Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
File:                     38372e3131382e36342e302f31382d3234203d3e203331313033.roa (raw, json)
Hash identifier:          Vr1aZgrxZrL0gy9JKVhX4vaGHNcaYEStTY8aIce9nqQ=
Subject key identifier:   F7:70:1B:A9:32:59:42:B1:89:52:51:C5:29:AB:02:69:A3:68:40:34
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       2DF10D5642C71BB1F6C417E28F292A03BF1791FA
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
Signing time:             Fri 31 May 2024 13:49:24 +0000
ROA not before:           Fri 31 May 2024 13:44:24 +0000
ROA not after:            Fri 30 May 2025 13:49:24 +0000
asID:                     31103
IP address blocks:        87.118.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:f1:0d:56:42:c7:1b:b1:f6:c4:17:e2:8f:29:2a:03:bf:17:91:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: May 31 13:44:24 2024 GMT
            Not After : May 30 13:49:24 2025 GMT
        Subject: CN=F7701BA9325942B1895251C529AB0269A3684034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:df:bc:94:85:8d:a3:11:3e:93:77:90:89:a8:
                    ec:a1:42:9a:b2:4b:44:5e:d2:5c:cc:16:82:96:f9:
                    bd:23:be:67:91:a1:1b:0f:3c:85:f4:36:7d:71:80:
                    c1:5f:cb:45:4c:60:d3:98:ba:ac:6f:b4:b2:e4:f5:
                    da:4c:0c:50:76:ef:80:fd:9d:cf:67:8e:31:7c:5f:
                    52:bf:fa:fb:78:33:b1:91:cd:2b:57:c2:77:50:fa:
                    79:f2:18:a6:9e:f7:92:e2:ef:5a:f9:f4:16:2d:21:
                    df:c3:0e:74:bd:8d:fb:e2:70:89:61:64:55:34:4c:
                    02:49:99:f8:17:cb:2d:71:95:73:ed:2c:d1:4e:fd:
                    2c:40:cd:11:a0:59:e0:7a:a0:22:44:f5:22:9c:ec:
                    3f:ef:ca:91:b7:6e:87:c4:05:4a:04:a2:41:4b:25:
                    89:d6:fa:47:f0:7c:89:a4:49:11:f5:b9:62:a9:4f:
                    3c:2b:7f:43:60:f7:0a:ff:d6:f4:a0:9d:d3:f3:a4:
                    82:0c:79:44:23:e5:ef:f3:eb:f5:0e:60:31:e7:e6:
                    33:42:f6:b2:20:ac:7d:0d:54:c5:57:db:17:fa:e6:
                    dc:7d:93:ab:66:c0:d5:0d:3e:46:71:9e:a3:2c:bd:
                    c9:70:c8:3b:1b:6c:8b:a2:b7:3b:a1:50:26:8a:a6:
                    38:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:70:1B:A9:32:59:42:B1:89:52:51:C5:29:AB:02:69:A3:68:40:34
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.118.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8e:70:8a:43:d1:b5:a7:29:ad:b1:56:37:8e:6a:c3:7d:6d:53:
         8c:55:de:f8:38:f3:25:a3:07:14:27:98:41:89:a5:ef:f2:00:
         55:1f:64:71:27:64:f9:7c:a1:21:93:ac:15:5d:68:31:f2:aa:
         6f:b4:a3:d5:1b:5f:89:79:89:5d:8d:6c:68:10:b5:8d:d0:a4:
         52:bb:0a:e2:1e:15:f3:7d:03:67:41:17:a4:45:2b:c7:cf:9e:
         3a:33:44:8f:73:68:b3:7a:75:54:79:d6:57:26:d8:28:92:68:
         f7:ed:7b:b6:c8:35:88:a3:9c:fc:f8:3d:24:6f:a0:17:1c:73:
         47:71:93:86:ef:2e:f2:05:b5:a0:79:9a:df:7b:ea:79:43:64:
         c9:aa:77:20:a7:54:67:8a:62:8f:4c:65:82:3e:d3:77:5f:df:
         8a:87:07:b3:8c:66:23:9c:22:b1:7f:9b:23:33:2a:55:22:6b:
         fe:ad:47:de:bb:64:18:38:04:a4:49:a0:49:f5:58:1f:21:73:
         67:a4:ac:54:24:12:97:3e:7a:57:d3:26:1f:3a:05:6d:d0:50:
         c5:d9:06:f4:2d:00:29:4f:25:9c:3a:b6:ce:6b:a6:94:e4:f8:
         9e:c7:6d:8d:3a:fe:5b:6b:62:55:d3:cf:3e:1f:49:4e:18:2e:
         90:46:12:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULfENVkLHG7H2xBfijykqA78XkfowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNDA1MzExMzQ0MjRaFw0yNTA1MzAxMzQ5MjRaMDMxMTAvBgNV
BAMTKEY3NzAxQkE5MzI1OTQyQjE4OTUyNTFDNTI5QUIwMjY5QTM2ODQwMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr37yUhY2jET6Td5CJqOyhQpqy
S0Re0lzMFoKW+b0jvmeRoRsPPIX0Nn1xgMFfy0VMYNOYuqxvtLLk9dpMDFB274D9
nc9njjF8X1K/+vt4M7GRzStXwndQ+nnyGKae95Li71r59BYtId/DDnS9jfvicIlh
ZFU0TAJJmfgXyy1xlXPtLNFO/SxAzRGgWeB6oCJE9SKc7D/vypG3bofEBUoEokFL
JYnW+kfwfImkSRH1uWKpTzwrf0Ng9wr/1vSgndPzpIIMeUQj5e/z6/UOYDHn5jNC
9rIgrH0NVMVX2xf65tx9k6tmwNUNPkZxnqMsvclwyDsbbIuitzuhUCaKpji5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU93AbqTJZQrGJUlHFKasCaaNoQDQwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzgzNzJlMzEzMTM4MmUzNjM0
MmUzMDJmMzEzODJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBld2
QDANBgkqhkiG9w0BAQsFAAOCAQEAjnCKQ9G1pymtsVY3jmrDfW1TjFXe+DjzJaMH
FCeYQYml7/IAVR9kcSdk+XyhIZOsFV1oMfKqb7Sj1RtfiXmJXY1saBC1jdCkUrsK
4h4V830DZ0EXpEUrx8+eOjNEj3Nos3p1VHnWVybYKJJo9+17tsg1iKOc/Pg9JG+g
FxxzR3GThu8u8gW1oHma33vqeUNkyap3IKdUZ4pij0xlgj7Td1/fiocHs4xmI5wi
sX+bIzMqVSJr/q1H3rtkGDgEpEmgSfVYHyFzZ6SsVCQSlz56V9MmHzoFbdBQxdkG
9C0AKU8lnDq2zmumlOT4nsdtjTr+W2tiVdPPPh9JThgukEYSBg==
-----END CERTIFICATE-----