Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa
File:                     38392e3131362e322e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier:          twheygdBU9M/hWK8PwEKS7vel1IBGYLsGKuF6NDPdmA=
Subject key identifier:   E7:F7:98:19:DB:23:FF:26:02:D5:BA:82:A6:06:BE:C2:11:A6:C9:17
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       15F14397BD617805180F3795223A7995FA4E6E67
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa
Signing time:             Fri 09 May 2025 09:37:55 +0000
ROA not before:           Fri 09 May 2025 09:32:55 +0000
ROA not after:            Fri 08 May 2026 09:37:55 +0000
asID:                     15419
IP address blocks:        89.116.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:f1:43:97:bd:61:78:05:18:0f:37:95:22:3a:79:95:fa:4e:6e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: May  9 09:32:55 2025 GMT
            Not After : May  8 09:37:55 2026 GMT
        Subject: CN=E7F79819DB23FF2602D5BA82A606BEC211A6C917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:01:cb:6e:1e:1d:fc:74:cd:45:db:ce:a6:76:
                    0c:54:ec:91:06:ca:59:8d:fb:2d:5c:63:fe:46:da:
                    e7:ff:5c:e8:95:e8:0d:e2:47:20:4d:67:35:5d:b0:
                    a9:cf:69:f0:a4:8d:cb:72:22:5b:9f:3a:a1:c8:61:
                    fc:4c:a6:7a:50:21:a5:71:d7:37:9c:93:72:69:ee:
                    6b:a6:df:96:e5:49:12:6b:74:00:a8:61:0f:95:34:
                    ea:68:c6:4c:4d:d9:60:b7:1f:01:56:90:a9:ca:e3:
                    94:67:ba:60:a6:04:68:cc:9a:f4:e4:eb:93:9a:78:
                    f1:eb:41:c3:64:4f:ec:48:79:20:fc:2d:cd:5d:05:
                    ce:87:a0:7a:be:90:5c:a4:5f:69:2e:b3:28:5f:91:
                    23:e4:38:1a:b0:4c:66:ce:b1:9f:95:5f:a5:94:97:
                    ab:58:80:e4:50:19:78:d8:a4:82:8f:ad:0a:a2:c9:
                    65:3e:0e:6b:f0:68:c4:f7:a2:66:ea:9c:5c:c8:08:
                    f3:e0:d6:e4:ee:66:22:3b:11:bd:f4:fc:8a:12:e1:
                    01:c4:9f:c2:8f:e6:37:ce:6b:93:e9:55:96:06:b9:
                    3c:76:c3:f7:67:5a:a9:32:5c:2b:c5:cb:c3:ce:a3:
                    f0:2f:2b:b1:27:39:c7:6a:28:24:94:9b:15:c3:df:
                    6f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F7:98:19:DB:23:FF:26:02:D5:BA:82:A6:06:BE:C2:11:A6:C9:17
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e322e302f32332d3233203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:ad:9b:34:bb:fd:7a:09:e6:6f:28:57:a3:5a:66:aa:30:c6:
         a3:2b:26:82:b2:09:62:cf:c6:f3:ae:de:e0:a6:47:f3:60:26:
         33:73:11:00:d4:94:65:77:e2:5b:58:2c:48:2f:96:a3:df:1a:
         de:8c:d4:ab:61:4b:25:34:36:a9:af:86:ff:70:09:9e:4a:e3:
         12:a5:7f:1d:89:28:9b:38:87:15:75:df:a6:d9:5a:38:be:68:
         5e:8f:75:d5:e7:48:19:0b:7e:c1:89:4a:b6:b8:12:38:f5:a3:
         a9:be:c5:6f:36:31:ad:d7:9e:99:c3:1f:6a:82:54:a9:e9:00:
         7b:9e:5e:38:c2:79:67:bc:15:f3:83:7c:c5:ca:0b:03:bf:b1:
         50:e1:dd:a8:b9:fc:32:74:e4:57:79:82:12:ef:67:54:fd:2f:
         8d:9c:1d:d0:37:61:8a:a0:82:8b:e6:92:15:f1:9f:19:40:5a:
         21:07:15:66:59:4f:34:63:f1:52:93:53:5b:48:aa:26:48:e7:
         ce:5c:38:cc:7e:d9:13:2b:ff:d2:10:ea:17:57:4b:ba:10:ae:
         68:eb:db:31:d7:d1:30:16:a6:8e:bc:ef:52:68:e5:93:31:5f:
         aa:fc:0a:32:e9:65:0b:37:55:81:ae:13:c8:67:a3:50:8d:bb:
         b7:17:c4:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFfFDl71heAUYDzeVIjp5lfpObmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTVaFw0yNjA1MDgwOTM3NTVaMDMxMTAvBgNV
BAMTKEU3Rjc5ODE5REIyM0ZGMjYwMkQ1QkE4MkE2MDZCRUMyMTFBNkM5MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKActuHh38dM1F286mdgxU7JEG
ylmN+y1cY/5G2uf/XOiV6A3iRyBNZzVdsKnPafCkjctyIlufOqHIYfxMpnpQIaVx
1zeck3Jp7mum35blSRJrdACoYQ+VNOpoxkxN2WC3HwFWkKnK45RnumCmBGjMmvTk
65OaePHrQcNkT+xIeSD8Lc1dBc6HoHq+kFykX2kusyhfkSPkOBqwTGbOsZ+VX6WU
l6tYgORQGXjYpIKPrQqiyWU+DmvwaMT3ombqnFzICPPg1uTuZiI7Eb30/IoS4QHE
n8KP5jfOa5PpVZYGuTx2w/dnWqkyXCvFy8POo/AvK7EnOcdqKCSUmxXD32+NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5/eYGdsj/yYC1bqCpga+whGmyRcwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMjJl
MzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMxMzUzNDMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFZdAIw
DQYJKoZIhvcNAQELBQADggEBAEStmzS7/XoJ5m8oV6NaZqowxqMrJoKyCWLPxvOu
3uCmR/NgJjNzEQDUlGV34ltYLEgvlqPfGt6M1KthSyU0Nqmvhv9wCZ5K4xKlfx2J
KJs4hxV136bZWji+aF6PddXnSBkLfsGJSra4Ejj1o6m+xW82Ma3XnpnDH2qCVKnp
AHueXjjCeWe8FfODfMXKCwO/sVDh3ai5/DJ05Fd5ghLvZ1T9L42cHdA3YYqggovm
khXxnxlAWiEHFWZZTzRj8VKTU1tIqiZI585cOMx+2RMr/9IQ6hdXS7oQrmjr2zHX
0TAWpo6871Jo5ZMxX6r8CjLpZQs3VYGuE8hno1CNu7cXxC4=
-----END CERTIFICATE-----