Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36312e302f32342d3234203d3e203632323430.roa
File:                     39322e3131382e36312e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          ugTsKVHHVqmuO/WvqM4HLssbbWJoCzyVo4q+9cQhzvw=
Subject key identifier:   AE:F6:C2:C3:14:58:10:16:A2:68:A9:40:43:89:30:7D:03:6B:D3:0A
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       5B45EBD89003D660F7849C1DE22D7CD35181106A
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36312e302f32342d3234203d3e203632323430.roa
Signing time:             Mon 01 Apr 2024 14:03:22 +0000
ROA not before:           Mon 01 Apr 2024 13:58:22 +0000
ROA not after:            Mon 31 Mar 2025 14:03:22 +0000
asID:                     62240
IP address blocks:        92.118.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:45:eb:d8:90:03:d6:60:f7:84:9c:1d:e2:2d:7c:d3:51:81:10:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Apr  1 13:58:22 2024 GMT
            Not After : Mar 31 14:03:22 2025 GMT
        Subject: CN=AEF6C2C314581016A268A9404389307D036BD30A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e7:c7:3a:7f:fa:18:a0:fa:9f:a1:5c:49:36:
                    3e:d2:01:6e:e7:c6:1a:f2:2b:b6:df:e6:13:0a:6e:
                    03:7a:f7:73:41:71:88:b6:34:cb:16:a7:32:de:58:
                    04:47:09:0f:27:ab:bd:c5:f0:fd:93:6d:28:46:55:
                    22:b3:43:33:e1:72:e8:82:5c:67:c2:58:2d:fe:53:
                    64:e9:c2:b7:c3:c2:bf:46:6d:61:db:2e:b2:63:4f:
                    b9:ed:4b:47:39:6b:1d:67:2f:9f:09:f9:e9:50:99:
                    63:46:c9:47:4c:5b:04:c7:83:9c:eb:78:e4:e0:96:
                    83:04:c8:ec:b1:c7:66:ba:19:8a:0a:93:51:c4:33:
                    94:c3:83:b7:81:dc:bb:dd:b1:bb:0e:f8:d3:6f:e3:
                    fe:8d:ff:8c:7d:58:60:9d:d0:1b:5e:07:d2:56:53:
                    da:a2:a4:c6:ee:09:fd:a8:fa:10:02:50:30:6c:bf:
                    9a:75:b7:77:49:c5:0c:35:6c:aa:c3:08:0e:db:11:
                    1c:56:a5:cf:1c:c1:b7:07:bf:c1:9d:5a:14:53:9e:
                    13:59:d1:5c:1e:84:e9:d8:fb:0d:bd:eb:32:72:dc:
                    21:06:85:f3:2e:31:49:7a:29:ee:04:a4:57:40:99:
                    e8:29:3d:1c:45:0a:cb:d3:20:27:37:9d:33:51:50:
                    57:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F6:C2:C3:14:58:10:16:A2:68:A9:40:43:89:30:7D:03:6B:D3:0A
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/39322e3131382e36312e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:44:c4:60:f3:18:69:2b:be:fa:6c:35:fc:3f:80:36:26:64:
         93:65:98:b8:35:df:94:bf:28:a6:9f:92:08:92:7f:0e:01:49:
         87:d9:9e:bf:ed:93:27:7b:83:11:a4:c4:de:fe:5b:6c:6e:f8:
         d7:17:cf:34:0a:01:9c:a3:bd:ff:19:4b:a9:a9:8d:49:47:e8:
         75:4b:80:22:e8:1b:1f:fe:32:25:52:9d:60:fc:31:60:e7:9b:
         3b:64:99:3b:d7:ef:f3:13:70:56:74:77:4a:33:3e:4d:63:96:
         76:3b:b6:41:ae:f3:02:9b:bc:19:92:37:15:d5:3a:c3:d5:c8:
         91:18:1d:b4:a2:db:33:e2:60:9f:4e:e4:c7:04:58:ee:5d:86:
         a8:a4:30:46:b4:cb:6c:21:e8:b2:4c:4e:92:07:16:e1:2c:53:
         38:2c:12:d2:b9:8c:96:19:9d:11:49:33:6e:48:96:48:71:5e:
         64:cf:c7:94:47:76:fa:7b:fd:a0:44:f8:fe:3a:6d:b6:05:e9:
         d9:db:79:6c:25:85:d8:f5:24:fc:06:79:cd:0d:79:ea:96:62:
         8b:b9:db:eb:85:f7:8e:29:2a:f3:53:e7:07:e4:44:4f:ea:81:
         55:ee:bc:80:b8:f1:88:2c:ae:2c:fe:86:b3:f3:93:fd:47:20:
         33:64:dc:e9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUW0Xr2JAD1mD3hJwd4i1801GBEGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA0MDExMzU4MjJaFw0yNTAzMzExNDAzMjJaMDMxMTAvBgNV
BAMTKEFFRjZDMkMzMTQ1ODEwMTZBMjY4QTk0MDQzODkzMDdEMDM2QkQzMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF58c6f/oYoPqfoVxJNj7SAW7n
xhryK7bf5hMKbgN693NBcYi2NMsWpzLeWARHCQ8nq73F8P2TbShGVSKzQzPhcuiC
XGfCWC3+U2TpwrfDwr9GbWHbLrJjT7ntS0c5ax1nL58J+elQmWNGyUdMWwTHg5zr
eOTgloMEyOyxx2a6GYoKk1HEM5TDg7eB3LvdsbsO+NNv4/6N/4x9WGCd0BteB9JW
U9qipMbuCf2o+hACUDBsv5p1t3dJxQw1bKrDCA7bERxWpc8cwbcHv8GdWhRTnhNZ
0VwehOnY+w296zJy3CEGhfMuMUl6Ke4EpFdAmegpPRxFCsvTICc3nTNRUFcvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrvbCwxRYEBaiaKlAQ4kwfQNr0wowHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzkzMjJlMzEzMTM4MmUzNjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFx2
PTANBgkqhkiG9w0BAQsFAAOCAQEAAETEYPMYaSu++mw1/D+ANiZkk2WYuDXflL8o
pp+SCJJ/DgFJh9mev+2TJ3uDEaTE3v5bbG741xfPNAoBnKO9/xlLqamNSUfodUuA
IugbH/4yJVKdYPwxYOebO2SZO9fv8xNwVnR3SjM+TWOWdju2Qa7zApu8GZI3FdU6
w9XIkRgdtKLbM+Jgn07kxwRY7l2GqKQwRrTLbCHoskxOkgcW4SxTOCwS0rmMlhmd
EUkzbkiWSHFeZM/HlEd2+nv9oET4/jpttgXp2dt5bCWF2PUk/AZ5zQ156pZii7nb
64X3jikq81PnB+RET+qBVe68gLjxiCyuLP6Gs/OT/UcgM2Tc6Q==
-----END CERTIFICATE-----