Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
File:                     39312e3139392e39302e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          24Wi6BO1o+rN9DTXADpFgbBkLMPIwcsuYBHhIDkNNJk=
Subject key identifier:   9E:4C:75:6F:C9:FC:E3:48:D8:07:08:EB:D6:FD:C9:E4:06:32:7E:2A
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       19F19C2AE9EB5B8D77BC427D83C704E3C6983F75
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 05 May 2025 06:54:06 +0000
ROA not before:           Mon 05 May 2025 06:49:06 +0000
ROA not after:            Mon 04 May 2026 06:54:06 +0000
asID:                     60458
IP address blocks:        91.199.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:f1:9c:2a:e9:eb:5b:8d:77:bc:42:7d:83:c7:04:e3:c6:98:3f:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: May  5 06:49:06 2025 GMT
            Not After : May  4 06:54:06 2026 GMT
        Subject: CN=9E4C756FC9FCE348D80708EBD6FDC9E406327E2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:66:a2:16:d0:80:4a:10:64:aa:08:e4:b1:f0:
                    26:29:b4:58:7b:4a:59:ca:72:e8:8a:c0:9b:6d:b0:
                    51:6c:30:bb:c3:cc:2f:01:cd:6b:b2:0c:35:b5:06:
                    80:66:dc:0b:a8:0a:e4:ce:f1:4b:7a:ac:1d:69:d6:
                    ff:f4:93:59:e4:fa:11:c8:0b:65:0f:58:cd:79:47:
                    f3:99:d1:a2:09:16:f2:bb:fc:37:99:8d:ee:8b:cb:
                    56:24:ee:82:7a:02:3b:d2:18:35:25:59:fa:51:5d:
                    11:db:92:a6:66:41:5a:53:4b:ec:e2:d5:39:94:09:
                    c8:09:38:71:e4:4e:af:5d:05:1b:44:b0:03:b3:da:
                    9a:9c:82:ef:20:2d:dd:23:6b:30:d2:7f:e0:38:7d:
                    36:92:56:b4:c0:ba:25:a4:51:45:15:f0:a5:54:09:
                    b2:a1:ee:c0:20:44:24:61:ae:e4:4d:49:31:a8:e5:
                    b6:e0:3a:d5:20:0f:0c:7e:11:bb:2b:ba:e8:ae:ba:
                    96:e7:00:e3:0d:a0:6e:43:6b:8c:4b:26:5b:e7:ad:
                    9a:1b:5c:1f:80:18:18:f9:68:43:d9:0c:b6:3b:7d:
                    94:a0:49:f3:39:4f:81:82:27:e1:73:ff:0c:33:52:
                    51:6d:81:6f:c7:c6:8f:3a:59:39:1b:1f:89:2d:74:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4C:75:6F:C9:FC:E3:48:D8:07:08:EB:D6:FD:C9:E4:06:32:7E:2A
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/39312e3139392e39302e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b1:be:32:b5:cb:44:94:f0:95:82:d2:8f:54:ad:b6:e3:e7:
         a2:51:f1:2c:31:84:9b:da:9a:a9:a6:58:8f:2b:aa:c1:06:a4:
         81:4d:6e:c8:61:3d:dc:d9:f8:85:f1:3a:ad:b0:ad:af:fd:07:
         54:c6:33:27:ac:a7:64:f8:d4:db:ff:07:f6:02:fe:af:ac:f4:
         d9:12:cb:d8:78:58:36:5e:1a:14:b0:01:f7:ac:01:52:2c:8a:
         5f:b3:a9:6d:d0:9c:ce:9e:17:e1:d3:e7:f3:0b:43:d2:5e:f2:
         90:7e:ae:41:ca:bc:9e:b1:75:36:d6:9b:3a:1f:06:b3:c2:0e:
         bf:a9:ac:81:2c:8e:15:7a:cf:ca:c1:82:54:9f:37:4a:13:3a:
         d9:e8:ae:32:7a:6c:4c:fa:db:da:49:c5:14:e1:ca:2e:3a:22:
         78:b1:56:bd:f2:74:9f:73:bb:ac:84:3a:91:d8:46:99:c8:43:
         21:71:95:1b:cf:9d:bb:a0:5e:88:d4:bc:7f:d7:3e:f4:78:78:
         fd:cf:c7:8f:d0:41:de:8a:c0:f7:84:ba:bb:4b:65:fa:7a:53:
         68:89:94:87:ea:68:9d:11:da:cf:88:e5:cb:44:d6:21:eb:db:
         71:07:20:54:14:e4:23:77:57:00:7a:77:55:11:0e:f1:a9:3d:
         01:e7:f4:0f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGfGcKunrW413vEJ9g8cE48aYP3UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTA1MDUwNjQ5MDZaFw0yNjA1MDQwNjU0MDZaMDMxMTAvBgNV
BAMTKDlFNEM3NTZGQzlGQ0UzNDhEODA3MDhFQkQ2RkRDOUU0MDYzMjdFMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZZqIW0IBKEGSqCOSx8CYptFh7
SlnKcuiKwJttsFFsMLvDzC8BzWuyDDW1BoBm3AuoCuTO8Ut6rB1p1v/0k1nk+hHI
C2UPWM15R/OZ0aIJFvK7/DeZje6Ly1Yk7oJ6AjvSGDUlWfpRXRHbkqZmQVpTS+zi
1TmUCcgJOHHkTq9dBRtEsAOz2pqcgu8gLd0jazDSf+A4fTaSVrTAuiWkUUUV8KVU
CbKh7sAgRCRhruRNSTGo5bbgOtUgDwx+EbsruuiuupbnAOMNoG5Da4xLJlvnrZob
XB+AGBj5aEPZDLY7fZSgSfM5T4GCJ+Fz/wwzUlFtgW/Hxo86WTkbH4ktdPcLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnkx1b8n840jYBwjr1v3J5AYyfiowHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzkzMTJlMzEzOTM5MmUzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvH
WjANBgkqhkiG9w0BAQsFAAOCAQEAPbG+MrXLRJTwlYLSj1SttuPnolHxLDGEm9qa
qaZYjyuqwQakgU1uyGE93Nn4hfE6rbCtr/0HVMYzJ6ynZPjU2/8H9gL+r6z02RLL
2HhYNl4aFLAB96wBUiyKX7OpbdCczp4X4dPn8wtD0l7ykH6uQcq8nrF1NtabOh8G
s8IOv6msgSyOFXrPysGCVJ83ShM62eiuMnpsTPrb2knFFOHKLjoieLFWvfJ0n3O7
rIQ6kdhGmchDIXGVG8+du6BeiNS8f9c+9Hh4/c/Hj9BB3orA94S6u0tl+npTaImU
h+ponRHaz4jly0TWIevbcQcgVBTkI3dXAHp3VREO8ak9Aef0Dw==
-----END CERTIFICATE-----