Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
File:                     3231322e322e3233362e302f32342d3234203d3e203632313634.roa (raw, json)
Hash identifier:          vFrBa38OjLdBB7Kr+vGdEmJ15PlI5ZGLsK2m/+Ou9uE=
Subject key identifier:   6E:9F:99:85:00:34:F0:B0:C1:AD:30:BB:4F:A5:F9:3C:6F:FF:E6:1B
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5A84EFBDA1F1B2C59D94AA440234307604E5CE8B
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
Signing time:             Thu 06 Mar 2025 11:53:55 +0000
ROA not before:           Thu 06 Mar 2025 11:48:55 +0000
ROA not after:            Thu 05 Mar 2026 11:53:55 +0000
asID:                     62164
IP address blocks:        212.2.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:84:ef:bd:a1:f1:b2:c5:9d:94:aa:44:02:34:30:76:04:e5:ce:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:55 2025 GMT
            Not After : Mar  5 11:53:55 2026 GMT
        Subject: CN=6E9F99850034F0B0C1AD30BB4FA5F93C6FFFE61B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:0b:06:96:0b:23:e5:73:55:18:0b:32:ee:
                    7b:37:32:ba:da:e9:b3:87:59:67:9c:75:ab:e7:4c:
                    88:af:56:fd:6e:9a:0a:d5:e9:74:4c:cb:58:3f:ec:
                    ad:0f:e9:2d:3f:31:11:29:61:f8:16:f1:3f:f1:60:
                    0a:29:7b:78:a5:f4:e1:23:2f:01:7b:6a:ad:82:b9:
                    d9:12:7d:22:65:6a:12:24:28:ea:4b:77:64:33:44:
                    21:9b:ef:ca:8d:b5:4b:51:7c:48:ef:81:3f:d6:8f:
                    a6:d5:63:a4:b3:a6:26:67:50:f4:9a:ab:a0:00:43:
                    e0:40:b3:e5:b2:16:95:51:a7:2e:1d:03:29:88:78:
                    06:c3:ee:53:77:ec:ca:fc:5f:18:bb:0a:d7:b9:dd:
                    13:aa:77:b2:8d:49:a7:f9:97:98:b3:a5:a0:b7:41:
                    2d:9d:d7:57:06:81:22:2f:df:e4:02:64:ee:0d:cf:
                    b6:df:26:53:f7:b2:56:63:9b:81:86:b6:91:03:d3:
                    96:0c:85:b2:0c:a7:8f:b6:21:23:8d:ac:e8:26:9b:
                    8f:22:47:aa:85:bf:c5:27:2f:f5:4c:7b:1d:7e:e2:
                    eb:ae:27:52:d4:43:90:d6:e9:a6:d4:b1:1a:1a:ff:
                    32:36:16:f4:94:cc:5b:39:ba:47:03:ea:88:9d:9f:
                    dc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9F:99:85:00:34:F0:B0:C1:AD:30:BB:4F:A5:F9:3C:6F:FF:E6:1B
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c9:fa:a6:79:b2:f3:99:4b:b0:62:1c:c6:fa:15:10:5a:1d:
         95:2c:fe:75:aa:66:bd:36:53:ef:9e:c5:f9:5a:ab:bc:0f:b5:
         51:0b:51:8b:1a:02:ff:ca:c9:d6:47:91:cf:42:02:f5:b1:13:
         85:94:e6:99:f2:09:3b:c1:e1:96:f1:0d:84:ff:ed:85:5e:fc:
         f0:fc:d7:cb:44:d7:9b:ba:16:f5:b4:af:15:c0:33:cc:d3:e6:
         23:79:38:14:fa:a3:e4:80:a6:42:41:b4:a5:a3:52:e8:d3:9d:
         03:60:54:a6:19:d4:fb:92:c2:45:ff:18:a8:3c:1d:39:20:3e:
         99:b0:d1:93:7c:34:2e:c9:f0:76:d6:d3:11:9b:bc:c6:d3:fa:
         fc:23:c8:20:88:c5:77:72:4d:45:2b:40:0c:aa:88:62:e9:e2:
         1c:41:62:97:8f:17:02:60:99:29:33:3b:c1:f3:c1:b3:d6:d1:
         37:36:cc:87:02:cd:80:76:4d:c1:12:dc:27:54:71:86:fd:39:
         25:61:dc:66:7c:75:d3:0b:86:22:75:19:d8:7a:dd:47:c8:2a:
         bf:fa:2d:a2:23:09:e6:0c:70:4e:46:77:39:b0:31:81:87:53:
         e8:ba:86:49:9a:40:ac:64:f9:27:43:79:75:02:5c:22:e3:42:
         93:70:47:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWoTvvaHxssWdlKpEAjQwdgTlzoswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTVaFw0yNjAzMDUxMTUzNTVaMDMxMTAvBgNV
BAMTKDZFOUY5OTg1MDAzNEYwQjBDMUFEMzBCQjRGQTVGOTNDNkZGRkU2MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbpgsGlgsj5XNVGAsy7ns3Mrra
6bOHWWecdavnTIivVv1umgrV6XRMy1g/7K0P6S0/MREpYfgW8T/xYAope3il9OEj
LwF7aq2CudkSfSJlahIkKOpLd2QzRCGb78qNtUtRfEjvgT/Wj6bVY6SzpiZnUPSa
q6AAQ+BAs+WyFpVRpy4dAymIeAbD7lN37Mr8Xxi7Cte53ROqd7KNSaf5l5izpaC3
QS2d11cGgSIv3+QCZO4Nz7bfJlP3slZjm4GGtpED05YMhbIMp4+2ISONrOgmm48i
R6qFv8UnL/VMex1+4uuuJ1LUQ5DW6abUsRoa/zI2FvSUzFs5ukcD6oidn9wDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbp+ZhQA08LDBrTC7T6X5PG//5hswHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMxMzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7DANBgkqhkiG9w0BAQsFAAOCAQEAUsn6pnmy85lLsGIcxvoVEFodlSz+dapmvTZT
757F+VqrvA+1UQtRixoC/8rJ1keRz0IC9bEThZTmmfIJO8HhlvENhP/thV788PzX
y0TXm7oW9bSvFcAzzNPmI3k4FPqj5ICmQkG0paNS6NOdA2BUphnU+5LCRf8YqDwd
OSA+mbDRk3w0LsnwdtbTEZu8xtP6/CPIIIjFd3JNRStADKqIYuniHEFil48XAmCZ
KTM7wfPBs9bRNzbMhwLNgHZNwRLcJ1Rxhv05JWHcZnx10wuGInUZ2HrdR8gqv/ot
oiMJ5gxwTkZ3ObAxgYdT6LqGSZpArGT5J0N5dQJcIuNCk3BHig==
-----END CERTIFICATE-----