Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa
File:                     38392e3131362e312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          QlNtxapPtCDVmKsd/rR7Y2Bq1QIkmg64gwg6mpWc9ZY=
Subject key identifier:   9E:A7:72:76:EF:B9:2F:BC:CB:3C:E8:AB:86:80:93:6D:D9:1B:6B:D2
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       319A331320A24023150282487D031E864FD7475D
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 09 May 2025 09:37:54 +0000
ROA not before:           Fri 09 May 2025 09:32:54 +0000
ROA not after:            Fri 08 May 2026 09:37:54 +0000
asID:                     15419
IP address blocks:        89.116.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:9a:33:13:20:a2:40:23:15:02:82:48:7d:03:1e:86:4f:d7:47:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: May  9 09:32:54 2025 GMT
            Not After : May  8 09:37:54 2026 GMT
        Subject: CN=9EA77276EFB92FBCCB3CE8AB8680936DD91B6BD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fa:cb:96:66:6a:12:cb:3e:92:0d:29:4e:54:
                    02:5c:32:91:c6:6b:ff:87:36:ad:b4:d3:93:9d:b2:
                    a4:55:7f:c7:43:e6:3c:95:d9:9e:53:16:a8:de:f2:
                    5b:18:f8:7c:7b:03:90:f3:13:50:64:38:56:52:b8:
                    2c:31:da:74:c7:5e:d6:d3:37:27:fa:a4:5b:c8:d3:
                    af:4b:6b:5d:ed:08:1b:62:6e:0e:81:83:53:96:75:
                    db:5d:58:5f:d4:fc:1b:b6:95:44:ba:b6:a5:df:65:
                    23:53:d5:0a:3c:c1:31:83:d8:7d:f5:57:96:c5:4b:
                    c3:62:7f:03:d6:bb:ff:68:03:f8:c4:27:b0:3c:70:
                    85:6d:d8:22:1c:2c:70:a9:1f:c5:a4:f8:73:32:ef:
                    87:66:dd:30:39:e0:78:d1:b0:11:23:03:b4:86:ff:
                    0e:cf:53:74:5c:41:5a:89:10:12:96:92:17:ca:be:
                    a0:bb:b5:bf:51:dc:ba:66:01:39:1c:b7:40:06:ec:
                    80:7e:9b:60:74:bd:4c:42:98:78:dc:74:5a:d1:54:
                    56:d3:eb:ae:9a:f6:53:c5:d5:89:dc:48:45:00:5a:
                    23:ad:90:f7:e8:1b:26:f1:de:19:9a:aa:3f:27:dd:
                    51:9a:79:9d:db:25:13:82:b5:03:4b:3c:9b:40:67:
                    0d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A7:72:76:EF:B9:2F:BC:CB:3C:E8:AB:86:80:93:6D:D9:1B:6B:D2
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:9d:6b:b5:d3:d6:3c:75:e6:55:77:1d:54:15:54:be:b1:ab:
         fb:2d:fa:38:c4:e4:f7:c4:03:d8:ad:0b:b0:03:39:e8:a1:9a:
         b8:be:28:64:1a:3b:15:4e:0d:dc:08:80:d7:16:a9:2b:58:63:
         b0:90:3c:bf:ba:c7:46:36:93:13:29:6d:ec:07:53:6f:5e:91:
         e1:f5:03:70:e2:cb:45:ca:07:c7:a9:91:7b:79:bb:bf:92:ab:
         b1:eb:70:10:40:29:2a:1c:67:6b:b4:ab:a0:36:f7:af:9d:c1:
         7a:4a:92:e2:5a:77:c2:e8:2d:69:71:8e:65:12:18:60:e9:0f:
         c7:32:ea:fc:6f:f9:59:09:3d:55:71:ed:21:f6:5a:1f:da:48:
         22:d4:3e:d6:de:bf:2d:36:73:31:f9:e6:1e:53:0e:11:f2:67:
         28:37:9a:1c:c3:3b:6c:aa:73:a1:0a:3b:84:c5:75:9a:7a:89:
         a6:ca:dd:21:5b:c7:a3:f1:ae:07:54:09:6e:f1:02:c4:07:4c:
         fe:59:09:31:19:18:1d:87:5c:0e:a9:ec:8d:b0:0e:17:50:a5:
         5d:7e:5d:da:d4:a5:8b:1c:ec:28:be:2d:f9:78:68:76:b8:44:
         f1:df:bb:84:ec:dc:e4:f4:be:8e:35:cd:a1:7d:f9:63:0e:28:
         85:35:50:c2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMZozEyCiQCMVAoJIfQMehk/XR10wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTRaFw0yNjA1MDgwOTM3NTRaMDMxMTAvBgNV
BAMTKDlFQTc3Mjc2RUZCOTJGQkNDQjNDRThBQjg2ODA5MzZERDkxQjZCRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr+suWZmoSyz6SDSlOVAJcMpHG
a/+HNq2005OdsqRVf8dD5jyV2Z5TFqje8lsY+Hx7A5DzE1BkOFZSuCwx2nTHXtbT
Nyf6pFvI069La13tCBtibg6Bg1OWddtdWF/U/Bu2lUS6tqXfZSNT1Qo8wTGD2H31
V5bFS8NifwPWu/9oA/jEJ7A8cIVt2CIcLHCpH8Wk+HMy74dm3TA54HjRsBEjA7SG
/w7PU3RcQVqJEBKWkhfKvqC7tb9R3LpmATkct0AG7IB+m2B0vUxCmHjcdFrRVFbT
666a9lPF1YncSEUAWiOtkPfoGybx3hmaqj8n3VGaeZ3bJROCtQNLPJtAZw0DAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUnqdydu+5L7zLPOirhoCTbdkba9IwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzNDMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZdAEw
DQYJKoZIhvcNAQELBQADggEBAB6da7XT1jx15lV3HVQVVL6xq/st+jjE5PfEA9it
C7ADOeihmri+KGQaOxVODdwIgNcWqStYY7CQPL+6x0Y2kxMpbewHU29ekeH1A3Di
y0XKB8epkXt5u7+Sq7HrcBBAKSocZ2u0q6A296+dwXpKkuJad8LoLWlxjmUSGGDp
D8cy6vxv+VkJPVVx7SH2Wh/aSCLUPtbevy02czH55h5TDhHyZyg3mhzDO2yqc6EK
O4TFdZp6iabK3SFbx6PxrgdUCW7xAsQHTP5ZCTEZGB2HXA6p7I2wDhdQpV1+XdrU
pYsc7Ci+Lfl4aHa4RPHfu4Ts3OT0vo41zaF9+WMOKIU1UMI=
-----END CERTIFICATE-----