Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e312e302f32342d3234203d3e20313336373837.roa
File:                     39312e3133322e312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          yfBYTFsuxch+FUp2/nmHmtKm/6JvRv/1qUnBZK/Xicw=
Subject key identifier:   41:25:03:99:29:EB:09:C0:72:F6:5E:FD:95:D6:4E:39:4F:EE:63:51
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       2A0F25AB47DCF9095B82C993AF3837FD6F5A1DED
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e312e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:50 +0000
ROA not before:           Tue 13 Feb 2024 12:49:50 +0000
ROA not after:            Tue 11 Feb 2025 12:54:50 +0000
asID:                     136787
IP address blocks:        91.132.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 16:15:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:0f:25:ab:47:dc:f9:09:5b:82:c9:93:af:38:37:fd:6f:5a:1d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:50 2024 GMT
            Not After : Feb 11 12:54:50 2025 GMT
        Subject: CN=4125039929EB09C072F65EFD95D64E394FEE6351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ff:06:5c:0a:42:23:07:99:92:c5:79:f5:47:
                    b8:c4:c0:d2:22:92:90:85:4a:36:c9:9d:a3:c6:87:
                    ee:98:4a:c4:89:d4:ce:b1:25:b5:31:2d:ca:b0:87:
                    cf:45:59:0b:b5:a8:b8:ea:f2:4c:86:f8:e4:70:c2:
                    67:76:26:c7:64:d9:77:c6:3f:6f:83:d8:c5:82:3f:
                    b9:eb:36:23:f5:54:d3:47:9d:99:18:36:8a:b6:52:
                    e9:ab:fb:30:25:31:3b:94:2f:2f:64:c9:97:1c:90:
                    f2:0f:90:32:d3:72:82:28:1b:47:70:92:8b:f1:95:
                    d6:95:31:52:f0:f2:7b:a5:59:89:8b:e2:75:47:8c:
                    59:17:54:ee:b0:ca:f3:60:1e:13:fa:21:da:44:3b:
                    8a:f9:ee:fd:89:05:9f:ec:f2:56:05:af:fe:ff:fe:
                    9d:0f:df:02:1f:88:14:d3:ca:d4:cf:2a:d0:e9:50:
                    24:c0:52:bb:87:6c:45:b8:da:8a:d0:51:7c:b5:55:
                    41:10:0f:1f:f8:8c:14:43:b6:85:0c:0d:b0:92:36:
                    1b:f6:32:39:bf:08:70:39:0b:ed:1e:d7:bb:b0:cc:
                    81:fe:b7:50:74:97:9c:37:76:5b:20:60:21:1b:e2:
                    6e:33:7e:87:2a:bc:52:a1:c5:0a:b1:4a:ba:8a:bb:
                    b4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:25:03:99:29:EB:09:C0:72:F6:5E:FD:95:D6:4E:39:4F:EE:63:51
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:59:7c:1b:6a:bc:f0:04:0a:1c:15:92:be:5c:9b:bc:0e:04:
         72:10:c2:8c:6d:18:33:4a:c4:40:09:00:3c:75:3b:d0:43:37:
         a2:61:7a:c8:55:b0:e4:d0:3d:48:e0:8d:ae:71:f5:9f:3a:70:
         36:68:bd:0b:88:3d:64:a1:45:69:1f:b7:e3:10:60:52:b1:0d:
         58:c9:80:ab:4c:a8:14:11:b6:94:b2:f1:37:22:d0:66:78:0d:
         a4:04:14:25:24:ba:77:e2:b2:66:e1:8a:f3:c9:7a:99:e0:e5:
         d5:3e:b8:f6:9f:4e:03:5d:00:f4:bb:4b:f8:8a:33:6e:af:6e:
         6c:99:08:70:0a:3f:14:cd:e9:d7:66:84:a3:16:76:ac:46:43:
         84:c6:66:80:41:f3:aa:32:d7:6d:86:21:40:a8:07:f8:6f:3e:
         63:7d:a7:e0:16:0d:2a:29:a0:96:0b:f7:9d:b7:6a:14:7e:6f:
         1c:05:b9:08:4d:6a:2f:de:5e:01:4e:e9:b2:04:6d:35:1f:99:
         ee:19:e4:31:c6:5f:90:c7:64:e8:b7:1e:8b:e3:8e:db:8c:0b:
         1a:7a:0d:00:18:b9:d3:3e:fc:a1:c7:66:1e:f9:40:74:62:e7:
         46:5c:0a:f7:62:b7:69:b5:a5:52:e3:c2:90:28:0e:da:4c:52:
         5b:70:52:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKg8lq0fc+QlbgsmTrzg3/W9aHe0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NTBaFw0yNTAyMTExMjU0NTBaMDMxMTAvBgNV
BAMTKDQxMjUwMzk5MjlFQjA5QzA3MkY2NUVGRDk1RDY0RTM5NEZFRTYzNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp/wZcCkIjB5mSxXn1R7jEwNIi
kpCFSjbJnaPGh+6YSsSJ1M6xJbUxLcqwh89FWQu1qLjq8kyG+ORwwmd2Jsdk2XfG
P2+D2MWCP7nrNiP1VNNHnZkYNoq2Uumr+zAlMTuULy9kyZcckPIPkDLTcoIoG0dw
kovxldaVMVLw8nulWYmL4nVHjFkXVO6wyvNgHhP6IdpEO4r57v2JBZ/s8lYFr/7/
/p0P3wIfiBTTytTPKtDpUCTAUruHbEW42orQUXy1VUEQDx/4jBRDtoUMDbCSNhv2
Mjm/CHA5C+0e17uwzIH+t1B0l5w3dlsgYCEb4m4zfocqvFKhxQqxSrqKu7QdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQSUDmSnrCcBy9l79ldZOOU/uY1EwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzMzMyMmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFuE
ATANBgkqhkiG9w0BAQsFAAOCAQEAbFl8G2q88AQKHBWSvlybvA4EchDCjG0YM0rE
QAkAPHU70EM3omF6yFWw5NA9SOCNrnH1nzpwNmi9C4g9ZKFFaR+34xBgUrENWMmA
q0yoFBG2lLLxNyLQZngNpAQUJSS6d+KyZuGK88l6meDl1T649p9OA10A9LtL+Ioz
bq9ubJkIcAo/FM3p12aEoxZ2rEZDhMZmgEHzqjLXbYYhQKgH+G8+Y32n4BYNKimg
lgv3nbdqFH5vHAW5CE1qL95eAU7psgRtNR+Z7hnkMcZfkMdk6Lcei+OO24wLGnoN
ABi50z78ocdmHvlAdGLnRlwK92K3abWlUuPCkCgO2kxSW3BS4A==
-----END CERTIFICATE-----