Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38352e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          m9VEyjC6AstkEvUHZu0nndWjDPejGmt2Un1d+bIvwNg=
Subject key identifier:   2A:E7:93:3D:75:BC:23:54:F6:4D:F1:3F:54:A7:6D:BB:97:C3:BB:24
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       14100ABB02EECB50FD0DF56324B30048F73FE5A4
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 21 Apr 2025 10:54:03 +0000
ROA not before:           Mon 21 Apr 2025 10:49:03 +0000
ROA not after:            Mon 20 Apr 2026 10:54:03 +0000
asID:                     9009
IP address blocks:        213.139.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 00:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:10:0a:bb:02:ee:cb:50:fd:0d:f5:63:24:b3:00:48:f7:3f:e5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 21 10:49:03 2025 GMT
            Not After : Apr 20 10:54:03 2026 GMT
        Subject: CN=2AE7933D75BC2354F64DF13F54A76DBB97C3BB24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:88:8e:4d:22:94:cf:d9:fc:dc:1c:67:82:f2:
                    ee:c3:97:b7:ef:d3:27:90:be:f1:83:d8:14:41:96:
                    72:94:d3:02:d0:63:42:f3:da:9e:2f:b5:2c:75:e3:
                    b1:fe:05:03:fc:20:28:52:cd:96:f1:31:a2:73:cd:
                    7c:3a:8b:ca:db:86:28:3a:8d:97:98:20:a4:26:a5:
                    cf:4f:e1:67:56:26:0d:d2:fd:6d:c1:9d:57:ec:a5:
                    cf:0f:38:fb:f0:9e:5a:29:40:a1:f8:02:13:7d:52:
                    dd:8c:8c:20:3d:e3:02:93:60:ee:be:f8:25:67:ac:
                    cb:87:61:7a:cc:b3:db:61:7e:32:d6:db:28:6c:dc:
                    86:3b:21:41:d5:55:e9:56:5d:7c:61:de:bd:77:8d:
                    6b:51:f6:44:c7:62:fa:05:4c:3c:ca:27:0a:94:39:
                    5f:76:64:ae:b6:af:6d:25:91:d3:53:d8:2d:fc:56:
                    1a:a6:e4:f5:28:d0:6d:0d:a5:cf:a6:0a:7f:e3:97:
                    c5:46:02:d9:06:a2:22:7b:b5:61:57:73:e3:e4:03:
                    7f:7e:e3:ed:d6:30:17:74:4d:33:dd:f6:75:22:51:
                    bd:ea:88:a1:c3:6c:ac:b7:de:b2:e7:72:5d:b9:af:
                    46:80:4d:99:77:d8:df:42:fb:6f:b1:01:5f:16:31:
                    b9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E7:93:3D:75:BC:23:54:F6:4D:F1:3F:54:A7:6D:BB:97:C3:BB:24
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38352e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:0c:84:e1:a4:1b:6c:8d:a2:10:07:44:ab:72:38:cc:0c:50:
         d3:29:71:f0:0f:72:c4:81:f0:39:78:c5:2c:d9:d7:65:3d:90:
         a9:3b:75:dc:c0:fc:d3:4d:05:31:45:16:5f:84:63:bd:df:bb:
         4b:b6:d2:6c:cf:93:09:16:71:5e:0a:c3:12:6b:cd:6c:b7:4d:
         2a:b7:e9:85:17:a9:c7:f2:42:cf:97:bd:01:06:7a:3a:2f:f8:
         55:a1:7f:b4:9f:48:d8:3a:5e:39:5e:79:d2:45:8e:41:de:be:
         ff:29:17:fc:6f:eb:1a:50:a7:66:40:fb:1f:e1:61:48:80:52:
         73:16:5b:01:eb:af:61:1e:f2:49:9b:d6:29:3d:81:c2:0a:ef:
         72:02:e9:b4:22:25:e3:d2:2c:cb:f2:a8:0e:8d:2e:7a:15:ba:
         c9:23:2f:f4:3a:9e:6a:0e:5d:4a:ef:2a:89:69:e9:cf:74:79:
         c3:22:ad:4c:4d:e1:99:25:de:c9:8e:1f:d3:f8:8c:c3:05:e2:
         7f:45:06:21:f0:87:0b:58:51:d9:ec:de:36:61:df:de:5e:33:
         35:a2:7b:e7:62:e1:f1:92:4b:09:bc:57:84:1c:ed:d2:18:1f:
         9b:8e:d5:8e:ba:7b:b9:ca:f8:de:a5:c6:d5:fe:da:b9:61:71:
         fb:4d:b8:ab
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFBAKuwLuy1D9DfVjJLMASPc/5aQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA0MjExMDQ5MDNaFw0yNjA0MjAxMDU0MDNaMDMxMTAvBgNV
BAMTKDJBRTc5MzNENzVCQzIzNTRGNjRERjEzRjU0QTc2REJCOTdDM0JCMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3iI5NIpTP2fzcHGeC8u7Dl7fv
0yeQvvGD2BRBlnKU0wLQY0Lz2p4vtSx147H+BQP8IChSzZbxMaJzzXw6i8rbhig6
jZeYIKQmpc9P4WdWJg3S/W3BnVfspc8POPvwnlopQKH4AhN9Ut2MjCA94wKTYO6+
+CVnrMuHYXrMs9thfjLW2yhs3IY7IUHVVelWXXxh3r13jWtR9kTHYvoFTDzKJwqU
OV92ZK62r20lkdNT2C38Vhqm5PUo0G0Npc+mCn/jl8VGAtkGoiJ7tWFXc+PkA39+
4+3WMBd0TTPd9nUiUb3qiKHDbKy33rLncl25r0aATZl32N9C+2+xAV8WMblvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKueTPXW8I1T2TfE/VKdtu5fDuyQwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VTANBgkqhkiG9w0BAQsFAAOCAQEAigyE4aQbbI2iEAdEq3I4zAxQ0ylx8A9yxIHw
OXjFLNnXZT2QqTt13MD8000FMUUWX4Rjvd+7S7bSbM+TCRZxXgrDEmvNbLdNKrfp
hRepx/JCz5e9AQZ6Oi/4VaF/tJ9I2DpeOV550kWOQd6+/ykX/G/rGlCnZkD7H+Fh
SIBScxZbAeuvYR7ySZvWKT2BwgrvcgLptCIl49Isy/KoDo0uehW6ySMv9Dqeag5d
Su8qiWnpz3R5wyKtTE3hmSXeyY4f0/iMwwXif0UGIfCHC1hR2ezeNmHf3l4zNaJ7
52Lh8ZJLCbxXhBzt0hgfm47Vjrp7ucr43qXG1f7auWFx+024qw==
-----END CERTIFICATE-----