1Fupie15P
r12g4Uend1n4/soqU+2TICKEv/zoGxPlK76pW+yHyJQCJ61XHBVgH5Q2fa29094x
zGIC/wPiAawpYU4u+nzEDfZM8eH9pA4UKlrgNeDwOMvfsSO4Nrx8O2Qj+6g+TCfU
2iLFLV8jpkVbasbkLqzCrVVdeGuZkyqu4PsX7GPAbzxKVabiy/gm75qEIkub0fsz
3ssPONtlYA6HhpHOyoga/BUR8RdF+hmm8fMpeWLp64wfTTu4HkLXWyRe3bpRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7c7PamiRSwzqfBgIBK+h7641iKowHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzkzMTJlMzIzMzMxMmUzMTMy
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvn
fjANBgkqhkiG9w0BAQsFAAOCAQEAHWCAPK1SLYoUV6c3uu/PEMTlpf1NC4iLmZ7+
V35RCAAWPCTrntiGjGesRarkf5wGbbl/k9d1OZCPk2CWftDmXliE9crNmAqxZxpc
WM9VZKfz1uAtdiTuW6JKwW3YOJpxp0krAXRKhIwnH2AT3oHfWgFMNoDi3ysY3FF2
pG4Qf+0w1i09MiHTFIlUIzWUKo17ZeaNOEzPSiRbQmQa435O5NSwZXJPGJenA0fb
O9DA5RFoGdQJBbrjGbMPlBPXmwqtimKAOKam+dCJ5mUJMaHcZ2UTwlG4HOhB0GVh
rpd50CftF5xLR8jGB7C9vNMiNIynzw4LtRyliUi02LWYFRl1bw==
-----END CERTIFICATE-----