Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e34302e302f32342d3234203d3e203232343237.roa
File:                     39312e3230392e34302e302f32342d3234203d3e203232343237.roa (raw, json)
Hash identifier:          na/qAaTdIJ7PT1YXsvaqUnpzD/nkfVV0HbNT3JlIn2w=
Subject key identifier:   A3:FE:52:48:9D:C0:59:C3:EC:5D:6E:81:95:3F:8B:F0:86:97:8C:83
Certificate issuer:       /CN=e205ebf065fc4929f1802662ae62d7f9762600e6
Certificate serial:       6F2ED91D9A99D333D296F0E9DFB0D66F84E92D9E
Authority key identifier: E2:05:EB:F0:65:FC:49:29:F1:80:26:62:AE:62:D7:F9:76:26:00:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e34302e302f32342d3234203d3e203232343237.roa
Signing time:             Tue 06 May 2025 10:29:47 +0000
ROA not before:           Tue 06 May 2025 10:24:47 +0000
ROA not after:            Tue 05 May 2026 10:29:47 +0000
asID:                     22427
IP address blocks:        91.209.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 09:47:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:2e:d9:1d:9a:99:d3:33:d2:96:f0:e9:df:b0:d6:6f:84:e9:2d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e205ebf065fc4929f1802662ae62d7f9762600e6
        Validity
            Not Before: May  6 10:24:47 2025 GMT
            Not After : May  5 10:29:47 2026 GMT
        Subject: CN=A3FE52489DC059C3EC5D6E81953F8BF086978C83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:10:c8:a6:bb:36:07:5a:19:fc:ee:34:4d:c6:
                    d3:3a:86:68:d7:5a:ba:d2:6e:a2:e9:7f:82:24:19:
                    61:b3:e6:af:c4:16:69:cb:6b:9e:31:21:0d:8e:0d:
                    65:0b:6a:9a:71:9c:e9:ac:01:fa:61:7d:62:8b:ed:
                    91:50:d0:87:04:ac:5b:31:12:92:1b:ff:d6:9c:c1:
                    a6:0c:16:5a:4e:c4:c7:b1:5e:4f:30:e8:d9:fa:cf:
                    bf:12:f0:7c:dd:e3:4a:06:10:76:1f:cf:a9:83:3c:
                    8f:f7:a6:63:34:be:1f:2a:9a:4e:f5:44:25:84:64:
                    50:89:b0:b3:e4:bf:ca:5f:46:41:17:29:6d:f0:00:
                    ed:f2:48:74:15:f1:41:4f:f8:8c:87:21:40:20:14:
                    9f:33:fd:fd:8c:ae:bc:be:f9:27:8d:00:c6:1f:54:
                    ed:0e:d5:53:56:42:f7:44:0f:f4:dc:09:df:97:ca:
                    ea:8b:3f:9e:99:32:85:ed:9b:93:e1:36:f9:8c:14:
                    df:5e:af:d0:d2:65:ca:f1:6a:d0:da:ab:43:6b:c5:
                    8f:69:2a:8e:79:16:ba:61:ce:53:a1:dd:00:ad:ac:
                    15:d9:c7:a6:ed:d8:cf:28:6e:bb:2b:2e:f3:55:a9:
                    e2:b5:de:7c:5c:c9:b6:16:2d:3f:8e:89:39:76:51:
                    8c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FE:52:48:9D:C0:59:C3:EC:5D:6E:81:95:3F:8B:F0:86:97:8C:83
            X509v3 Authority Key Identifier:
