Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          B7vw5vNVLQ8WRBEm51+exK3hlvXMi4GOEEExRY88qeA=
Subject key identifier:   E1:95:EE:A4:5E:9B:E9:BB:E1:86:C5:28:FC:D9:5D:44:F1:BF:65:A1
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       2FBA28913CEF056468EDE281AF5481CAC86769A2
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:20:28 +0000
ROA not before:           Tue 23 Jan 2024 06:15:28 +0000
ROA not after:            Tue 21 Jan 2025 06:20:28 +0000
asID:                     834
IP address blocks:        159.253.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ba:28:91:3c:ef:05:64:68:ed:e2:81:af:54:81:ca:c8:67:69:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:15:28 2024 GMT
            Not After : Jan 21 06:20:28 2025 GMT
        Subject: CN=E195EEA45E9BE9BBE186C528FCD95D44F1BF65A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:53:87:ac:e8:a1:76:2c:e8:38:08:ce:73:f5:
                    d3:b9:82:af:e9:c0:a9:8e:60:40:9a:30:d2:94:67:
                    d5:08:24:59:cd:8a:0d:c5:f0:3c:29:59:bc:26:b8:
                    e0:c7:ab:db:8f:a8:02:f3:d0:14:c1:23:63:39:13:
                    f7:cc:ce:11:58:9d:bd:d1:a9:54:f9:08:ba:c8:3d:
                    f3:0e:0c:8d:6d:76:bc:4b:a1:5e:7a:47:52:60:86:
                    be:a0:a5:bd:80:46:d8:31:0a:8c:64:86:d4:8c:0c:
                    60:8b:94:d8:6c:5d:42:ad:8e:a5:01:6a:37:00:8d:
                    df:b0:5c:cc:88:02:08:4f:c0:dc:06:98:9f:32:10:
                    9d:05:27:c0:2f:71:35:18:ff:d3:bb:39:98:d3:7a:
                    19:77:da:03:15:9f:e8:5b:05:73:a6:6e:a4:03:1b:
                    7d:a5:8c:4b:d6:a6:45:7c:b8:ca:ad:c7:fc:ac:bd:
                    7f:72:6e:54:05:5d:69:9b:21:ad:8a:d1:f3:31:eb:
                    22:60:47:14:fd:65:2a:2a:c1:e6:1a:70:7c:5c:b4:
                    82:1a:4a:53:2b:ed:25:58:7e:3b:95:b9:50:15:9e:
                    b3:86:7e:b7:e9:f0:f0:7b:54:e3:7b:ef:62:ad:09:
                    d6:ee:fd:ba:5a:e5:0d:eb:31:57:f0:c3:0c:bf:81:
                    c2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:95:EE:A4:5E:9B:E9:BB:E1:86:C5:28:FC:D9:5D:44:F1:BF:65:A1
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:9a:97:c0:29:6d:8a:6a:40:cc:6f:13:23:ff:e9:53:b6:f3:
         6f:05:29:65:3b:0f:4b:0d:9f:89:68:8c:52:eb:7e:52:1f:f7:
         71:34:38:f3:3c:55:aa:6d:d5:41:ff:fc:12:ac:3a:15:ad:d3:
         fc:ba:3f:99:2c:7a:d8:70:a8:36:5e:f4:5d:95:4d:b9:69:93:
         10:e7:2d:1a:3e:9e:cc:c8:da:ee:fb:cf:c7:0e:89:3d:6d:e3:
         ff:20:0f:7d:fe:ef:47:2a:8a:5d:42:44:c2:fa:77:02:21:2f:
         91:56:c0:7a:68:b8:ea:b3:99:e2:a4:0c:7d:e4:c8:11:74:4d:
         ac:8f:2c:47:3d:cb:35:4a:18:b8:9c:70:7c:8d:ba:19:5d:7c:
         52:43:5a:87:14:22:20:16:70:b1:12:88:39:69:6c:ad:71:7d:
         de:e2:ba:5d:bb:b0:34:af:33:d3:49:7f:fc:1d:ca:50:3f:ba:
         98:8f:49:b2:64:f7:5f:ee:3a:21:2a:64:db:d2:3f:e7:76:12:
         5c:e5:e1:db:49:4e:0a:b7:41:cf:54:03:57:e1:ce:6b:47:41:
         8d:5f:63:26:05:aa:09:48:5a:ca:92:90:b5:f0:65:9c:7a:cc:
         95:4f:e5:e6:dc:2b:b5:2e:8a:58:67:ae:6e:3d:8e:8a:98:20:
         03:31:c7:29
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUL7ookTzvBWRo7eKBr1SByshnaaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE1MjhaFw0yNTAxMjEwNjIwMjhaMDMxMTAvBgNV
BAMTKEUxOTVFRUE0NUU5QkU5QkJFMTg2QzUyOEZDRDk1RDQ0RjFCRjY1QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxU4es6KF2LOg4CM5z9dO5gq/p
wKmOYECaMNKUZ9UIJFnNig3F8DwpWbwmuODHq9uPqALz0BTBI2M5E/fMzhFYnb3R
qVT5CLrIPfMODI1tdrxLoV56R1Jghr6gpb2ARtgxCoxkhtSMDGCLlNhsXUKtjqUB
ajcAjd+wXMyIAghPwNwGmJ8yEJ0FJ8AvcTUY/9O7OZjTehl32gMVn+hbBXOmbqQD
G32ljEvWpkV8uMqtx/ysvX9yblQFXWmbIa2K0fMx6yJgRxT9ZSoqweYacHxctIIa
SlMr7SVYfjuVuVAVnrOGfrfp8PB7VON772KtCdbu/bpa5Q3rMVfwwwy/gcIFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU4ZXupF6b6bvhhsUo/NldRPG/ZaEwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0BMA0G
CSqGSIb3DQEBCwUAA4IBAQCnmpfAKW2KakDMbxMj/+lTtvNvBSllOw9LDZ+JaIxS
635SH/dxNDjzPFWqbdVB//wSrDoVrdP8uj+ZLHrYcKg2XvRdlU25aZMQ5y0aPp7M
yNru+8/HDok9beP/IA99/u9HKopdQkTC+ncCIS+RVsB6aLjqs5nipAx95MgRdE2s
jyxHPcs1Shi4nHB8jboZXXxSQ1qHFCIgFnCxEog5aWytcX3e4rpdu7A0rzPTSX/8
HcpQP7qYj0myZPdf7johKmTb0j/ndhJc5eHbSU4Kt0HPVANX4c5rR0GNX2MmBaoJ
SFrKkpC18GWcesyVT+Xm3Cu1LopYZ65uPY6KmCADMccp
-----END CERTIFICATE-----