Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37352e302f32342d3234203d3e203531383437.roa
File:                     3134312e39382e37352e302f32342d3234203d3e203531383437.roa (raw, json)
Hash identifier:          SIzFudp3XvUpjj3nYmtbTCuXIxat0mzi3CuOzYhC42M=
Subject key identifier:   3B:54:B2:BD:81:5D:35:F3:C6:58:6D:D2:58:A2:34:B5:15:61:AC:7A
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       4CE52ECD2B587C6689EBA6F83A40C2ADEFF6240B
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37352e302f32342d3234203d3e203531383437.roa
Signing time:             Mon 22 Apr 2024 09:34:02 +0000
ROA not before:           Mon 22 Apr 2024 09:29:02 +0000
ROA not after:            Mon 21 Apr 2025 09:34:02 +0000
asID:                     51847
IP address blocks:        141.98.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:e5:2e:cd:2b:58:7c:66:89:eb:a6:f8:3a:40:c2:ad:ef:f6:24:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 22 09:29:02 2024 GMT
            Not After : Apr 21 09:34:02 2025 GMT
        Subject: CN=3B54B2BD815D35F3C6586DD258A234B51561AC7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:23:ed:d0:e0:9e:9c:34:02:db:e1:25:c6:5f:
                    42:b9:17:53:df:03:b3:50:12:d0:12:c9:e2:5e:93:
                    d4:ef:c2:38:e7:6f:36:f5:73:0b:2f:b9:0a:77:8d:
                    5f:7a:80:e3:8a:15:24:a6:7e:54:9f:17:8b:46:2a:
                    e7:1e:76:ab:51:ac:11:22:bb:30:44:d2:02:6a:92:
                    a0:45:c5:8f:c6:d6:26:97:07:54:c6:ba:82:b0:77:
                    d1:0e:ad:49:e1:76:a2:53:b6:52:e3:15:80:53:c7:
                    d7:36:5e:c8:23:82:bd:4d:f2:9a:07:21:28:1f:3e:
                    6a:16:19:25:00:e5:2a:ec:23:12:12:d5:db:fb:f2:
                    71:90:04:34:39:ca:5c:2e:cd:51:08:1e:1b:af:bf:
                    19:4d:26:67:2d:0b:dc:a5:b3:73:ac:2a:d0:18:08:
                    5b:3f:f1:81:19:d8:6f:8c:28:4c:63:bf:fc:9b:c9:
                    08:49:b6:86:03:95:96:12:12:7b:0c:8e:bf:67:73:
                    1e:9f:cc:d7:80:50:23:8e:a6:2f:a6:6c:5f:a1:d1:
                    79:7c:28:c3:68:ee:07:b9:57:36:f2:ee:4f:24:ee:
                    f3:17:8e:7b:5b:a6:fa:94:90:e3:d0:5e:fa:ae:c3:
                    fd:23:e3:a0:71:a0:4a:c6:15:6d:e6:49:ce:5a:ab:
                    47:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:54:B2:BD:81:5D:35:F3:C6:58:6D:D2:58:A2:34:B5:15:61:AC:7A
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37352e302f32342d3234203d3e203531383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:20:ce:45:2e:2b:1f:1a:d7:a8:05:16:0c:cd:80:59:e7:50:
         d0:74:67:d7:af:cf:75:72:b4:c6:37:7b:43:d3:73:96:96:8f:
         02:70:64:2a:db:64:5f:39:e6:0f:2d:7b:81:11:e6:9e:c5:8f:
         72:fd:e8:91:f4:be:9e:38:42:38:d7:fb:69:d4:07:7c:1b:c4:
         07:3c:8c:46:f1:57:1d:45:5b:6f:b4:65:9e:34:55:98:8e:24:
         73:35:c7:d5:9d:35:dd:2a:87:cc:9b:94:54:8a:ae:40:95:fa:
         22:ad:6f:b6:b1:1e:a6:af:fc:0d:18:38:76:48:3e:86:8b:8b:
         1f:58:77:85:04:a5:45:42:2a:d3:83:ed:60:6a:17:d6:11:d1:
         06:bc:9a:cb:7e:ef:b1:8d:83:76:90:f3:bf:97:08:95:ab:88:
         0a:af:64:d5:ed:93:4b:e9:5d:bc:44:22:21:39:4f:c3:d2:64:
         a5:75:be:33:cc:6c:48:76:94:17:e2:f0:49:f5:5c:53:a6:f8:
         94:dc:85:9c:c3:27:81:40:74:dc:f6:be:0a:6a:86:c9:d5:fe:
         f1:36:de:20:e9:b3:bf:8f:bf:a1:12:70:eb:51:a3:c8:84:87:
         c5:64:fa:f1:9a:fd:0c:44:6a:f4:b1:fd:d2:1c:d5:8e:f3:66:
         4e:7a:35:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTOUuzStYfGaJ66b4OkDCre/2JAswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MjIwOTI5MDJaFw0yNTA0MjEwOTM0MDJaMDMxMTAvBgNV
BAMTKDNCNTRCMkJEODE1RDM1RjNDNjU4NkREMjU4QTIzNEI1MTU2MUFDN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeI+3Q4J6cNALb4SXGX0K5F1Pf
A7NQEtASyeJek9Tvwjjnbzb1cwsvuQp3jV96gOOKFSSmflSfF4tGKucedqtRrBEi
uzBE0gJqkqBFxY/G1iaXB1TGuoKwd9EOrUnhdqJTtlLjFYBTx9c2Xsgjgr1N8poH
ISgfPmoWGSUA5SrsIxIS1dv78nGQBDQ5ylwuzVEIHhuvvxlNJmctC9yls3OsKtAY
CFs/8YEZ2G+MKExjv/ybyQhJtoYDlZYSEnsMjr9ncx6fzNeAUCOOpi+mbF+h0Xl8
KMNo7ge5Vzby7k8k7vMXjntbpvqUkOPQXvquw/0j46BxoErGFW3mSc5aq0e5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUO1SyvYFdNfPGWG3SWKI0tRVhrHowHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzEzNDMxMmUzOTM4MmUzNzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
SzANBgkqhkiG9w0BAQsFAAOCAQEAxCDORS4rHxrXqAUWDM2AWedQ0HRn16/PdXK0
xjd7Q9NzlpaPAnBkKttkXznmDy17gRHmnsWPcv3okfS+njhCONf7adQHfBvEBzyM
RvFXHUVbb7RlnjRVmI4kczXH1Z013SqHzJuUVIquQJX6Iq1vtrEepq/8DRg4dkg+
houLH1h3hQSlRUIq04PtYGoX1hHRBryay37vsY2DdpDzv5cIlauICq9k1e2TS+ld
vEQiITlPw9JkpXW+M8xsSHaUF+LwSfVcU6b4lNyFnMMngUB03Pa+CmqGydX+8Tbe
IOmzv4+/oRJw61GjyISHxWT68Zr9DERq9LH90hzVjvNmTno18w==
-----END CERTIFICATE-----