Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233382e302f32342d3234203d3e203432383331.roa
File:                     3231322e322e3233382e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          ttuwafCCa+ztwrZDZ0nta/hJT/8v8k1iDpHgbxuaBZU=
Subject key identifier:   E1:56:AA:1A:55:44:48:8C:09:B5:02:09:CC:6C:22:67:65:B8:10:C5
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       603D7D2F028253C09EBB1AF9021B5DA2EA970094
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233382e302f32342d3234203d3e203432383331.roa
Signing time:             Thu 06 Mar 2025 11:53:56 +0000
ROA not before:           Thu 06 Mar 2025 11:48:56 +0000
ROA not after:            Thu 05 Mar 2026 11:53:56 +0000
asID:                     42831
IP address blocks:        212.2.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:3d:7d:2f:02:82:53:c0:9e:bb:1a:f9:02:1b:5d:a2:ea:97:00:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:56 2025 GMT
            Not After : Mar  5 11:53:56 2026 GMT
        Subject: CN=E156AA1A5544488C09B50209CC6C226765B810C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:31:52:98:ae:a4:1b:89:c5:e3:76:5a:3e:5c:
                    08:35:d4:e5:75:2a:ca:cb:b4:bd:54:66:d7:33:60:
                    6f:f0:42:e6:af:45:e3:bc:6d:4e:f0:97:c4:dd:d0:
                    db:ad:b8:54:84:c3:08:55:dc:da:90:27:57:57:28:
                    90:20:cb:28:c2:61:87:59:1f:f4:5e:ac:47:d9:37:
                    e3:94:43:8b:3c:f0:1d:55:6c:ac:78:1f:6b:6d:8b:
                    b5:8c:68:a1:38:0f:b9:21:f3:21:b9:d4:50:1f:37:
                    73:8e:16:8b:5d:ac:49:6a:fc:76:a4:89:91:cd:c2:
                    e3:9c:7c:8d:07:8f:54:21:fc:22:a1:52:a9:9f:1d:
                    b7:1b:47:47:71:14:8b:6a:e2:0c:8b:85:aa:51:65:
                    0e:a2:75:ba:e2:74:9d:ab:51:28:8f:0d:16:c6:a8:
                    eb:a8:15:c6:a9:ea:df:5c:a0:e4:6a:02:28:2b:f6:
                    08:04:85:18:8f:c9:30:7d:85:4f:94:a7:65:dc:fe:
                    16:22:9b:a7:48:0d:f8:6c:f9:bd:c3:20:38:a9:f2:
                    bb:71:0c:9d:93:b7:4f:84:a2:91:c1:ae:8f:68:2f:
                    a7:57:d2:c8:46:7c:0b:5a:cc:e4:00:18:ab:d5:71:
                    7e:d2:b8:e0:59:89:0b:51:0f:b5:83:eb:e3:ed:37:
                    3e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:56:AA:1A:55:44:48:8C:09:B5:02:09:CC:6C:22:67:65:B8:10:C5
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233382e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b3:80:ba:d5:d7:2c:69:3d:19:e0:f8:25:0b:9e:55:d0:d7:
         23:e6:d8:c5:31:7c:a0:96:b6:c9:09:42:fe:71:ce:82:3d:eb:
         87:e4:48:45:f0:c1:61:74:79:c5:05:93:83:5d:ca:51:0d:09:
         b5:aa:91:fb:61:8a:56:02:ee:9e:28:ef:a8:60:13:0f:91:1b:
         94:a7:73:ab:ab:b3:24:3d:02:3f:65:4c:31:22:b8:77:fc:47:
         b8:4b:62:56:5b:03:ad:f4:42:b9:56:25:c0:1e:65:e1:73:40:
         23:64:3d:c2:ff:2e:84:fc:d5:32:4f:7d:8c:f7:4b:52:6e:2c:
         6b:ea:be:4c:55:b5:9e:01:b3:a1:0b:37:db:65:c3:08:0c:b3:
         9e:53:da:b4:58:ea:35:5d:6b:4a:29:e9:8d:4b:c8:6b:38:7d:
         47:dc:35:56:f3:64:a6:02:fa:85:72:69:71:c9:f6:7a:01:0c:
         9e:10:66:f4:ff:45:fd:36:d5:0d:ec:5e:3f:ce:42:f9:4d:6c:
         98:7b:f5:b7:cc:07:d9:a5:7d:28:42:70:3a:50:71:85:b1:9c:
         12:91:93:df:1a:eb:0e:36:0a:6f:55:1c:9e:ae:1c:34:38:74:
         41:67:04:f5:4e:0e:24:d5:e2:51:75:78:8c:42:0b:f9:2d:09:
         d3:83:7c:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYD19LwKCU8Ceuxr5AhtdouqXAJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTZaFw0yNjAzMDUxMTUzNTZaMDMxMTAvBgNV
BAMTKEUxNTZBQTFBNTU0NDQ4OEMwOUI1MDIwOUNDNkMyMjY3NjVCODEwQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNMVKYrqQbicXjdlo+XAg11OV1
KsrLtL1UZtczYG/wQuavReO8bU7wl8Td0NutuFSEwwhV3NqQJ1dXKJAgyyjCYYdZ
H/RerEfZN+OUQ4s88B1VbKx4H2tti7WMaKE4D7kh8yG51FAfN3OOFotdrElq/Hak
iZHNwuOcfI0Hj1Qh/CKhUqmfHbcbR0dxFItq4gyLhapRZQ6idbridJ2rUSiPDRbG
qOuoFcap6t9coORqAigr9ggEhRiPyTB9hU+Up2Xc/hYim6dIDfhs+b3DIDip8rtx
DJ2Tt0+EopHBro9oL6dX0shGfAtazOQAGKvVcX7SuOBZiQtRD7WD6+PtNz6dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4VaqGlVESIwJtQIJzGwiZ2W4EMUwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7jANBgkqhkiG9w0BAQsFAAOCAQEAi7OAutXXLGk9GeD4JQueVdDXI+bYxTF8oJa2
yQlC/nHOgj3rh+RIRfDBYXR5xQWTg13KUQ0JtaqR+2GKVgLunijvqGATD5EblKdz
q6uzJD0CP2VMMSK4d/xHuEtiVlsDrfRCuVYlwB5l4XNAI2Q9wv8uhPzVMk99jPdL
Um4sa+q+TFW1ngGzoQs322XDCAyznlPatFjqNV1rSinpjUvIazh9R9w1VvNkpgL6
hXJpccn2egEMnhBm9P9F/TbVDexeP85C+U1smHv1t8wH2aV9KEJwOlBxhbGcEpGT
3xrrDjYKb1Ucnq4cNDh0QWcE9U4OJNXiUXV4jEIL+S0J04N8Ww==
-----END CERTIFICATE-----