Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e203330303538.roa
File:                     39322e3131342e342e302f32342d3234203d3e203330303538.roa (raw, json)
Hash identifier:          fpkQJHoh+5eGD4YhqTbGnhA/Eh6W+iP8en+Rs9hMXxI=
Subject key identifier:   9F:A7:F0:79:20:4B:53:95:23:87:C2:D8:37:D6:92:F8:26:0A:39:1D
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       43D51C4FC8BDAF0AD19486C3249406D7302DF8F1
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e203330303538.roa
Signing time:             Sat 12 Oct 2024 12:26:06 +0000
ROA not before:           Sat 12 Oct 2024 12:21:06 +0000
ROA not after:            Sat 11 Oct 2025 12:26:06 +0000
asID:                     30058
IP address blocks:        92.114.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d5:1c:4f:c8:bd:af:0a:d1:94:86:c3:24:94:06:d7:30:2d:f8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Oct 12 12:21:06 2024 GMT
            Not After : Oct 11 12:26:06 2025 GMT
        Subject: CN=9FA7F079204B53952387C2D837D692F8260A391D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:93:98:a6:1c:a0:65:c8:ca:99:ff:6e:82:ef:
                    bb:e3:54:1d:4d:b5:2d:76:f6:70:9f:13:67:43:9a:
                    20:b7:5c:9c:b1:24:8e:b5:36:85:f2:d9:8c:ca:93:
                    5f:7a:f3:96:ea:f8:e4:e9:7c:45:96:9d:d3:6f:1b:
                    32:d5:94:33:fd:52:40:d7:31:47:04:29:d9:8d:52:
                    a0:64:9b:48:7d:51:45:b6:c1:64:18:9e:4a:e9:60:
                    c8:a1:45:8e:31:a9:7a:07:f7:f6:1c:ef:f2:74:0f:
                    db:b6:d4:37:1e:85:27:1c:cb:3e:48:c8:f8:f2:33:
                    3b:de:46:70:7c:00:c4:dc:c8:6c:fe:20:b4:5b:fb:
                    61:14:cb:3f:6c:7f:a0:bc:9c:24:b6:96:e1:d6:58:
                    05:e4:26:b6:a3:ee:0a:d6:a2:39:dd:4b:75:68:38:
                    c0:52:bb:1b:3b:5b:0c:73:da:7a:09:29:c4:bd:f1:
                    fe:ce:ad:c5:b2:eb:fd:a2:83:c9:7a:70:19:53:b3:
                    54:eb:71:51:cd:f5:55:3c:79:10:1a:07:ee:5b:ee:
                    37:0a:59:85:fa:d6:3b:d2:e5:01:d7:68:eb:5d:09:
                    91:33:cf:7a:c9:fc:34:1c:f3:75:ec:4b:5d:d3:ef:
                    fe:fd:95:50:00:8f:b8:b7:f3:6d:d3:d3:75:d1:15:
                    d2:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A7:F0:79:20:4B:53:95:23:87:C2:D8:37:D6:92:F8:26:0A:39:1D
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e203330303538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:ac:14:37:cd:df:4d:59:28:06:06:a5:8f:c6:f2:23:5b:d3:
         b4:0f:d8:fc:a1:ea:ff:a9:6a:b8:68:3c:fc:6e:10:b5:a8:d3:
         c5:21:f2:0e:ed:c2:b0:b7:22:f0:bd:0c:da:74:88:5c:a1:cb:
         5b:ca:a3:aa:c9:fd:4b:f5:69:78:94:c2:cf:92:f3:fb:7b:6a:
         12:70:84:1a:6c:dd:ed:00:38:63:db:07:4f:b9:26:4e:d4:99:
         30:d5:4b:21:69:f6:22:94:55:9b:a3:15:ca:eb:63:58:d0:51:
         31:2a:9f:29:c9:ac:8c:63:41:f7:30:b6:f1:76:e6:32:75:50:
         07:04:7f:26:6d:5f:88:b3:ef:db:2d:47:1a:94:37:bc:17:39:
         07:c5:18:28:79:78:7f:01:64:9a:67:23:fd:ee:64:09:3d:2e:
         a0:29:2b:ed:f6:b9:d3:8f:fc:a1:2a:09:0d:ed:c1:1c:7a:d3:
         28:b6:74:08:c4:25:40:f2:86:de:33:10:d1:0b:26:eb:de:66:
         c4:79:02:4b:ba:95:d4:cd:2d:e7:db:5d:f9:f8:57:ed:7d:0c:
         13:53:ed:b9:ee:66:7b:99:c6:17:f4:07:36:24:00:c3:12:74:
         be:7e:aa:aa:c1:07:2e:8a:a1:3f:d2:83:40:92:9a:c6:7d:7c:
         66:50:3d:a8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQ9UcT8i9rwrRlIbDJJQG1zAt+PEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDEwMTIxMjIxMDZaFw0yNTEwMTExMjI2MDZaMDMxMTAvBgNV
BAMTKDlGQTdGMDc5MjA0QjUzOTUyMzg3QzJEODM3RDY5MkY4MjYwQTM5MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZk5imHKBlyMqZ/26C77vjVB1N
tS129nCfE2dDmiC3XJyxJI61NoXy2YzKk19685bq+OTpfEWWndNvGzLVlDP9UkDX
MUcEKdmNUqBkm0h9UUW2wWQYnkrpYMihRY4xqXoH9/Yc7/J0D9u21DcehSccyz5I
yPjyMzveRnB8AMTcyGz+ILRb+2EUyz9sf6C8nCS2luHWWAXkJraj7grWojndS3Vo
OMBSuxs7Wwxz2noJKcS98f7OrcWy6/2ig8l6cBlTs1TrcVHN9VU8eRAaB+5b7jcK
WYX61jvS5QHXaOtdCZEzz3rJ/DQc83XsS13T7/79lVAAj7i3823T03XRFdJRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUn6fweSBLU5Ujh8LYN9aS+CYKOR0wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzkzMjJlMzEzMTM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzAzMDM1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABccgQw
DQYJKoZIhvcNAQELBQADggEBANCsFDfN301ZKAYGpY/G8iNb07QP2Pyh6v+parho
PPxuELWo08Uh8g7twrC3IvC9DNp0iFyhy1vKo6rJ/Uv1aXiUws+S8/t7ahJwhBps
3e0AOGPbB0+5Jk7UmTDVSyFp9iKUVZujFcrrY1jQUTEqnynJrIxjQfcwtvF25jJ1
UAcEfyZtX4iz79stRxqUN7wXOQfFGCh5eH8BZJpnI/3uZAk9LqApK+32udOP/KEq
CQ3twRx60yi2dAjEJUDyht4zENELJuveZsR5Aku6ldTNLefbXfn4V+19DBNT7bnu
ZnuZxhf0BzYkAMMSdL5+qqrBBy6KoT/Sg0CSmsZ9fGZQPag=
-----END CERTIFICATE-----