Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa
File:                     3231322e322e3233392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          eNAVzwMCeewTwuyQhFgO71z2K+Ot8c12vSF4r204UcM=
Subject key identifier:   31:24:F2:85:C9:37:E6:CF:FA:E8:C7:BF:95:B5:6F:78:7D:05:C8:E7
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       7CF6AFF275CE8F94A35F784BC2EDB1B0279306EC
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 06 Mar 2025 11:53:56 +0000
ROA not before:           Thu 06 Mar 2025 11:48:56 +0000
ROA not after:            Thu 05 Mar 2026 11:53:56 +0000
asID:                     61317
IP address blocks:        212.2.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f6:af:f2:75:ce:8f:94:a3:5f:78:4b:c2:ed:b1:b0:27:93:06:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:56 2025 GMT
            Not After : Mar  5 11:53:56 2026 GMT
        Subject: CN=3124F285C937E6CFFAE8C7BF95B56F787D05C8E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b6:75:7c:67:18:d1:0f:6f:a1:f4:a5:14:10:
                    13:cd:8a:7b:5f:b5:fe:bc:b7:f3:fd:0a:1f:a6:35:
                    9a:9f:88:5c:92:71:b3:db:9a:bc:d5:76:e6:f4:8f:
                    fd:74:dd:56:65:04:93:9a:d5:4b:1f:46:24:25:59:
                    13:29:96:6b:0c:f2:de:c2:3d:c2:7c:c3:ca:3d:3b:
                    ba:83:36:d2:cd:de:9f:f4:bb:cf:81:f3:9e:cc:27:
                    33:96:5b:f0:82:fc:03:4e:ca:21:3d:52:39:6b:7e:
                    90:c1:31:09:39:a4:f5:8a:d9:c4:ca:1f:20:23:fd:
                    83:de:99:a4:79:db:c1:c3:a2:f8:2e:3f:73:2f:d5:
                    2e:2a:87:04:e2:ed:da:de:89:fe:40:c8:38:a6:d3:
                    3f:01:79:20:7a:80:a6:cc:36:d5:a2:fc:60:c4:23:
                    8d:86:e4:c9:0f:1e:13:26:93:e9:f9:e0:8e:45:8b:
                    8e:15:e7:f1:71:07:f2:13:e0:b1:24:81:09:9d:69:
                    bf:f3:63:27:bf:3e:b3:dd:81:fc:52:90:7e:e8:b2:
                    d6:a9:2d:ef:f4:78:e8:6a:59:91:d7:89:46:9d:13:
                    52:4c:dd:c0:35:f9:50:aa:44:bd:cb:30:f2:d7:a3:
                    15:5f:4d:bc:cf:fe:49:24:33:a3:ba:ac:4d:ad:6b:
                    68:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:24:F2:85:C9:37:E6:CF:FA:E8:C7:BF:95:B5:6F:78:7D:05:C8:E7
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ab:0d:e2:b0:62:49:bd:e2:1b:fb:7f:0b:44:19:46:af:37:
         fb:68:c8:76:22:6b:62:45:f2:95:4c:8a:78:23:67:43:c7:1f:
         64:75:b1:12:23:b8:71:4c:5c:59:02:c1:43:70:ef:cc:2d:81:
         30:05:e1:98:a7:ce:af:ad:5a:58:ab:1a:19:19:06:61:de:3e:
         cc:49:e6:b6:0b:f0:39:ab:32:1b:13:ab:82:75:88:81:3b:bc:
         79:01:4f:87:ed:b6:f0:22:b0:69:97:a4:ec:8a:b9:2c:91:7a:
         ca:d2:65:11:88:b4:77:5e:19:dd:8d:8e:54:f6:cf:67:22:36:
         58:03:a1:f9:1b:6e:cc:a1:8e:0a:67:e0:74:99:54:6e:f6:a0:
         5e:76:51:2e:6c:fd:9c:56:31:9a:89:34:ec:bf:95:e1:8a:e0:
         a0:9b:20:94:04:8a:5e:24:d3:ad:45:91:64:04:84:d8:69:1f:
         c5:56:87:c9:af:29:69:64:48:b0:42:79:53:4d:9e:c8:83:c3:
         22:cc:b0:c1:de:06:09:9b:2c:48:a1:8c:87:5f:2a:5c:fd:46:
         b5:75:fe:8d:a8:2a:a2:15:82:7c:8b:ea:d4:8b:21:3e:ea:bd:
         c6:ee:92:58:83:c4:b8:5c:1a:b8:6d:26:a6:dc:29:b7:49:fb:
         80:f0:3b:4e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfPav8nXOj5SjX3hLwu2xsCeTBuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTZaFw0yNjAzMDUxMTUzNTZaMDMxMTAvBgNV
BAMTKDMxMjRGMjg1QzkzN0U2Q0ZGQUU4QzdCRjk1QjU2Rjc4N0QwNUM4RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDntnV8ZxjRD2+h9KUUEBPNintf
tf68t/P9Ch+mNZqfiFyScbPbmrzVdub0j/103VZlBJOa1UsfRiQlWRMplmsM8t7C
PcJ8w8o9O7qDNtLN3p/0u8+B857MJzOWW/CC/ANOyiE9UjlrfpDBMQk5pPWK2cTK
HyAj/YPemaR528HDovguP3Mv1S4qhwTi7dreif5AyDim0z8BeSB6gKbMNtWi/GDE
I42G5MkPHhMmk+n54I5Fi44V5/FxB/IT4LEkgQmdab/zYye/PrPdgfxSkH7ostap
Le/0eOhqWZHXiUadE1JM3cA1+VCqRL3LMPLXoxVfTbzP/kkkM6O6rE2ta2h7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMSTyhck35s/66Me/lbVveH0FyOcwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7zANBgkqhkiG9w0BAQsFAAOCAQEATqsN4rBiSb3iG/t/C0QZRq83+2jIdiJrYkXy
lUyKeCNnQ8cfZHWxEiO4cUxcWQLBQ3DvzC2BMAXhmKfOr61aWKsaGRkGYd4+zEnm
tgvwOasyGxOrgnWIgTu8eQFPh+228CKwaZek7Iq5LJF6ytJlEYi0d14Z3Y2OVPbP
ZyI2WAOh+RtuzKGOCmfgdJlUbvagXnZRLmz9nFYxmok07L+V4YrgoJsglASKXiTT
rUWRZASE2GkfxVaHya8paWRIsEJ5U02eyIPDIsywwd4GCZssSKGMh18qXP1GtXX+
jagqohWCfIvq1IshPuq9xu6SWIPEuFwauG0mptwpt0n7gPA7Tg==
-----END CERTIFICATE-----