Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e332e302f32342d3234203d3e20313336373837.roa
File:                     39312e3133322e332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          nMEJlfBE8WB+LOU4hGl/P8+DFImaGwOZZ9rM/rEf30M=
Subject key identifier:   AD:1F:BB:35:D4:B5:88:55:1E:04:19:46:3F:0A:0B:8D:CD:0A:00:4D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       381536EDEC2732AE2230030E295DF5ADEE74F37E
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e332e302f32342d3234203d3e20313336373837.roa
Signing time:             Tue 13 Feb 2024 12:54:53 +0000
ROA not before:           Tue 13 Feb 2024 12:49:53 +0000
ROA not after:            Tue 11 Feb 2025 12:54:53 +0000
asID:                     136787
IP address blocks:        91.132.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:15:36:ed:ec:27:32:ae:22:30:03:0e:29:5d:f5:ad:ee:74:f3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 13 12:49:53 2024 GMT
            Not After : Feb 11 12:54:53 2025 GMT
        Subject: CN=AD1FBB35D4B588551E0419463F0A0B8DCD0A004D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:59:60:04:fa:c9:a5:85:7e:3c:20:98:b8:f7:
                    d8:b7:4b:98:b6:38:03:6c:ac:ad:92:e3:eb:53:67:
                    7e:ff:ae:64:0e:54:c9:19:9c:8e:0d:38:e8:aa:87:
                    28:6f:20:43:d0:6f:8e:ab:53:b8:6e:1e:72:61:45:
                    02:c3:e8:94:6b:50:29:5f:af:d4:b2:63:bd:f6:9e:
                    ae:c3:9e:8f:ea:2d:27:fa:4f:01:c1:79:79:bf:72:
                    75:aa:a6:82:d8:1b:c9:86:f7:bb:06:e3:8a:88:cf:
                    46:76:bd:11:79:7a:b3:58:43:15:5a:46:ae:3a:4d:
                    46:3e:0a:8f:6b:98:a1:11:13:e6:7a:d0:87:e2:29:
                    7d:3c:2a:c4:e1:03:64:7f:42:9f:a0:87:f4:f2:eb:
                    d6:94:46:f0:e6:9d:7f:b6:a9:06:4c:88:66:7d:52:
                    e9:ff:f3:47:00:75:eb:82:65:4a:f9:fd:86:66:03:
                    9a:8e:d1:45:64:03:7d:6a:55:11:de:95:c5:cf:80:
                    3e:91:ad:3d:fb:55:72:3a:c1:4e:e2:e5:7c:96:58:
                    b6:58:a1:30:5a:79:e3:d2:f8:92:f3:ab:ce:25:e0:
                    be:bb:fb:cf:3e:e9:83:0e:51:a1:c1:78:b1:07:16:
                    5e:84:49:66:0d:de:43:8f:ec:71:27:32:e3:76:d9:
                    db:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:1F:BB:35:D4:B5:88:55:1E:04:19:46:3F:0A:0B:8D:CD:0A:00:4D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39312e3133322e332e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:99:0f:1f:a1:a6:26:31:26:8a:1e:a4:a4:a8:da:d3:34:8a:
         18:67:22:a2:51:2a:ba:6b:4a:55:71:98:70:f8:ec:92:4c:4d:
         e6:ec:d9:98:f4:16:bf:ef:e8:7b:d4:2a:6d:bb:66:4f:0d:d1:
         7b:3b:d4:b4:32:d7:6a:16:87:ae:b6:20:29:67:e8:01:a7:83:
         b5:e8:de:09:aa:b1:70:e8:e7:5d:aa:ff:c9:b4:a8:57:bb:6f:
         3b:26:3f:1b:de:fc:a4:b1:32:62:91:36:b2:8f:fa:9f:f5:4d:
         8b:e9:68:25:13:9c:68:7f:b5:01:fd:4d:0c:9a:b8:55:da:57:
         2d:53:36:1b:c4:2f:4a:9a:d7:dd:01:91:27:05:8a:8c:bc:4e:
         9b:93:65:91:63:cc:b2:5e:37:52:9c:6e:0d:67:a9:25:c9:05:
         06:a7:38:97:8a:e4:a1:76:2f:92:79:55:9f:92:37:7e:23:71:
         a8:ee:35:bb:6d:21:3a:f3:02:fd:8b:93:ad:53:1a:76:8b:5d:
         72:34:e9:b3:5f:b4:53:48:02:eb:05:24:d5:04:91:26:c1:43:
         55:b4:cc:27:2c:fa:c4:08:ac:13:c1:af:42:17:94:b7:17:cb:
         4e:ca:2d:b7:bf:14:4e:8d:89:23:19:90:f5:ed:a5:47:e1:60:
         38:25:6c:ef
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOBU27ewnMq4iMAMOKV31re50834wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMTMxMjQ5NTNaFw0yNTAyMTExMjU0NTNaMDMxMTAvBgNV
BAMTKEFEMUZCQjM1RDRCNTg4NTUxRTA0MTk0NjNGMEEwQjhEQ0QwQTAwNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0WWAE+smlhX48IJi499i3S5i2
OANsrK2S4+tTZ37/rmQOVMkZnI4NOOiqhyhvIEPQb46rU7huHnJhRQLD6JRrUClf
r9SyY732nq7Dno/qLSf6TwHBeXm/cnWqpoLYG8mG97sG44qIz0Z2vRF5erNYQxVa
Rq46TUY+Co9rmKERE+Z60IfiKX08KsThA2R/Qp+gh/Ty69aURvDmnX+2qQZMiGZ9
Uun/80cAdeuCZUr5/YZmA5qO0UVkA31qVRHelcXPgD6RrT37VXI6wU7i5XyWWLZY
oTBaeePS+JLzq84l4L67+88+6YMOUaHBeLEHFl6ESWYN3kOP7HEnMuN22dvhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrR+7NdS1iFUeBBlGPwoLjc0KAE0wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMTJlMzEzMzMyMmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFuE
AzANBgkqhkiG9w0BAQsFAAOCAQEAhJkPH6GmJjEmih6kpKja0zSKGGciolEqumtK
VXGYcPjskkxN5uzZmPQWv+/oe9QqbbtmTw3RezvUtDLXahaHrrYgKWfoAaeDteje
CaqxcOjnXar/ybSoV7tvOyY/G978pLEyYpE2so/6n/VNi+loJROcaH+1Af1NDJq4
VdpXLVM2G8QvSprX3QGRJwWKjLxOm5NlkWPMsl43UpxuDWepJckFBqc4l4rkoXYv
knlVn5I3fiNxqO41u20hOvMC/YuTrVMadotdcjTps1+0U0gC6wUk1QSRJsFDVbTM
Jyz6xAisE8GvQheUtxfLTsott78UTo2JIxmQ9e2lR+FgOCVs7w==
-----END CERTIFICATE-----