Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          recgwGLHRmHMtvRRJVUhe6BWHyw6Djaciag4FXuYftw=
Subject key identifier:   78:0F:4E:AD:41:83:CA:42:A9:7A:39:BF:83:F9:95:CB:88:17:0B:CD
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       7515307948E8CC9CFAF2079B6BFD91A7D01E00E2
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 18 Apr 2025 15:54:02 +0000
ROA not before:           Fri 18 Apr 2025 15:49:02 +0000
ROA not after:            Fri 17 Apr 2026 15:54:02 +0000
asID:                     9009
IP address blocks:        213.139.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 00:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:15:30:79:48:e8:cc:9c:fa:f2:07:9b:6b:fd:91:a7:d0:1e:00:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 18 15:49:02 2025 GMT
            Not After : Apr 17 15:54:02 2026 GMT
        Subject: CN=780F4EAD4183CA42A97A39BF83F995CB88170BCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0e:4b:42:e5:63:d1:79:93:c2:0d:86:f3:a4:
                    df:40:e5:f4:a3:ec:cb:d0:3a:25:fa:2f:8c:4a:57:
                    18:75:2b:8d:b3:04:c2:a1:81:81:f5:33:e0:80:e1:
                    95:35:ef:f8:88:f6:9c:d6:70:7e:4d:08:8a:08:5e:
                    2a:cc:66:2e:bf:e9:06:96:94:ae:26:bd:3c:3b:32:
                    d9:32:11:ce:20:1f:8f:23:53:d1:d6:67:32:e9:03:
                    5e:63:c2:d7:f3:5a:70:4c:1a:69:72:a7:e1:b9:1c:
                    07:a6:9c:1c:00:ef:ae:df:7f:7c:c3:2b:fd:eb:10:
                    61:b2:43:9d:ff:df:31:2a:dd:44:f2:af:7e:07:1e:
                    44:67:d2:6d:c0:fa:23:35:e0:0d:fd:12:47:52:57:
                    65:ec:ab:73:9f:f1:82:2e:7d:07:5f:03:dc:4b:85:
                    a4:96:ab:0d:09:89:6e:61:6c:a5:e3:83:5c:57:a1:
                    08:23:91:74:32:5c:2f:bf:fb:0e:8d:41:63:6d:fb:
                    ed:e4:3b:bf:1d:76:32:5a:f7:c0:98:3f:21:bd:1e:
                    b0:d6:6c:d3:ab:3a:9d:e6:bc:75:9e:3e:8e:ec:9b:
                    c9:08:28:c2:5e:79:05:8f:a3:db:ff:5b:16:1b:fe:
                    e8:17:b5:80:bb:bb:04:38:74:1b:57:98:4d:07:77:
                    f0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0F:4E:AD:41:83:CA:42:A9:7A:39:BF:83:F9:95:CB:88:17:0B:CD
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:66:82:70:c0:15:c3:51:f6:6b:fb:f1:8f:4d:a2:46:3d:52:
         e0:b1:aa:ea:a9:c7:1d:2e:d0:3b:38:c5:50:d8:df:91:28:7c:
         8e:4a:30:ef:49:a7:44:62:69:cc:e3:2d:52:77:13:bd:32:c0:
         2b:f0:25:ee:d7:b3:cb:58:1f:f1:a1:a7:01:d6:97:90:cd:7c:
         8f:c1:2d:77:bf:08:7b:67:2c:dd:6f:87:3c:d0:90:19:3e:06:
         0c:08:fb:52:53:73:13:4a:3b:55:df:6e:a1:fc:d1:d5:41:6e:
         2b:39:42:fd:bd:a8:3b:a5:4e:2b:d4:10:a3:1f:a3:c0:fb:74:
         e0:e0:df:87:84:20:84:65:a2:54:df:fe:90:63:53:19:41:50:
         fa:a1:71:13:42:83:db:20:5c:96:4e:93:89:27:b5:60:db:70:
         27:62:40:ee:f9:ea:e5:95:ad:33:7b:af:9e:cd:4f:f1:ef:d9:
         19:60:c8:7f:99:6f:d3:87:4b:09:43:09:68:9b:d4:8a:1c:ff:
         5a:09:33:96:59:45:54:7b:33:f1:48:40:83:b9:e3:8f:19:b1:
         9c:ff:ce:0e:6d:4b:a0:51:4b:41:1e:86:49:1e:f0:37:ad:ec:
         80:4c:a5:45:b8:c7:e8:4f:5b:0a:4b:6e:c7:bf:68:32:ad:9f:
         72:c0:07:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdRUweUjozJz68geba/2Rp9AeAOIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA0MTgxNTQ5MDJaFw0yNjA0MTcxNTU0MDJaMDMxMTAvBgNV
BAMTKDc4MEY0RUFENDE4M0NBNDJBOTdBMzlCRjgzRjk5NUNCODgxNzBCQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3DktC5WPReZPCDYbzpN9A5fSj
7MvQOiX6L4xKVxh1K42zBMKhgYH1M+CA4ZU17/iI9pzWcH5NCIoIXirMZi6/6QaW
lK4mvTw7MtkyEc4gH48jU9HWZzLpA15jwtfzWnBMGmlyp+G5HAemnBwA767ff3zD
K/3rEGGyQ53/3zEq3UTyr34HHkRn0m3A+iM14A39EkdSV2Xsq3Of8YIufQdfA9xL
haSWqw0JiW5hbKXjg1xXoQgjkXQyXC+/+w6NQWNt++3kO78ddjJa98CYPyG9HrDW
bNOrOp3mvHWePo7sm8kIKMJeeQWPo9v/WxYb/ugXtYC7uwQ4dBtXmE0Hd/CZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeA9OrUGDykKpejm/g/mVy4gXC80wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VDANBgkqhkiG9w0BAQsFAAOCAQEAKmaCcMAVw1H2a/vxj02iRj1S4LGq6qnHHS7Q
OzjFUNjfkSh8jkow70mnRGJpzOMtUncTvTLAK/Al7tezy1gf8aGnAdaXkM18j8Et
d78Ie2cs3W+HPNCQGT4GDAj7UlNzE0o7Vd9uofzR1UFuKzlC/b2oO6VOK9QQox+j
wPt04ODfh4QghGWiVN/+kGNTGUFQ+qFxE0KD2yBclk6TiSe1YNtwJ2JA7vnq5ZWt
M3uvns1P8e/ZGWDIf5lv04dLCUMJaJvUihz/WgkzlllFVHsz8UhAg7njjxmxnP/O
Dm1LoFFLQR6GSR7wN63sgEylRbjH6E9bCktux79oMq2fcsAHWw==
-----END CERTIFICATE-----