Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
File:                     3139342e35302e3233332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          1Uc10i0K0I6NOh5nPcGsHOW1oPQ3VUXIL2jnA3/7lxc=
Subject key identifier:   31:FE:B8:AD:F9:E1:0E:82:6B:D8:0B:EE:CB:29:6E:63:18:B1:9A:48
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       1473A1051F1767B351285473CC8409A68F64F60D
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
Signing time:             Wed 20 Dec 2023 07:05:08 +0000
ROA not before:           Wed 20 Dec 2023 07:00:08 +0000
ROA not after:            Wed 18 Dec 2024 07:05:08 +0000
asID:                     9009
IP address blocks:        194.50.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:73:a1:05:1f:17:67:b3:51:28:54:73:cc:84:09:a6:8f:64:f6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Dec 20 07:00:08 2023 GMT
            Not After : Dec 18 07:05:08 2024 GMT
        Subject: CN=31FEB8ADF9E10E826BD80BEECB296E6318B19A48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:7d:47:0e:41:f6:be:88:1f:b8:0b:d4:01:
                    91:e9:94:79:cc:62:8a:96:4b:f7:ca:f6:a4:11:fa:
                    7a:6b:37:63:c5:74:28:8f:54:e0:ab:88:62:b1:27:
                    bb:6e:68:91:2c:32:74:6f:fc:01:9a:ac:ae:6b:67:
                    4e:bb:a9:9f:fa:e8:ca:7c:7f:35:33:ef:47:7b:2d:
                    f8:6f:91:86:05:b7:25:82:92:28:ac:2b:24:b7:ad:
                    71:1e:ff:39:b5:d1:b1:f1:6b:36:b0:5a:81:07:27:
                    3d:4a:1f:92:bc:49:5b:0e:0d:cf:53:12:72:68:64:
                    b1:9c:d9:9d:34:7b:fb:83:96:a0:d4:df:69:ba:7a:
                    55:37:26:df:ca:78:68:92:83:d2:d6:b9:41:62:f1:
                    92:5a:ef:85:2a:bf:e4:fa:e3:f1:43:5b:f5:93:78:
                    0e:80:8c:6e:76:26:24:aa:e2:74:7e:51:99:c4:7a:
                    a3:07:d5:3f:4e:54:94:b4:51:c9:eb:b6:f4:eb:cf:
                    a2:65:99:4b:a5:c3:6f:ea:75:c9:b0:5b:2d:2f:be:
                    09:1c:19:62:cb:df:47:bb:7c:aa:59:fc:2c:d3:4a:
                    2b:52:49:01:e8:4d:16:64:a0:eb:a6:2d:a9:49:6c:
                    a4:2f:92:6f:0c:92:f8:c3:30:94:63:45:e8:62:14:
                    20:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:FE:B8:AD:F9:E1:0E:82:6B:D8:0B:EE:CB:29:6E:63:18:B1:9A:48
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d7:77:30:f7:e7:99:41:06:1a:1e:4f:a3:a3:05:6c:55:7a:
         a8:74:23:cc:c5:a7:e8:20:0a:0c:26:e8:68:eb:a0:fe:88:37:
         71:6d:4d:a2:08:c3:36:3e:34:b6:20:c3:94:d7:fe:55:4c:f6:
         bc:fb:96:f8:1c:44:68:0b:a5:06:d2:e3:2d:5b:21:89:af:4d:
         70:65:0f:95:ee:3a:c5:10:03:1a:5f:88:67:06:52:e0:d5:78:
         e3:58:d7:01:99:80:b0:5c:7d:05:28:ed:c5:e7:74:20:d2:24:
         48:0e:1b:33:f0:b1:c8:3b:1a:d8:93:a0:b0:70:be:3c:47:98:
         b3:6b:d4:c9:3d:7c:98:b4:b5:25:8f:ca:d4:fa:0e:3c:e4:c5:
         de:48:62:6e:60:6f:38:8f:63:5e:cc:61:c0:48:68:71:4f:64:
         f8:fa:2d:98:de:fa:64:5e:2d:13:5c:aa:e9:8f:49:e8:0d:4b:
         e2:02:cd:df:48:77:f4:25:83:ad:c7:2e:b3:fe:b3:fb:b6:49:
         e9:4a:5f:51:c6:91:f4:49:2d:6d:90:07:d0:cd:a4:fa:76:a3:
         5d:8c:c3:61:70:cd:02:cb:5c:8b:37:52:cd:64:70:27:da:b1:
         ec:e8:cb:6b:be:d7:a1:b1:b6:5a:a3:b5:b5:e0:8b:d8:c6:1a:
         de:11:e1:ef
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFHOhBR8XZ7NRKFRzzIQJpo9k9g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEyMjAwNzAwMDhaFw0yNDEyMTgwNzA1MDhaMDMxMTAvBgNV
BAMTKDMxRkVCOEFERjlFMTBFODI2QkQ4MEJFRUNCMjk2RTYzMThCMTlBNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqtn1HDkH2vogfuAvUAZHplHnM
YoqWS/fK9qQR+nprN2PFdCiPVOCriGKxJ7tuaJEsMnRv/AGarK5rZ067qZ/66Mp8
fzUz70d7LfhvkYYFtyWCkiisKyS3rXEe/zm10bHxazawWoEHJz1KH5K8SVsODc9T
EnJoZLGc2Z00e/uDlqDU32m6elU3Jt/KeGiSg9LWuUFi8ZJa74Uqv+T64/FDW/WT
eA6AjG52JiSq4nR+UZnEeqMH1T9OVJS0UcnrtvTrz6JlmUulw2/qdcmwWy0vvgkc
GWLL30e7fKpZ/CzTSitSSQHoTRZkoOumLalJbKQvkm8MkvjDMJRjRehiFCDLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMf64rfnhDoJr2AvuyyluYxixmkgwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzEzOTM0MmUzNTMwMmUzMjMz
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIy
6TANBgkqhkiG9w0BAQsFAAOCAQEAltd3MPfnmUEGGh5Po6MFbFV6qHQjzMWn6CAK
DCboaOug/og3cW1NogjDNj40tiDDlNf+VUz2vPuW+BxEaAulBtLjLVshia9NcGUP
le46xRADGl+IZwZS4NV441jXAZmAsFx9BSjtxed0INIkSA4bM/CxyDsa2JOgsHC+
PEeYs2vUyT18mLS1JY/K1PoOPOTF3khibmBvOI9jXsxhwEhocU9k+PotmN76ZF4t
E1yq6Y9J6A1L4gLN30h39CWDrccus/6z+7ZJ6UpfUcaR9EktbZAH0M2k+najXYzD
YXDNAstcizdSzWRwJ9qx7OjLa77XobG2WqO1teCL2MYa3hHh7w==
-----END CERTIFICATE-----