Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          9cktvEdh4jpik+wY0YHKxFgG9OCHki2tIjn/mKo9IKg=
Subject key identifier:   91:4A:8F:52:4E:A3:D0:29:BB:52:B8:65:0C:0A:92:8A:7D:4B:4C:D2
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       07CB336A3A2D1D59C4E399F8B04CA270CC51910F
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 22 Apr 2025 08:54:03 +0000
ROA not before:           Tue 22 Apr 2025 08:49:03 +0000
ROA not after:            Tue 21 Apr 2026 08:54:03 +0000
asID:                     9009
IP address blocks:        213.139.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 00:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:cb:33:6a:3a:2d:1d:59:c4:e3:99:f8:b0:4c:a2:70:cc:51:91:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 22 08:49:03 2025 GMT
            Not After : Apr 21 08:54:03 2026 GMT
        Subject: CN=914A8F524EA3D029BB52B8650C0A928A7D4B4CD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c7:5e:44:b3:f4:ff:de:01:0c:cf:c2:42:d2:
                    75:b6:e7:72:40:29:6d:8b:56:9d:64:9e:28:86:9c:
                    3e:3b:ff:54:01:84:f5:2f:c2:51:cf:d0:61:5a:ed:
                    f7:1c:ee:c8:3c:10:89:57:d8:35:a7:17:19:63:01:
                    d3:9c:07:66:86:2d:34:6d:3e:87:52:75:79:3a:52:
                    27:31:14:da:9f:3d:56:f4:41:e6:a5:76:55:7a:0b:
                    19:b4:d9:77:85:9a:e1:74:47:23:d0:63:dd:c3:6e:
                    89:e3:3b:44:66:78:2f:6b:da:b3:56:6f:22:ef:2c:
                    0c:bd:e3:d5:e1:bb:fc:87:33:eb:78:0c:04:e9:db:
                    8b:a6:d7:45:a6:b6:dd:13:76:fb:86:fd:94:a2:63:
                    67:71:8e:07:35:d6:82:69:9f:fb:01:ab:b3:3e:d2:
                    b1:6c:cc:ba:98:6f:54:5b:b8:f5:52:20:89:5d:80:
                    22:34:52:50:c6:e5:bb:65:78:b4:b0:11:6c:d5:2c:
                    73:e8:33:f5:96:d5:01:8c:22:17:ad:11:90:f8:d1:
                    2d:a0:27:f2:a0:7e:ae:df:eb:04:df:f3:51:aa:7d:
                    79:d1:b7:a9:4b:33:33:89:80:82:e9:a5:e7:48:a1:
                    e8:f1:55:1e:74:07:39:50:c7:81:89:6f:54:92:65:
                    88:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4A:8F:52:4E:A3:D0:29:BB:52:B8:65:0C:0A:92:8A:7D:4B:4C:D2
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:37:a8:17:cc:87:e5:11:a6:f8:11:a5:2a:7c:87:6f:ae:f7:
         cc:65:93:39:b7:68:2a:28:f7:0e:27:ea:86:9d:fb:0d:96:d6:
         ea:32:4c:69:a9:fb:23:53:17:b4:79:4d:ae:64:0a:c1:db:c1:
         42:09:b4:88:76:f6:ff:ba:e9:29:10:c9:58:87:d2:f8:b1:b0:
         b2:38:30:85:28:8c:23:8b:b5:3f:a3:9f:94:09:b9:e7:b5:f7:
         d4:a8:08:f5:3a:53:68:db:87:24:49:49:2e:e6:a5:31:13:07:
         2f:4c:65:2c:c7:e6:c0:90:b5:ab:bb:1f:34:1f:ce:5d:be:13:
         99:e5:c9:96:93:e1:5d:f4:2d:77:8a:d4:98:e0:e5:62:03:c4:
         78:ba:60:f2:cb:46:70:fe:4e:e9:2c:66:4e:49:a3:be:a7:4d:
         59:f3:0d:33:a3:eb:7f:7c:3d:54:84:c4:de:23:4b:eb:84:29:
         88:41:42:44:a7:f7:a3:88:9b:13:cd:ea:6b:89:f3:40:d8:32:
         1a:e8:0e:f1:83:ce:79:09:14:7b:a2:aa:a0:14:46:75:5a:fb:
         88:27:1c:00:23:95:fc:3a:5f:d7:5c:b5:57:c7:25:f3:96:a9:
         5a:aa:02:48:c6:5a:bd:84:2b:d8:ee:cf:5c:a8:ee:1f:73:78:
         6d:c0:dd:07
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB8szajotHVnE45n4sEyicMxRkQ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA0MjIwODQ5MDNaFw0yNjA0MjEwODU0MDNaMDMxMTAvBgNV
BAMTKDkxNEE4RjUyNEVBM0QwMjlCQjUyQjg2NTBDMEE5MjhBN0Q0QjRDRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJx15Es/T/3gEMz8JC0nW253JA
KW2LVp1kniiGnD47/1QBhPUvwlHP0GFa7fcc7sg8EIlX2DWnFxljAdOcB2aGLTRt
PodSdXk6UicxFNqfPVb0QealdlV6Cxm02XeFmuF0RyPQY93DbonjO0RmeC9r2rNW
byLvLAy949Xhu/yHM+t4DATp24um10Wmtt0TdvuG/ZSiY2dxjgc11oJpn/sBq7M+
0rFszLqYb1RbuPVSIIldgCI0UlDG5btleLSwEWzVLHPoM/WW1QGMIhetEZD40S2g
J/Kgfq7f6wTf81GqfXnRt6lLMzOJgILppedIoejxVR50BzlQx4GJb1SSZYh1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkUqPUk6j0Cm7UrhlDAqSin1LTNIwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
XTANBgkqhkiG9w0BAQsFAAOCAQEAejeoF8yH5RGm+BGlKnyHb673zGWTObdoKij3
Difqhp37DZbW6jJMaan7I1MXtHlNrmQKwdvBQgm0iHb2/7rpKRDJWIfS+LGwsjgw
hSiMI4u1P6OflAm557X31KgI9TpTaNuHJElJLualMRMHL0xlLMfmwJC1q7sfNB/O
Xb4TmeXJlpPhXfQtd4rUmODlYgPEeLpg8stGcP5O6SxmTkmjvqdNWfMNM6Prf3w9
VITE3iNL64QpiEFCRKf3o4ibE83qa4nzQNgyGugO8YPOeQkUe6KqoBRGdVr7iCcc
ACOV/Dpf11y1V8cl85apWqoCSMZavYQr2O7PXKjuH3N4bcDdBw==
-----END CERTIFICATE-----