Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e36352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          fEnIBTw+jRf0ERbu7SqJm25t6OgI5sbbUb8jDkTz+nQ=
Subject key identifier:   33:97:A3:68:69:5C:39:A6:C6:17:78:69:80:98:C1:60:9F:6D:DE:FB
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       4947B32D01FE39953B2979CB2F91E7A142CF94A7
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
Signing time:             Thu 12 Jun 2025 00:01:33 +0000
ROA not before:           Wed 11 Jun 2025 23:56:33 +0000
ROA not after:            Thu 11 Jun 2026 00:01:33 +0000
asID:                     834
IP address blocks:        213.139.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:47:b3:2d:01:fe:39:95:3b:29:79:cb:2f:91:e7:a1:42:cf:94:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jun 11 23:56:33 2025 GMT
            Not After : Jun 11 00:01:33 2026 GMT
        Subject: CN=3397A368695C39A6C61778698098C1609F6DDEFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:33:d3:bd:16:22:51:a3:54:20:31:3b:20:dd:
                    5a:5e:58:f0:22:60:9c:65:9a:63:96:81:29:75:8f:
                    ae:eb:b9:c4:0c:d7:2c:44:6b:85:cd:a8:23:49:b8:
                    e3:51:7f:2e:e6:a9:57:42:ac:8c:94:2f:13:fd:a1:
                    65:0f:46:53:11:11:7c:85:54:24:2f:1e:7d:47:d1:
                    d8:c9:aa:13:e7:ac:48:88:cc:40:d6:74:51:db:f6:
                    3e:9e:65:11:89:7f:d1:69:4a:e8:af:15:b8:94:5b:
                    0f:97:9e:42:6f:bb:9d:1f:20:78:26:02:8a:11:58:
                    49:3a:7b:ec:c7:ae:66:37:d7:11:ad:1d:08:94:d2:
                    61:74:0e:91:f0:82:61:99:37:21:54:b5:b5:c5:62:
                    e8:48:dd:45:27:ac:6f:24:71:c2:b1:43:49:9c:43:
                    bc:33:90:30:4c:f5:cf:74:0b:9d:2c:07:87:f8:09:
                    dd:c8:5d:be:b3:4a:77:38:39:a8:a9:6b:24:2f:9b:
                    1c:73:1b:ab:8f:1b:74:cd:b8:c6:13:2a:b2:d3:01:
                    27:4f:da:d6:16:90:a0:0a:dd:bd:13:48:7f:ab:a2:
                    09:39:e0:96:5f:ba:ac:5f:df:e4:04:44:4c:da:22:
                    73:04:08:ad:61:ab:02:40:5f:cc:55:02:a4:f6:f7:
                    3e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:97:A3:68:69:5C:39:A6:C6:17:78:69:80:98:C1:60:9F:6D:DE:FB
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f7:c9:cc:65:6c:2f:91:a8:3d:de:74:1c:39:ad:af:9e:18:
         31:ef:ef:30:1e:ab:2b:ad:fa:10:4e:b6:6d:f3:f0:fc:28:e2:
         32:90:ac:05:69:5e:e6:bd:88:30:4f:21:7c:fe:11:52:66:f2:
         0f:97:51:1c:cb:04:4c:75:58:c1:3a:3a:9e:f2:a5:8f:03:62:
         0f:9d:a5:7a:f2:78:a6:e9:d2:1d:59:70:a9:57:b0:0d:c9:15:
         7f:b3:7b:9b:96:8b:00:6a:84:b4:00:02:92:bc:86:d9:74:fa:
         ca:52:7f:05:e3:4b:c6:4f:d4:04:5b:00:9c:ab:73:0f:ed:2d:
         03:5c:cc:1e:88:a8:df:77:d8:d9:5a:6c:d4:c9:06:dc:bf:33:
         d0:74:a4:8e:d2:d3:78:6e:e9:bb:4f:24:76:4a:c3:f9:6b:d0:
         29:0b:fb:74:d8:5a:dd:aa:53:94:b9:69:46:b9:c8:2a:3c:73:
         9e:bc:ff:9a:42:2a:3c:90:ac:b7:9d:9f:fa:81:33:8d:14:d6:
         cb:c0:44:2b:fa:27:0f:82:31:df:b7:fb:cb:47:92:06:6f:29:
         00:0f:49:a2:28:d2:d8:6e:5c:67:58:e6:ac:74:bb:12:95:b4:
         ca:39:92:ee:42:e5:f2:45:7f:45:8d:e0:98:e1:bc:a0:c9:45:
         d7:25:a9:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSUezLQH+OZU7KXnLL5HnoULPlKcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA2MTEyMzU2MzNaFw0yNjA2MTEwMDAxMzNaMDMxMTAvBgNV
BAMTKDMzOTdBMzY4Njk1QzM5QTZDNjE3Nzg2OTgwOThDMTYwOUY2RERFRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHM9O9FiJRo1QgMTsg3VpeWPAi
YJxlmmOWgSl1j67rucQM1yxEa4XNqCNJuONRfy7mqVdCrIyULxP9oWUPRlMREXyF
VCQvHn1H0djJqhPnrEiIzEDWdFHb9j6eZRGJf9FpSuivFbiUWw+XnkJvu50fIHgm
AooRWEk6e+zHrmY31xGtHQiU0mF0DpHwgmGZNyFUtbXFYuhI3UUnrG8kccKxQ0mc
Q7wzkDBM9c90C50sB4f4Cd3IXb6zSnc4OaipayQvmxxzG6uPG3TNuMYTKrLTASdP
2tYWkKAK3b0TSH+rogk54JZfuqxf3+QEREzaInMECK1hqwJAX8xVAqT29z6VAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUM5ejaGlcOabGF3hpgJjBYJ9t3vswHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi0Ew
DQYJKoZIhvcNAQELBQADggEBAFn3ycxlbC+RqD3edBw5ra+eGDHv7zAeqyut+hBO
tm3z8Pwo4jKQrAVpXua9iDBPIXz+EVJm8g+XURzLBEx1WME6Op7ypY8DYg+dpXry
eKbp0h1ZcKlXsA3JFX+ze5uWiwBqhLQAApK8htl0+spSfwXjS8ZP1ARbAJyrcw/t
LQNczB6IqN932NlabNTJBty/M9B0pI7S03hu6btPJHZKw/lr0CkL+3TYWt2qU5S5
aUa5yCo8c568/5pCKjyQrLedn/qBM40U1svARCv6Jw+CMd+3+8tHkgZvKQAPSaIo
0thuXGdY5qx0uxKVtMo5ku5C5fJFf0WN4JjhvKDJRdclqTE=
-----END CERTIFICATE-----