Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e322e302f32342d3234203d3e20313336373837.roa
File:                     39312e3133322e322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          e7qEhMP9inJvpsYkmuTyvtDA4XktUkiO0Z9bVTYq90s=
Subject key identifier:   5A:B8:69:83:97:B2:FF:39:FD:73:CE:D1:A1:EE:19:C3:D2:47:3C:7F
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       0CC37675AA5738F9B61E66A3F406F061C1936A60
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e322e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:51 +0000
ROA not before:           Tue 13 Feb 2024 12:49:51 +0000
ROA not after:            Tue 11 Feb 2025 12:54:51 +0000
asID:                     136787
IP address blocks:        91.132.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 16:15:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:c3:76:75:aa:57:38:f9:b6:1e:66:a3:f4:06:f0:61:c1:93:6a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:51 2024 GMT
            Not After : Feb 11 12:54:51 2025 GMT
        Subject: CN=5AB8698397B2FF39FD73CED1A1EE19C3D2473C7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bd:8a:78:df:32:97:d7:af:a8:de:d2:5a:45:
                    87:18:52:7a:76:2c:e5:52:2d:bc:10:03:b8:56:00:
                    fa:10:21:83:35:a9:9f:6d:80:cf:76:99:5b:3e:eb:
                    ba:ef:f0:90:0d:6d:46:71:ad:47:64:de:1e:ef:24:
                    52:07:4c:56:b8:2e:77:b5:14:04:6d:a6:1e:4b:ca:
                    e6:4d:90:1d:09:ed:5c:ec:7e:40:36:81:4f:27:76:
                    63:44:ef:c3:30:90:a8:aa:23:c3:06:b2:71:bb:28:
                    28:8b:77:92:5b:bc:16:2c:0e:ec:00:b5:05:d3:0a:
                    86:e0:90:76:1b:15:d7:97:41:71:01:02:2c:16:da:
                    d5:12:2e:4e:34:c1:e7:d5:48:fb:c2:d0:8c:f8:81:
                    2b:6a:4b:f3:be:69:14:6a:84:a9:26:3e:8d:c6:31:
                    b0:bd:8e:14:60:01:3c:9e:82:04:4b:0e:cc:56:4d:
                    dc:ef:a9:3c:91:7e:6e:8b:79:31:24:22:46:60:b6:
                    39:34:79:02:08:72:69:31:a5:8c:8d:11:c9:9a:8c:
                    4b:cb:ae:82:54:0f:b5:ce:31:6f:b5:a6:3b:e0:4e:
                    7e:38:5c:27:6b:c1:49:fd:eb:ca:1a:f9:ac:d8:57:
                    d3:b7:a9:55:86:b4:ac:ac:d1:c4:7c:02:0b:33:25:
                    65:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B8:69:83:97:B2:FF:39:FD:73:CE:D1:A1:EE:19:C3:D2:47:3C:7F
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:04:6b:0d:4c:b3:98:95:85:fb:59:09:d9:59:ff:d4:9b:bc:
         7d:ae:36:fc:42:19:e5:bd:e9:c5:2c:f9:e1:88:b7:a2:7e:5e:
         30:01:7a:fa:3a:87:4f:37:90:f2:45:0e:4e:69:6d:3a:40:d9:
         7d:c8:c8:40:2b:d2:2b:13:f4:a9:44:9d:78:eb:a0:89:86:1f:
         51:b6:6d:2f:d9:b2:71:9e:8c:fd:30:b0:f6:13:62:67:66:f2:
         c2:8b:53:ba:dd:7c:33:5e:6e:e3:96:a8:b3:60:a0:37:7b:d6:
         94:b1:55:53:72:7a:57:fc:59:25:7f:2e:0b:b2:dc:5d:02:36:
         3a:13:f9:12:6e:66:e7:f6:f4:6f:ef:8b:95:2c:78:63:34:ff:
         12:50:58:92:50:c2:31:ce:f2:09:fb:39:eb:77:cc:6b:83:c3:
         ef:ce:40:1e:f4:f3:ed:f7:b5:3a:08:c0:92:b3:c7:90:f3:ed:
         c9:57:74:07:d1:8d:88:23:24:4c:19:87:33:a2:83:ca:74:a6:
         af:23:44:fb:80:bc:33:6d:93:d6:e7:ad:9c:3d:1b:3e:18:ad:
         9b:c6:7a:b2:ac:c3:3f:4f:3f:1b:df:7c:ef:e8:d3:cb:c7:ee:
         6f:fc:82:09:0e:24:5a:93:29:9d:0b:1d:f4:41:dc:7c:e6:ed:
         2a:80:e6:ac
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDMN2dapXOPm2Hmaj9AbwYcGTamAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NTFaFw0yNTAyMTExMjU0NTFaMDMxMTAvBgNV
BAMTKDVBQjg2OTgzOTdCMkZGMzlGRDczQ0VEMUExRUUxOUMzRDI0NzNDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0vYp43zKX16+o3tJaRYcYUnp2
LOVSLbwQA7hWAPoQIYM1qZ9tgM92mVs+67rv8JANbUZxrUdk3h7vJFIHTFa4Lne1
FARtph5LyuZNkB0J7VzsfkA2gU8ndmNE78MwkKiqI8MGsnG7KCiLd5JbvBYsDuwA
tQXTCobgkHYbFdeXQXEBAiwW2tUSLk40wefVSPvC0Iz4gStqS/O+aRRqhKkmPo3G
MbC9jhRgATyeggRLDsxWTdzvqTyRfm6LeTEkIkZgtjk0eQIIcmkxpYyNEcmajEvL
roJUD7XOMW+1pjvgTn44XCdrwUn968oa+azYV9O3qVWGtKys0cR8AgszJWU7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWrhpg5ey/zn9c87Roe4Zw9JHPH8wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzMzMyMmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFuE
AjANBgkqhkiG9w0BAQsFAAOCAQEAMARrDUyzmJWF+1kJ2Vn/1Ju8fa42/EIZ5b3p
xSz54Yi3on5eMAF6+jqHTzeQ8kUOTmltOkDZfcjIQCvSKxP0qUSdeOugiYYfUbZt
L9mycZ6M/TCw9hNiZ2bywotTut18M15u45aos2CgN3vWlLFVU3J6V/xZJX8uC7Lc
XQI2OhP5Em5m5/b0b++LlSx4YzT/ElBYklDCMc7yCfs563fMa4PD785AHvTz7fe1
OgjAkrPHkPPtyVd0B9GNiCMkTBmHM6KDynSmryNE+4C8M22T1uetnD0bPhitm8Z6
sqzDP08/G9987+jTy8fub/yCCQ4kWpMpnQsd9EHcfObtKoDmrA==
-----END CERTIFICATE-----