Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa
File:                     3130392e3233342e3231352e302f32342d3234203d3e20393733.roa (raw, json)
Hash identifier:          7XlPdZ+5k5dznfPMoT3Ni5uRfyL41Likgo5fplEaDTA=
Subject key identifier:   C1:AF:2D:F0:61:47:EF:48:8D:27:D5:86:51:5C:A9:9E:0D:97:3D:16
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       304A9AEB06C28099C4B9D45151611EFACE81F5B7
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa
Signing time:             Fri 28 Feb 2025 17:53:00 +0000
ROA not before:           Fri 28 Feb 2025 17:48:00 +0000
ROA not after:            Fri 27 Feb 2026 17:53:00 +0000
asID:                     973
IP address blocks:        109.234.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:48:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:4a:9a:eb:06:c2:80:99:c4:b9:d4:51:51:61:1e:fa:ce:81:f5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Feb 28 17:48:00 2025 GMT
            Not After : Feb 27 17:53:00 2026 GMT
        Subject: CN=C1AF2DF06147EF488D27D586515CA99E0D973D16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d0:b3:03:82:1c:72:9f:d7:56:ed:71:80:66:
                    ee:90:03:e6:5d:c1:ee:c3:e3:e0:35:d6:6b:74:89:
                    97:83:98:67:00:e4:c7:0f:4e:1e:d2:e7:2f:40:3a:
                    bc:86:6f:f4:3e:10:d3:e7:da:37:5c:50:d8:7a:ae:
                    8b:05:fa:3e:92:67:2f:b2:ba:3f:ac:fc:7a:0b:2c:
                    ac:d3:77:74:4f:b4:e9:05:f0:54:ae:17:e5:17:f1:
                    f0:30:61:5e:bd:ee:26:a5:23:91:4c:e6:a0:bc:55:
                    8c:16:a8:ea:16:e4:82:28:8d:30:b5:85:44:23:06:
                    ca:af:06:64:9b:a4:e7:b5:36:a6:33:58:99:1b:49:
                    8e:cb:41:20:0a:f9:87:40:ee:3d:8b:da:6b:f8:50:
                    b2:50:84:c5:5c:f0:f5:27:44:ef:de:1b:90:c7:2a:
                    33:48:2a:a7:a3:e0:99:60:06:02:3a:ea:25:46:0c:
                    81:67:54:fe:c5:01:77:2d:2f:c1:1d:dc:34:eb:bc:
                    de:4c:58:f3:34:44:00:44:39:3b:9c:53:f4:4b:cb:
                    27:73:36:81:45:e5:99:14:4d:01:87:28:13:8e:b3:
                    44:9f:eb:ea:66:c6:8c:6d:d1:d4:5e:6d:90:31:93:
                    da:f9:37:f2:9e:8d:3d:1e:5b:26:b7:8b:fe:5f:10:
                    10:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:AF:2D:F0:61:47:EF:48:8D:27:D5:86:51:5C:A9:9E:0D:97:3D:16
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:d6:6a:b3:a5:77:26:f6:60:55:66:d4:78:b0:7f:71:c0:87:
         f5:60:30:d4:59:e1:23:07:8d:92:54:af:34:71:a7:95:7c:6a:
         18:55:c7:7c:50:a8:31:73:61:4d:0a:e4:9b:4c:ea:15:c7:87:
         7f:e2:23:7f:01:59:20:07:da:21:3b:dd:3e:12:a5:68:4b:6d:
         13:f4:41:32:39:a9:c4:af:aa:04:d9:3a:7e:ad:3f:d0:6a:b4:
         bb:4a:f2:99:5e:d2:c7:42:5a:a3:02:04:c8:47:16:af:82:5b:
         c7:c3:cc:8f:82:ad:a3:d2:b1:c6:0e:98:be:66:32:e2:7a:22:
         81:3d:e7:39:f7:7e:aa:b4:6c:a0:ba:d5:28:d0:4f:cc:84:c9:
         33:7a:39:0d:1c:6a:a5:de:09:53:0e:fe:1c:45:e1:b1:ae:c1:
         1b:5b:fc:63:1c:e8:2b:2a:29:0c:c3:da:93:bb:15:e7:03:1a:
         a5:80:e9:d0:e7:07:2d:11:b8:88:cf:6c:fe:8a:8f:df:69:44:
         60:08:23:22:49:fd:ea:f1:10:8f:ce:42:d1:3d:41:71:7f:7b:
         88:3b:32:38:70:a1:ff:78:b2:6e:9a:57:16:8e:e8:19:22:46:
         85:44:9d:30:8d:c1:8e:4e:82:d6:d5:4f:6d:fc:a1:ed:c1:e6:
         1a:c3:43:43
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMEqa6wbCgJnEudRRUWEe+s6B9bcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAyMjgxNzQ4MDBaFw0yNjAyMjcxNzUzMDBaMDMxMTAvBgNV
BAMTKEMxQUYyREYwNjE0N0VGNDg4RDI3RDU4NjUxNUNBOTlFMEQ5NzNEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV0LMDghxyn9dW7XGAZu6QA+Zd
we7D4+A11mt0iZeDmGcA5McPTh7S5y9AOryGb/Q+ENPn2jdcUNh6rosF+j6SZy+y
uj+s/HoLLKzTd3RPtOkF8FSuF+UX8fAwYV697ialI5FM5qC8VYwWqOoW5IIojTC1
hUQjBsqvBmSbpOe1NqYzWJkbSY7LQSAK+YdA7j2L2mv4ULJQhMVc8PUnRO/eG5DH
KjNIKqej4JlgBgI66iVGDIFnVP7FAXctL8Ed3DTrvN5MWPM0RABEOTucU/RLyydz
NoFF5ZkUTQGHKBOOs0Sf6+pmxoxt0dRebZAxk9r5N/KejT0eWya3i/5fEBDBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwa8t8GFH70iNJ9WGUVypng2XPRYwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
1zANBgkqhkiG9w0BAQsFAAOCAQEAMdZqs6V3JvZgVWbUeLB/ccCH9WAw1FnhIweN
klSvNHGnlXxqGFXHfFCoMXNhTQrkm0zqFceHf+IjfwFZIAfaITvdPhKlaEttE/RB
MjmpxK+qBNk6fq0/0Gq0u0rymV7Sx0JaowIEyEcWr4Jbx8PMj4Kto9Kxxg6YvmYy
4noigT3nOfd+qrRsoLrVKNBPzITJM3o5DRxqpd4JUw7+HEXhsa7BG1v8YxzoKyop
DMPak7sV5wMapYDp0OcHLRG4iM9s/oqP32lEYAgjIkn96vEQj85C0T1BcX97iDsy
OHCh/3iybppXFo7oGSJGhUSdMI3Bjk6C1tVPbfyh7cHmGsNDQw==
-----END CERTIFICATE-----