Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39312e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          iHrVGYqO0jEnmhXvt0u+E3Fi7EyKrYFB7bEQzlX2suw=
Subject key identifier:   49:EE:B4:14:FA:44:83:C1:79:2B:BA:02:B4:FC:33:8A:F1:D4:D0:1C
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       1399E4B679BAA70449DD0FC26021F93B4BD661B1
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 22 Apr 2025 08:54:03 +0000
ROA not before:           Tue 22 Apr 2025 08:49:03 +0000
ROA not after:            Tue 21 Apr 2026 08:54:03 +0000
asID:                     9009
IP address blocks:        213.139.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 18:10:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:99:e4:b6:79:ba:a7:04:49:dd:0f:c2:60:21:f9:3b:4b:d6:61:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 22 08:49:03 2025 GMT
            Not After : Apr 21 08:54:03 2026 GMT
        Subject: CN=49EEB414FA4483C1792BBA02B4FC338AF1D4D01C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:99:60:b4:b7:26:77:10:b5:b8:2e:8b:be:
                    ad:39:5c:2f:68:13:9f:5e:89:56:22:29:a1:d8:de:
                    61:78:30:43:ce:8a:b7:32:1f:c5:24:b0:6b:3e:40:
                    17:fd:a4:93:b5:2d:24:66:f0:86:09:09:6e:6e:17:
                    a6:ce:d8:27:ad:22:5f:50:8e:2f:ce:ef:c9:80:1d:
                    e5:8e:39:7c:d3:ca:34:3a:87:ff:1b:f4:c7:8d:fe:
                    57:4a:f7:40:75:07:3d:0f:45:ba:4d:51:73:5b:e5:
                    ce:78:76:5c:6e:e3:44:90:10:d9:a1:96:8a:2f:d8:
                    0b:35:15:ba:6e:a7:79:6e:0b:7d:4d:02:e6:08:d1:
                    d2:4a:3f:3e:71:8e:59:d5:08:a5:31:5e:b3:d8:53:
                    55:5a:ad:e1:e0:8f:99:de:8c:df:33:6d:f0:61:6f:
                    d9:d4:4f:f6:e3:86:f7:10:37:69:17:77:25:3a:16:
                    c5:f7:40:ac:d0:be:e4:7f:f7:cf:b4:bc:14:e5:9b:
                    b6:65:55:9a:79:c0:be:76:aa:20:bf:a9:f6:7b:b7:
                    df:14:91:46:ad:ea:96:9d:18:c5:9e:f3:1a:9f:11:
                    74:db:a4:50:fb:61:cc:0d:2e:92:27:0e:b0:a6:ec:
                    1a:a3:25:81:e1:58:6a:bd:6a:c5:0a:fd:7a:e2:56:
                    42:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EE:B4:14:FA:44:83:C1:79:2B:BA:02:B4:FC:33:8A:F1:D4:D0:1C
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a6:49:cb:eb:28:90:4e:80:a7:60:8b:0a:2d:1a:13:0a:4d:
         6d:fb:a0:ff:69:b3:fd:06:a3:f7:19:d3:15:7a:af:8f:48:67:
         4b:b5:75:41:a5:27:ab:af:07:e8:ec:cb:19:42:e3:0c:f4:c4:
         13:7c:ed:50:f9:e4:b4:42:1d:92:09:32:ab:4d:ef:7f:20:87:
         a7:98:79:25:66:e2:e0:26:f3:f3:c7:fc:42:cd:16:e1:66:d7:
         f0:b9:d0:a3:bc:d7:2b:40:49:b8:46:b2:22:ba:e1:26:31:57:
         69:87:e0:ad:23:88:dc:a6:07:5a:11:74:3c:9e:3f:99:29:2b:
         57:88:a7:57:44:d3:be:4c:e3:5e:18:b4:a8:5d:49:09:fc:b5:
         80:33:aa:ca:3f:46:6f:79:d0:6b:c8:25:d5:ad:08:d3:5c:98:
         1c:5b:c8:4a:96:65:ea:b7:00:d4:ce:7e:d2:ef:19:dc:2e:51:
         b4:48:ff:85:9b:93:20:51:fe:3e:c1:ba:90:74:ac:d9:26:19:
         a7:56:8c:d9:f5:3f:ee:97:0e:52:ea:d2:c5:54:dc:f2:66:c3:
         dc:f2:b8:95:d2:e8:ed:80:51:ea:b2:a8:55:ea:e9:14:08:13:
         d6:29:1c:a0:3e:2a:ef:dd:f9:c6:e1:c5:3d:5b:40:a9:0b:e8:
         31:b2:4c:e9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE5nktnm6pwRJ3Q/CYCH5O0vWYbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA0MjIwODQ5MDNaFw0yNjA0MjEwODU0MDNaMDMxMTAvBgNV
BAMTKDQ5RUVCNDE0RkE0NDgzQzE3OTJCQkEwMkI0RkMzMzhBRjFENEQwMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7R5lgtLcmdxC1uC6Lvq05XC9o
E59eiVYiKaHY3mF4MEPOircyH8UksGs+QBf9pJO1LSRm8IYJCW5uF6bO2CetIl9Q
ji/O78mAHeWOOXzTyjQ6h/8b9MeN/ldK90B1Bz0PRbpNUXNb5c54dlxu40SQENmh
loov2As1Fbpup3luC31NAuYI0dJKPz5xjlnVCKUxXrPYU1VareHgj5nejN8zbfBh
b9nUT/bjhvcQN2kXdyU6FsX3QKzQvuR/98+0vBTlm7ZlVZp5wL52qiC/qfZ7t98U
kUat6padGMWe8xqfEXTbpFD7YcwNLpInDrCm7BqjJYHhWGq9asUK/XriVkLpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSe60FPpEg8F5K7oCtPwzivHU0BwwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WzANBgkqhkiG9w0BAQsFAAOCAQEALqZJy+sokE6Ap2CLCi0aEwpNbfug/2mz/Qaj
9xnTFXqvj0hnS7V1QaUnq68H6OzLGULjDPTEE3ztUPnktEIdkgkyq03vfyCHp5h5
JWbi4Cbz88f8Qs0W4WbX8LnQo7zXK0BJuEayIrrhJjFXaYfgrSOI3KYHWhF0PJ4/
mSkrV4inV0TTvkzjXhi0qF1JCfy1gDOqyj9Gb3nQa8gl1a0I01yYHFvISpZl6rcA
1M5+0u8Z3C5RtEj/hZuTIFH+PsG6kHSs2SYZp1aM2fU/7pcOUurSxVTc8mbD3PK4
ldLo7YBR6rKoVerpFAgT1ikcoD4q7935xuHFPVtAqQvoMbJM6Q==
-----END CERTIFICATE-----