Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa
File:                     38392e3131362e34312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          nrTdofG3QiyT59ifvXqBtX8pF4lYbmqFJc6mO1yyOW0=
Subject key identifier:   31:98:73:74:97:19:D8:CC:01:72:D0:6A:E2:76:B5:4E:B9:69:5B:45
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       4D7157D680BE11920EC0EA039B06B024F4E3D1A1
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 09 May 2025 09:37:56 +0000
ROA not before:           Fri 09 May 2025 09:32:56 +0000
ROA not after:            Fri 08 May 2026 09:37:56 +0000
asID:                     15419
IP address blocks:        89.116.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:71:57:d6:80:be:11:92:0e:c0:ea:03:9b:06:b0:24:f4:e3:d1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: May  9 09:32:56 2025 GMT
            Not After : May  8 09:37:56 2026 GMT
        Subject: CN=319873749719D8CC0172D06AE276B54EB9695B45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4b:e3:11:c2:10:3e:fb:0f:21:a1:1e:7f:b1:
                    3f:da:a6:fd:7d:8c:5c:4b:4b:c2:78:c9:c5:3d:46:
                    67:24:1e:f2:3a:68:21:a4:a9:5a:9c:54:e4:ee:e3:
                    a5:47:37:cf:06:b8:8e:da:2c:0d:e1:1e:94:51:77:
                    95:e3:32:35:80:bf:f2:5d:95:01:1b:de:8a:e0:bf:
                    c1:c4:4a:4b:f2:93:53:9f:fb:a3:4f:ae:7b:98:a9:
                    b1:d0:0c:41:ed:e8:f1:32:34:47:86:dc:93:ca:66:
                    ce:83:f6:6e:ea:0a:ce:d4:78:04:7a:da:99:0a:76:
                    6e:ef:f8:f3:df:7f:4f:9e:dc:3e:16:62:f0:0f:68:
                    59:22:1b:59:7f:d6:6d:06:3a:51:40:f9:9c:0c:24:
                    d3:89:55:3a:b2:30:91:b8:a3:51:2c:a8:6b:59:bd:
                    36:e4:59:e1:1d:a8:f0:44:32:7f:7d:7d:86:4f:ac:
                    7d:5f:ca:89:1e:64:32:04:3f:c8:4a:fe:41:66:63:
                    ad:40:36:2a:6e:82:99:38:85:ec:d5:9b:d4:db:a5:
                    9e:5a:bb:db:63:7a:e7:e8:37:31:0c:53:a5:84:20:
                    71:52:90:e3:ac:5c:42:a1:37:c0:7c:51:d3:df:df:
                    8d:e7:21:64:01:6d:a3:98:41:f4:42:d1:1d:b4:69:
                    8c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:98:73:74:97:19:D8:CC:01:72:D0:6A:E2:76:B5:4E:B9:69:5B:45
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e3:6f:60:a0:ce:92:b0:d4:9f:54:17:8c:61:d1:a4:c7:cd:
         eb:5c:bc:a4:78:d3:07:d0:3d:59:b8:ca:aa:2c:cc:13:c8:6d:
         b8:14:8d:55:7f:3e:51:da:4a:ed:e7:cc:02:88:63:df:3c:67:
         4a:9c:63:a7:47:06:d3:bd:b0:34:7b:c8:83:fb:78:cf:13:2a:
         84:a9:75:82:c9:70:f3:4e:64:da:f3:4b:f6:c9:b0:01:b7:69:
         eb:a8:c7:41:05:65:e4:e4:ed:dc:60:18:d3:c9:f3:38:a5:70:
         fb:3a:88:03:c4:a5:43:9f:de:63:24:da:f8:a4:ac:c4:a4:15:
         32:31:93:74:d1:11:c8:8e:48:dc:bd:73:09:85:85:30:e5:b6:
         8d:62:d8:16:2c:ae:cc:72:a2:1a:68:31:72:56:59:a4:6f:16:
         f9:e6:4e:55:da:d9:45:9a:95:fd:94:96:1f:eb:2c:46:d6:86:
         ef:65:50:60:35:21:38:8a:d9:bc:fc:bf:5f:a5:ce:c0:69:ba:
         b3:e8:ee:32:80:2a:a6:44:c5:f7:f6:a3:ea:35:f4:0a:c0:21:
         94:97:60:a1:77:a7:23:6b:89:8f:17:e5:de:05:ab:70:af:9a:
         63:ac:da:da:60:ef:30:27:46:d8:3e:05:54:d7:6e:86:59:65:
         84:17:03:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTXFX1oC+EZIOwOoDmwawJPTj0aEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTZaFw0yNjA1MDgwOTM3NTZaMDMxMTAvBgNV
BAMTKDMxOTg3Mzc0OTcxOUQ4Q0MwMTcyRDA2QUUyNzZCNTRFQjk2OTVCNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTS+MRwhA++w8hoR5/sT/apv19
jFxLS8J4ycU9RmckHvI6aCGkqVqcVOTu46VHN88GuI7aLA3hHpRRd5XjMjWAv/Jd
lQEb3orgv8HESkvyk1Of+6NPrnuYqbHQDEHt6PEyNEeG3JPKZs6D9m7qCs7UeAR6
2pkKdm7v+PPff0+e3D4WYvAPaFkiG1l/1m0GOlFA+ZwMJNOJVTqyMJG4o1EsqGtZ
vTbkWeEdqPBEMn99fYZPrH1fyokeZDIEP8hK/kFmY61ANipugpk4hezVm9TbpZ5a
u9tjeufoNzEMU6WEIHFSkOOsXEKhN8B8UdPf343nIWQBbaOYQfRC0R20aYynAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMZhzdJcZ2MwBctBq4na1TrlpW0UwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzNDMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFl0
KTANBgkqhkiG9w0BAQsFAAOCAQEAAuNvYKDOkrDUn1QXjGHRpMfN61y8pHjTB9A9
WbjKqizME8htuBSNVX8+UdpK7efMAohj3zxnSpxjp0cG072wNHvIg/t4zxMqhKl1
gslw805k2vNL9smwAbdp66jHQQVl5OTt3GAY08nzOKVw+zqIA8SlQ5/eYyTa+KSs
xKQVMjGTdNERyI5I3L1zCYWFMOW2jWLYFiyuzHKiGmgxclZZpG8W+eZOVdrZRZqV
/ZSWH+ssRtaG72VQYDUhOIrZvPy/X6XOwGm6s+juMoAqpkTF9/aj6jX0CsAhlJdg
oXenI2uJjxfl3gWrcK+aY6za2mDvMCdG2D4FVNduhlllhBcDcg==
-----END CERTIFICATE-----