                keyid:E2:05:EB:F0:65:FC:49:29:F1:80:26:62:AE:62:D7:F9:76:26:00:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e34302e302f32342d3234203d3e203232343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:09:4d:1f:d1:d9:b9:1c:45:36:f4:ea:da:19:1e:8c:32:d4:
         d0:cd:b2:2f:6f:0d:30:a5:a6:06:b2:fa:8f:2b:de:6b:a4:89:
         03:21:0e:76:3c:f3:bb:11:6c:37:33:cd:bc:6c:a5:7b:70:19:
         7e:c8:55:ae:34:1c:4e:3c:63:90:f2:cc:0b:c6:71:be:3e:b1:
         f6:ff:fb:f6:78:13:e8:da:e9:91:b9:ce:21:1a:2d:5e:e9:2e:
         95:f3:95:6b:f2:76:2d:6f:4b:6d:80:60:b2:d4:ff:15:6f:2b:
         23:40:29:90:ad:fa:23:52:af:e1:1c:16:9c:d0:40:a2:8e:be:
         f1:88:e4:4c:6c:fd:d9:70:4a:8d:7e:13:ac:35:92:c2:5a:8d:
         5f:40:76:b1:f2:27:fa:32:b6:4e:42:00:51:8e:b0:3a:6e:12:
         3b:3d:21:ea:da:97:1b:13:42:78:38:43:d1:30:76:7e:be:d9:
         a5:c7:85:ae:a5:06:e0:0a:5e:3e:d8:1f:40:9a:c2:8d:a0:18:
         e9:df:a0:f5:d0:bf:e5:72:5d:a4:e9:04:0b:e1:d3:83:3d:58:
         b5:94:78:ae:dc:14:dc:6a:08:ab:36:b7:6a:f9:7c:81:5b:60:
         18:37:38:de:e5:74:25:df:1a:b7:8d:9e:7f:e8:02:86:64:dd:
         0d:a6:02:c7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUby7ZHZqZ0zPSlvDp37DWb4TpLZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTIwNWViZjA2NWZjNDkyOWYxODAyNjYyYWU2MmQ3Zjk3
NjI2MDBlNjAeFw0yNTA1MDYxMDI0NDdaFw0yNjA1MDUxMDI5NDdaMDMxMTAvBgNV
BAMTKEEzRkU1MjQ4OURDMDU5QzNFQzVENkU4MTk1M0Y4QkYwODY5NzhDODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyEMimuzYHWhn87jRNxtM6hmjX
WrrSbqLpf4IkGWGz5q/EFmnLa54xIQ2ODWULappxnOmsAfphfWKL7ZFQ0IcErFsx
EpIb/9acwaYMFlpOxMexXk8w6Nn6z78S8Hzd40oGEHYfz6mDPI/3pmM0vh8qmk71
RCWEZFCJsLPkv8pfRkEXKW3wAO3ySHQV8UFP+IyHIUAgFJ8z/f2Mrry++SeNAMYf
VO0O1VNWQvdED/TcCd+XyuqLP56ZMoXtm5PhNvmMFN9er9DSZcrxatDaq0NrxY9p
Ko55FrphzlOh3QCtrBXZx6bt2M8obrsrLvNVqeK13nxcybYWLT+OiTl2UYzpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUo/5SSJ3AWcPsXW6BlT+L8IaXjIMwHwYDVR0j
BBgwFoAU4gXr8GX8SSnxgCZirmLX+XYmAOYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYwYmUzZTEtODU0ZS00NjYyLTkyZTgtMDI4OTUwZmY1
N2ZlLzAvRTIwNUVCRjA2NUZDNDkyOUYxODAyNjYyQUU2MkQ3Rjk3NjI2MDBFNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRnWHI4R1g4U1NueGdDWmlybUxYLVhZ
bUFPWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYwYmUzZTEt
ODU0ZS00NjYyLTkyZTgtMDI4OTUwZmY1N2ZlLzAvMzkzMTJlMzIzMDM5MmUzNDMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMjM0MzIzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvR
KDANBgkqhkiG9w0BAQsFAAOCAQEAawlNH9HZuRxFNvTq2hkejDLU0M2yL28NMKWm
BrL6jyvea6SJAyEOdjzzuxFsNzPNvGyle3AZfshVrjQcTjxjkPLMC8Zxvj6x9v/7
9ngT6NrpkbnOIRotXukulfOVa/J2LW9LbYBgstT/FW8rI0ApkK36I1Kv4RwWnNBA
oo6+8YjkTGz92XBKjX4TrDWSwlqNX0B2sfIn+jK2TkIAUY6wOm4SOz0h6tqXGxNC
eDhD0TB2fr7ZpceFrqUG4ApePtgfQJrCjaAY6d+g9dC/5XJdpOkEC+HTgz1YtZR4
rtwU3GoIqza3avl8gVtgGDc43uV0Jd8at42ef+gChmTdDaYCxw==
-----END CERTIFICATE-----