Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20313734.roa
File:                     39322e3131342e342e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          A2kFbsOY6pTdyjjW+AJAKtcUdwWsT1hapV9RgRO8IPE=
Subject key identifier:   CF:2B:37:4A:69:2A:E4:35:29:BB:05:C3:A5:E2:E4:A6:57:72:18:EC
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       1B0AA42784F6DE3CFD9BD18B7F65E3B4121652F7
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20313734.roa
Signing time:             Sat 24 Aug 2024 17:15:02 +0000
ROA not before:           Sat 24 Aug 2024 17:10:02 +0000
ROA not after:            Sat 23 Aug 2025 17:15:02 +0000
asID:                     174
IP address blocks:        92.114.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:0a:a4:27:84:f6:de:3c:fd:9b:d1:8b:7f:65:e3:b4:12:16:52:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Aug 24 17:10:02 2024 GMT
            Not After : Aug 23 17:15:02 2025 GMT
        Subject: CN=CF2B374A692AE43529BB05C3A5E2E4A6577218EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:94:23:3c:d2:e4:8e:35:44:9b:1b:e6:62:17:
                    de:a8:70:95:31:86:c8:ee:de:70:1c:c1:04:e4:74:
                    98:d6:64:66:eb:3b:e2:3a:ea:0a:9d:46:95:e9:32:
                    e1:58:07:9f:71:c3:b3:e9:10:d4:d3:5b:4a:e9:64:
                    1a:2b:00:c5:a2:d2:c8:ea:51:12:29:f6:85:33:d6:
                    c5:73:5e:07:c0:27:b3:f6:2c:74:b2:f3:c2:56:e7:
                    b9:a0:79:8e:a4:2a:94:33:1d:7c:c4:60:0d:03:61:
                    ab:d6:29:e1:f0:4f:0c:eb:a3:2c:f0:1e:28:f7:35:
                    bc:4e:9f:97:37:7c:50:10:0e:7c:7b:24:9e:0f:6f:
                    08:a7:bf:89:b9:37:2c:5a:6d:b6:01:99:38:bb:93:
                    7d:2a:c8:fe:69:b7:6f:e2:54:fa:67:25:3b:6a:1b:
                    ff:b2:27:48:49:3b:36:84:c8:cf:e0:7c:c6:95:00:
                    6c:8c:88:c7:96:c2:94:c5:1e:43:30:57:c5:30:6d:
                    55:96:64:8a:ff:a4:29:be:48:ff:c6:ce:52:bb:48:
                    af:6e:5c:9b:3d:fc:3b:0a:8b:f7:3a:fc:53:9a:f6:
                    b0:36:90:68:58:b4:cf:bd:5a:48:31:ff:7a:56:d5:
                    4a:d3:81:00:ac:a2:bf:37:ea:ee:ae:05:64:bc:75:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2B:37:4A:69:2A:E4:35:29:BB:05:C3:A5:E2:E4:A6:57:72:18:EC
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fb:22:7f:ed:68:70:f2:d7:6e:6f:f4:71:d3:c0:a7:2f:8b:
         41:a6:78:8c:15:26:99:6e:00:a0:b0:96:37:95:b4:9d:fa:fb:
         e6:ad:b8:e8:d7:d2:b2:da:43:40:f5:f0:4d:5f:0e:9d:2c:ce:
         ea:e0:a4:87:f9:d1:04:9d:8b:cf:db:5b:fa:fc:42:44:54:ca:
         b1:45:a0:e7:aa:00:46:8f:fe:32:31:06:89:bf:a6:5e:ee:e0:
         e2:0e:04:db:af:a7:6d:b4:41:0d:77:b5:9c:8e:a8:52:96:fb:
         74:17:63:41:c8:72:9d:48:f0:e5:91:4f:c3:89:e7:cb:c0:3e:
         53:68:c6:d8:43:44:43:71:06:78:f1:02:06:88:45:53:be:5e:
         e9:fb:bf:49:83:e1:0d:e2:d5:0d:c5:86:8e:5a:77:9c:c1:8f:
         e9:10:db:33:47:0e:a0:1d:a1:0c:b3:d5:52:75:ff:32:f5:ca:
         6f:ca:00:50:f7:d1:c2:3b:fa:5f:d7:07:71:65:63:40:cd:1d:
         ef:d2:a8:a5:8c:b7:71:86:8a:ac:35:5b:eb:11:03:ba:07:50:
         9e:f6:0b:f1:eb:d7:64:9f:4e:67:fc:39:6b:19:65:7b:e6:91:
         e3:f0:2d:10:16:94:40:44:a5:d8:8e:33:bd:85:41:b8:f7:9a:
         66:f4:c3:bc
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUGwqkJ4T23jz9m9GLf2XjtBIWUvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA4MjQxNzEwMDJaFw0yNTA4MjMxNzE1MDJaMDMxMTAvBgNV
BAMTKENGMkIzNzRBNjkyQUU0MzUyOUJCMDVDM0E1RTJFNEE2NTc3MjE4RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDalCM80uSONUSbG+ZiF96ocJUx
hsju3nAcwQTkdJjWZGbrO+I66gqdRpXpMuFYB59xw7PpENTTW0rpZBorAMWi0sjq
URIp9oUz1sVzXgfAJ7P2LHSy88JW57mgeY6kKpQzHXzEYA0DYavWKeHwTwzroyzw
Hij3NbxOn5c3fFAQDnx7JJ4Pbwinv4m5NyxabbYBmTi7k30qyP5pt2/iVPpnJTtq
G/+yJ0hJOzaEyM/gfMaVAGyMiMeWwpTFHkMwV8UwbVWWZIr/pCm+SP/GzlK7SK9u
XJs9/DsKi/c6/FOa9rA2kGhYtM+9Wkgx/3pW1UrTgQCsor836u6uBWS8dcLpAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUzys3Smkq5DUpuwXDpeLkpldyGOwwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzkzMjJlMzEzMTM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzczNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFxyBDANBgkq
hkiG9w0BAQsFAAOCAQEAgPsif+1ocPLXbm/0cdPApy+LQaZ4jBUmmW4AoLCWN5W0
nfr75q246NfSstpDQPXwTV8OnSzO6uCkh/nRBJ2Lz9tb+vxCRFTKsUWg56oARo/+
MjEGib+mXu7g4g4E26+nbbRBDXe1nI6oUpb7dBdjQchynUjw5ZFPw4nny8A+U2jG
2ENEQ3EGePECBohFU75e6fu/SYPhDeLVDcWGjlp3nMGP6RDbM0cOoB2hDLPVUnX/
MvXKb8oAUPfRwjv6X9cHcWVjQM0d79KopYy3cYaKrDVb6xEDugdQnvYL8evXZJ9O
Z/w5axlle+aR4/AtEBaUQESl2I4zvYVBuPeaZvTDvA==
-----END CERTIFICATE-----