Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e362e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ONgSPtXabXTcBR0c/6UCxjtQB7RWKUGQeeSVTOmpqd0=
Subject key identifier:   50:05:FB:D6:98:4D:6F:8A:E6:F2:37:3B:2F:DE:59:0B:F4:FF:97:F3
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       3F4DC83C336B02E6FA95265998CC94C105908759
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e362e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:21:07 +0000
ROA not before:           Tue 23 Jan 2024 06:16:07 +0000
ROA not after:            Tue 21 Jan 2025 06:21:07 +0000
asID:                     834
IP address blocks:        159.253.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:4d:c8:3c:33:6b:02:e6:fa:95:26:59:98:cc:94:c1:05:90:87:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:16:07 2024 GMT
            Not After : Jan 21 06:21:07 2025 GMT
        Subject: CN=5005FBD6984D6F8AE6F2373B2FDE590BF4FF97F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bf:dc:36:77:02:c9:87:f4:d1:7b:c0:2a:bc:
                    24:17:f5:28:9f:e2:ec:10:9c:6c:68:6b:2b:60:4a:
                    f6:53:71:05:8f:ad:d4:5d:70:d2:c8:2c:82:13:f0:
                    d9:8a:d1:a6:bd:60:31:b4:78:39:82:3f:21:21:76:
                    cd:37:1a:41:e7:ef:06:93:72:76:fe:eb:f3:f9:d4:
                    be:de:16:ca:0c:1e:c6:11:b8:79:42:a6:e6:2a:e9:
                    54:a8:16:cc:01:00:13:9c:1a:e5:fa:cb:7e:9f:0d:
                    38:02:b1:e6:4b:dc:6f:46:bb:c3:91:19:20:b4:b5:
                    2b:5f:5d:82:3e:1a:ae:1d:d5:fa:e9:90:34:78:44:
                    d6:85:5e:13:28:57:86:72:b0:a1:92:9f:e9:e7:2f:
                    84:f4:c6:05:10:e6:8d:42:c4:2f:71:b1:d5:fa:3b:
                    7a:ec:cc:7a:fd:1f:ef:55:42:fe:90:73:66:9e:fe:
                    6f:1e:89:bc:cb:86:03:8a:8a:ef:58:01:40:8d:df:
                    99:72:70:ac:e8:52:bd:bb:4f:07:90:08:54:c5:bf:
                    00:e5:a1:1e:34:78:82:3c:a0:64:76:52:f9:99:35:
                    01:7d:2e:55:a3:e5:f2:15:ca:4e:f7:96:29:a0:61:
                    b8:8a:37:c3:3b:5a:a3:1c:57:e9:ca:b9:70:e3:17:
                    fb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:05:FB:D6:98:4D:6F:8A:E6:F2:37:3B:2F:DE:59:0B:F4:FF:97:F3
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:49:70:b3:ab:80:a8:ba:a1:5f:a5:df:99:2c:84:fa:cb:28:
         2c:dd:44:0e:50:60:ed:b3:43:c1:cc:9a:9a:9d:c6:21:df:4b:
         32:39:fc:2d:2c:37:7c:e1:fc:e0:8f:51:ec:f7:84:a3:82:7e:
         0f:85:38:49:df:2e:7f:9e:d3:d2:9d:00:e2:e1:d0:10:03:ed:
         31:27:de:29:4f:f5:2e:d1:f3:71:9b:11:3c:9c:29:a8:0c:87:
         62:49:68:e3:86:4e:bf:fc:8a:de:eb:2e:6a:1d:86:bb:ca:08:
         19:b2:b6:a2:85:a0:e1:61:0b:05:01:1e:13:29:43:82:e8:c2:
         eb:33:bf:1f:82:ff:81:99:90:5b:79:fd:d4:d6:8f:9b:38:52:
         33:fb:27:56:36:29:6a:f6:2b:88:d7:62:79:2d:62:c0:cb:fa:
         c9:37:64:cc:3f:bd:06:b8:40:9b:08:bd:8a:5c:2c:df:6c:dc:
         68:e1:8a:fb:72:5a:fc:36:7a:7e:6e:86:37:9c:75:fa:1e:cd:
         de:c7:cc:4c:02:e1:6b:14:0d:93:2f:a6:a2:81:ae:c3:e6:75:
         c4:fe:15:dc:f3:d4:5c:28:5c:98:88:1e:a1:2d:b6:38:f8:fb:
         9d:f0:6d:a3:85:11:14:92:52:7f:6e:86:4b:60:fc:de:6d:b5:
         e7:41:87:94
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUP03IPDNrAub6lSZZmMyUwQWQh1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE2MDdaFw0yNTAxMjEwNjIxMDdaMDMxMTAvBgNV
BAMTKDUwMDVGQkQ2OTg0RDZGOEFFNkYyMzczQjJGREU1OTBCRjRGRjk3RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNv9w2dwLJh/TRe8AqvCQX9Sif
4uwQnGxoaytgSvZTcQWPrdRdcNLILIIT8NmK0aa9YDG0eDmCPyEhds03GkHn7waT
cnb+6/P51L7eFsoMHsYRuHlCpuYq6VSoFswBABOcGuX6y36fDTgCseZL3G9Gu8OR
GSC0tStfXYI+Gq4d1frpkDR4RNaFXhMoV4ZysKGSn+nnL4T0xgUQ5o1CxC9xsdX6
O3rszHr9H+9VQv6Qc2ae/m8eibzLhgOKiu9YAUCN35lycKzoUr27TweQCFTFvwDl
oR40eII8oGR2UvmZNQF9LlWj5fIVyk73limgYbiKN8M7WqMcV+nKuXDjF/vtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUUAX71phNb4rm8jc7L95ZC/T/l/MwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0GMA0G
CSqGSIb3DQEBCwUAA4IBAQA0SXCzq4CouqFfpd+ZLIT6yygs3UQOUGDts0PBzJqa
ncYh30syOfwtLDd84fzgj1Hs94Sjgn4PhThJ3y5/ntPSnQDi4dAQA+0xJ94pT/Uu
0fNxmxE8nCmoDIdiSWjjhk6//Ire6y5qHYa7yggZsraihaDhYQsFAR4TKUOC6MLr
M78fgv+BmZBbef3U1o+bOFIz+ydWNilq9iuI12J5LWLAy/rJN2TMP70GuECbCL2K
XCzfbNxo4Yr7clr8Nnp+boY3nHX6Hs3ex8xMAuFrFA2TL6aiga7D5nXE/hXc89Rc
KFyYiB6hLbY4+Pud8G2jhREUklJ/boZLYPzebbXnQYeU
-----END CERTIFICATE-----