Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa
File:                     3139342e302e3232392e302f32342d3234203d3e2035343634.roa (raw, json)
Hash identifier:          oQj2no095+LyjZGzWOfw+sSJOW/7fRxpgUOPswu5nqM=
Subject key identifier:   41:F2:5C:63:FE:8F:EF:F3:37:E7:9D:D9:82:80:04:C6:D4:AD:A4:8D
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       5B7ED2DED3B15246FA461ACB4C3AB028C3F3867C
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa
Signing time:             Wed 23 Apr 2025 09:54:04 +0000
ROA not before:           Wed 23 Apr 2025 09:49:04 +0000
ROA not after:            Wed 22 Apr 2026 09:54:04 +0000
asID:                     5464
IP address blocks:        194.0.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7e:d2:de:d3:b1:52:46:fa:46:1a:cb:4c:3a:b0:28:c3:f3:86:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Apr 23 09:49:04 2025 GMT
            Not After : Apr 22 09:54:04 2026 GMT
        Subject: CN=41F25C63FE8FEFF337E79DD9828004C6D4ADA48D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:84:07:87:11:d9:46:c8:9c:46:ca:c3:b4:f1:
                    01:ba:26:5d:7b:45:7b:dc:2e:66:a9:53:de:f6:b6:
                    c4:5e:8f:3c:5b:ae:d3:ea:6f:2a:32:b1:72:c7:3f:
                    43:14:6c:ef:1e:03:20:04:49:99:4c:a0:e9:9a:1d:
                    7d:b6:a6:33:f2:80:2f:bf:b5:e6:13:89:51:a8:7e:
                    dd:e7:35:da:a4:da:d2:17:d8:21:04:8e:2f:ac:05:
                    eb:b3:c9:ee:47:5b:ad:c1:72:91:41:14:cd:a8:5d:
                    77:39:2a:1f:ad:38:c6:7f:68:61:57:2e:09:c3:63:
                    de:d4:16:48:67:24:0f:eb:3d:6c:73:b6:3b:12:2d:
                    bd:01:7f:33:5b:59:19:38:ac:6c:08:57:51:df:8b:
                    31:6e:2b:c4:46:ad:cf:4d:59:b0:98:0d:bc:f2:e1:
                    90:66:73:b2:b9:85:8b:c8:f6:de:dd:6c:08:28:66:
                    4e:74:76:e9:4c:02:f9:28:ae:a0:48:d3:d4:b1:c7:
                    28:0f:e8:08:b9:1c:11:25:1c:98:42:6d:b5:99:f3:
                    0f:91:46:2c:b5:3b:e6:4a:1f:dc:33:0e:dd:b0:de:
                    7e:7f:62:15:7a:fa:5c:45:c5:d1:85:78:0f:90:09:
                    7e:09:29:9c:d8:76:47:76:97:62:27:c4:1d:9a:b4:
                    9b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F2:5C:63:FE:8F:EF:F3:37:E7:9D:D9:82:80:04:C6:D4:AD:A4:8D
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:e5:2b:ce:94:d3:ca:83:aa:4d:cd:8a:8f:c0:ae:27:51:77:
         b1:c8:ae:98:e3:1d:83:33:29:08:c0:17:be:10:80:86:8a:76:
         66:40:c7:a8:83:dc:dc:c5:31:da:25:92:fc:d2:b8:db:11:4e:
         28:2c:bd:4f:64:9b:a3:a4:e7:49:02:45:8f:09:36:c6:53:68:
         4f:06:2c:0f:dc:60:01:d3:4d:47:22:3b:10:20:18:f1:e7:6a:
         70:ac:38:81:36:03:4c:b5:58:57:1d:ef:0d:bd:e1:24:34:a6:
         70:b2:3a:ef:14:c2:14:42:32:dd:07:e6:93:59:30:ae:88:82:
         fa:9c:e5:17:79:b6:0d:27:47:fe:22:c6:05:af:e1:44:15:bd:
         ea:da:ff:b3:55:9f:e2:57:32:39:9a:7d:a8:f8:a5:fe:e4:12:
         4b:01:47:ae:40:d3:54:76:a4:ff:7d:0f:f4:a4:ca:90:4b:78:
         61:a0:c6:93:b9:aa:86:c6:a0:64:6d:b3:dd:25:82:45:c7:09:
         cd:dc:3c:a7:62:5f:f3:86:7c:bb:0b:87:46:bc:a5:e3:85:3a:
         3a:b9:ab:b6:b3:f9:61:aa:90:15:51:17:44:8d:b3:f9:18:03:
         56:4b:9b:fe:7e:f5:9f:c8:66:5c:8b:9f:91:38:3f:bf:1d:ed:
         3e:2d:54:e6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW37S3tOxUkb6RhrLTDqwKMPzhnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNTA0MjMwOTQ5MDRaFw0yNjA0MjIwOTU0MDRaMDMxMTAvBgNV
BAMTKDQxRjI1QzYzRkU4RkVGRjMzN0U3OUREOTgyODAwNEM2RDRBREE0OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/hAeHEdlGyJxGysO08QG6Jl17
RXvcLmapU972tsRejzxbrtPqbyoysXLHP0MUbO8eAyAESZlMoOmaHX22pjPygC+/
teYTiVGoft3nNdqk2tIX2CEEji+sBeuzye5HW63BcpFBFM2oXXc5Kh+tOMZ/aGFX
LgnDY97UFkhnJA/rPWxztjsSLb0BfzNbWRk4rGwIV1HfizFuK8RGrc9NWbCYDbzy
4ZBmc7K5hYvI9t7dbAgoZk50dulMAvkorqBI09SxxygP6Ai5HBElHJhCbbWZ8w+R
Riy1O+ZKH9wzDt2w3n5/YhV6+lxFxdGFeA+QCX4JKZzYdkd2l2InxB2atJudAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQfJcY/6P7/M3553ZgoAExtStpI0wHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzOTM0MmUzMDJlMzIzMjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCAOUw
DQYJKoZIhvcNAQELBQADggEBAGXlK86U08qDqk3Nio/AridRd7HIrpjjHYMzKQjA
F74QgIaKdmZAx6iD3NzFMdolkvzSuNsRTigsvU9km6Ok50kCRY8JNsZTaE8GLA/c
YAHTTUciOxAgGPHnanCsOIE2A0y1WFcd7w294SQ0pnCyOu8UwhRCMt0H5pNZMK6I
gvqc5Rd5tg0nR/4ixgWv4UQVvera/7NVn+JXMjmafaj4pf7kEksBR65A01R2pP99
D/SkypBLeGGgxpO5qobGoGRts90lgkXHCc3cPKdiX/OGfLsLh0a8peOFOjq5q7az
+WGqkBVRF0SNs/kYA1ZLm/5+9Z/IZlyLn5E4P78d7T4tVOY=
-----END CERTIFICATE-----