Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e372e302f32342d3234203d3e203437353833.roa
File:                     3231332e3139302e372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          jOgNCsV487v8ABcO75ZDaobYHNq0Rv5RYoiAb5NRFVI=
Subject key identifier:   00:A0:3F:C4:0F:B5:10:AF:BB:23:C9:94:FB:FE:49:EA:3A:C1:02:33
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       66C514D65353E0A69B58839DD68AEC1F9B13FA17
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e372e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:48 +0000
ROA not before:           Mon 26 Feb 2024 08:48:48 +0000
ROA not after:            Mon 24 Feb 2025 08:53:48 +0000
asID:                     47583
IP address blocks:        213.190.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:c5:14:d6:53:53:e0:a6:9b:58:83:9d:d6:8a:ec:1f:9b:13:fa:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:48 2024 GMT
            Not After : Feb 24 08:53:48 2025 GMT
        Subject: CN=00A03FC40FB510AFBB23C994FBFE49EA3AC10233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2b:03:82:c7:4c:7b:eb:b6:f3:1a:77:23:98:
                    7a:18:98:f0:83:f7:77:a0:32:62:97:6e:67:d1:5a:
                    62:ac:5d:c7:30:85:88:5f:4e:61:9a:e6:af:3d:39:
                    32:21:a7:76:de:39:ab:1d:e7:0f:7c:6b:2c:04:f2:
                    cc:72:fe:c7:7c:3f:0b:c2:45:fc:19:c8:0b:17:a2:
                    db:c6:05:01:d4:ce:51:7d:a3:0f:6b:c7:92:95:15:
                    11:3b:e9:2f:88:c5:4a:58:0c:c9:18:0e:2b:3e:6e:
                    8d:d3:cd:9a:ce:a1:15:87:ec:5f:0f:30:9e:f5:fd:
                    ee:ca:37:40:53:95:d3:1f:4c:37:ef:7b:2a:3f:32:
                    51:c4:4c:39:f7:51:90:2a:53:95:ed:7b:c6:f6:be:
                    c5:b8:49:47:65:e5:46:fc:5b:62:b7:e2:1d:18:1d:
                    9e:b8:02:df:3e:81:2d:54:7e:0f:da:1d:8e:5c:29:
                    38:e9:f0:d2:89:72:58:3f:45:2f:c3:b1:3b:f0:57:
                    dd:04:7b:92:1c:b1:88:a6:27:9d:dc:bc:5c:fc:a0:
                    bd:bf:ec:4f:86:d0:74:c9:4f:de:72:6b:74:70:c6:
                    bd:ba:b9:b1:35:8a:c1:63:bc:49:42:b6:97:55:a5:
                    bf:9e:2c:27:2a:9a:8c:7e:50:d7:68:8a:e8:82:f3:
                    65:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:A0:3F:C4:0F:B5:10:AF:BB:23:C9:94:FB:FE:49:EA:3A:C1:02:33
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3231332e3139302e372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e5:f0:c3:a0:9d:1c:77:46:e2:92:7c:38:1a:5b:25:2f:38:
         d0:be:22:45:9b:7f:bd:1f:9c:02:c7:06:4d:3d:94:24:da:2d:
         df:b8:13:c3:b4:fe:bf:ff:aa:73:e8:7f:d4:a5:c5:a7:c4:ed:
         7f:74:08:84:78:ff:74:6f:f0:7f:79:e5:e7:4a:af:ad:12:9e:
         db:1d:e2:37:8a:d8:a0:fc:2e:33:d3:d0:61:2e:ab:69:fe:0f:
         7d:5a:86:51:c5:ee:19:17:97:fb:07:e6:f1:5c:f1:19:8d:c1:
         91:29:a6:49:b3:d2:bc:b7:70:ab:2a:35:28:e2:74:f6:10:01:
         ab:6d:2a:d6:4d:03:f3:d8:4c:a8:9a:41:70:a1:e8:b8:fc:1a:
         d4:7c:ae:0d:d4:2e:74:a2:42:b9:2e:c6:5f:b8:09:17:cb:e0:
         b6:ef:f3:91:c7:a4:63:d7:7a:e8:83:d4:41:0a:a3:6d:4d:5b:
         be:b5:8b:8b:30:82:da:f3:66:1c:26:d9:bc:c1:39:4f:93:9f:
         ba:b6:61:05:b2:eb:c4:9a:50:32:e1:79:2b:74:52:55:c1:00:
         d9:32:a8:40:e4:83:e1:04:df:33:b1:23:04:59:d8:15:f4:9a:
         3e:82:71:be:21:86:7b:fd:24:0f:dc:b8:6f:df:78:44:e8:87:
         67:76:1e:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZsUU1lNT4KabWIOd1orsH5sT+hcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDhaFw0yNTAyMjQwODUzNDhaMDMxMTAvBgNV
BAMTKDAwQTAzRkM0MEZCNTEwQUZCQjIzQzk5NEZCRkU0OUVBM0FDMTAyMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfKwOCx0x767bzGncjmHoYmPCD
93egMmKXbmfRWmKsXccwhYhfTmGa5q89OTIhp3beOasd5w98aywE8sxy/sd8PwvC
RfwZyAsXotvGBQHUzlF9ow9rx5KVFRE76S+IxUpYDMkYDis+bo3TzZrOoRWH7F8P
MJ71/e7KN0BTldMfTDfveyo/MlHETDn3UZAqU5Xte8b2vsW4SUdl5Ub8W2K34h0Y
HZ64At8+gS1Ufg/aHY5cKTjp8NKJclg/RS/DsTvwV90Ee5IcsYimJ53cvFz8oL2/
7E+G0HTJT95ya3Rwxr26ubE1isFjvElCtpdVpb+eLCcqmox+UNdoiuiC82WBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAKA/xA+1EK+7I8mU+/5J6jrBAjMwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzIzMTMzMmUzMTM5MzAyZTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANW+
BzANBgkqhkiG9w0BAQsFAAOCAQEABuXww6CdHHdG4pJ8OBpbJS840L4iRZt/vR+c
AscGTT2UJNot37gTw7T+v/+qc+h/1KXFp8Ttf3QIhHj/dG/wf3nl50qvrRKe2x3i
N4rYoPwuM9PQYS6raf4PfVqGUcXuGReX+wfm8VzxGY3BkSmmSbPSvLdwqyo1KOJ0
9hABq20q1k0D89hMqJpBcKHouPwa1HyuDdQudKJCuS7GX7gJF8vgtu/zkcekY9d6
6IPUQQqjbU1bvrWLizCC2vNmHCbZvME5T5OfurZhBbLrxJpQMuF5K3RSVcEA2TKo
QOSD4QTfM7EjBFnYFfSaPoJxviGGe/0kD9y4b994ROiHZ3Yelg==
-----END CERTIFICATE-----