Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32382e302f32332d3233203d3e203437353833.roa
File:                     3139352e33352e32382e302f32332d3233203d3e203437353833.roa (raw, json)
Hash identifier:          slLS5BnsGAy0OvGLSf8x+24z+YVRsClXFzzR3hnIdJE=
Subject key identifier:   1C:34:4F:B8:FB:61:F2:A3:42:3A:B8:E2:A1:0D:0E:75:3D:7B:B9:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       10F4019F7E214272C5BFA60104D286DFB9BEE5DD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32382e302f32332d3233203d3e203437353833.roa
Signing time:             Mon 06 Nov 2023 17:37:40 +0000
ROA not before:           Mon 06 Nov 2023 17:32:40 +0000
ROA not after:            Mon 04 Nov 2024 17:37:40 +0000
asID:                     47583
IP address blocks:        195.35.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:f4:01:9f:7e:21:42:72:c5:bf:a6:01:04:d2:86:df:b9:be:e5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  6 17:32:40 2023 GMT
            Not After : Nov  4 17:37:40 2024 GMT
        Subject: CN=1C344FB8FB61F2A3423AB8E2A10D0E753D7BB9BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a3:a4:f6:12:fe:82:90:9e:89:33:fe:63:90:
                    4d:eb:cb:2a:4e:5e:8f:18:d9:af:19:6b:bc:f6:d5:
                    8a:fb:6e:ed:18:82:7d:9a:02:44:6e:66:de:7d:43:
                    61:83:0e:55:c1:78:80:15:26:f4:6a:06:95:36:89:
                    55:43:b7:60:d8:b0:1b:57:0a:a2:26:d6:50:23:88:
                    3e:d4:da:3a:f3:3f:35:a7:f5:c8:32:1b:7e:be:e5:
                    44:f8:2b:c2:df:31:2a:46:70:d4:d8:14:5b:9a:67:
                    c4:5d:44:a0:6c:c4:ac:54:76:4d:67:8e:3a:17:77:
                    54:46:5b:a2:8c:99:89:2a:82:6e:25:b4:cb:ed:82:
                    31:99:b6:ac:b4:8d:68:b4:37:00:de:d3:9d:12:34:
                    6e:16:df:33:c3:57:69:0d:fe:b2:0e:ca:6a:36:3d:
                    3a:6f:8e:6f:9a:96:a5:ae:cd:6e:34:d6:e7:d6:06:
                    35:b5:fb:19:ee:17:42:96:07:d7:b6:17:a0:bf:bc:
                    89:48:18:d9:56:63:34:b9:09:4e:37:87:0e:84:91:
                    78:84:d4:37:a2:cf:ed:50:75:fd:19:58:c7:bf:3b:
                    a9:e4:c3:8a:77:5e:78:74:a5:9f:ff:73:76:b5:0e:
                    ef:f4:85:2a:fb:ec:e8:8d:8c:76:7b:92:55:55:fc:
                    81:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:34:4F:B8:FB:61:F2:A3:42:3A:B8:E2:A1:0D:0E:75:3D:7B:B9:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32382e302f32332d3233203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:18:bc:44:bc:a4:c7:ab:dd:f7:8e:f4:2d:69:f9:66:26:06:
         d4:15:8c:dc:53:d2:ea:5f:35:48:6b:cf:11:f2:be:ce:4e:5b:
         61:60:8e:18:73:b2:93:ad:c3:a5:cf:c3:85:0b:72:f4:af:cf:
         8b:c5:ba:5b:71:46:e9:a7:f3:14:e6:66:c5:a1:63:05:e1:b4:
         aa:24:39:6f:79:55:81:9d:c3:d3:b5:f8:89:ed:fc:61:5d:9f:
         70:ae:f7:cc:a0:f4:84:b1:31:6f:5c:f7:cf:92:92:c0:ed:5c:
         1d:09:75:77:e3:cf:b8:5c:a6:3f:5a:6a:60:c1:de:0b:8c:82:
         79:d7:3a:39:1f:e0:75:c9:16:41:25:18:81:ce:ef:aa:4a:80:
         53:ec:cb:6c:c0:17:e9:f2:a6:30:f7:9b:de:64:82:b5:c9:10:
         fd:4f:db:18:19:ce:ce:f1:f1:09:7b:9b:50:25:5e:cd:1b:15:
         16:01:90:70:84:3c:af:8c:9a:51:f9:9e:09:6a:cd:03:39:d5:
         d7:73:40:2c:e3:7b:1b:8b:40:37:74:15:c2:a3:96:7f:6b:bc:
         cc:77:dd:c3:c8:77:e8:f6:eb:6c:f3:86:c7:b2:6c:f1:a1:f2:
         06:a7:60:e6:87:30:94:ff:e5:97:aa:81:72:ce:fc:3c:ca:e3:
         cb:72:57:62
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEPQBn34hQnLFv6YBBNKG37m+5d0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzExMDYxNzMyNDBaFw0yNDExMDQxNzM3NDBaMDMxMTAvBgNV
BAMTKDFDMzQ0RkI4RkI2MUYyQTM0MjNBQjhFMkExMEQwRTc1M0Q3QkI5QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQo6T2Ev6CkJ6JM/5jkE3ryypO
Xo8Y2a8Za7z21Yr7bu0Ygn2aAkRuZt59Q2GDDlXBeIAVJvRqBpU2iVVDt2DYsBtX
CqIm1lAjiD7U2jrzPzWn9cgyG36+5UT4K8LfMSpGcNTYFFuaZ8RdRKBsxKxUdk1n
jjoXd1RGW6KMmYkqgm4ltMvtgjGZtqy0jWi0NwDe050SNG4W3zPDV2kN/rIOymo2
PTpvjm+alqWuzW401ufWBjW1+xnuF0KWB9e2F6C/vIlIGNlWYzS5CU43hw6EkXiE
1Deiz+1Qdf0ZWMe/O6nkw4p3Xnh0pZ//c3a1Du/0hSr77OiNjHZ7klVV/IHXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHDRPuPth8qNCOrjioQ0OdT17ubowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
HDANBgkqhkiG9w0BAQsFAAOCAQEAiBi8RLykx6vd9470LWn5ZiYG1BWM3FPS6l81
SGvPEfK+zk5bYWCOGHOyk63Dpc/DhQty9K/Pi8W6W3FG6afzFOZmxaFjBeG0qiQ5
b3lVgZ3D07X4ie38YV2fcK73zKD0hLExb1z3z5KSwO1cHQl1d+PPuFymP1pqYMHe
C4yCedc6OR/gdckWQSUYgc7vqkqAU+zLbMAX6fKmMPeb3mSCtckQ/U/bGBnOzvHx
CXubUCVezRsVFgGQcIQ8r4yaUfmeCWrNAznV13NALON7G4tAN3QVwqOWf2u8zHfd
w8h36PbrbPOGx7Js8aHyBqdg5ocwlP/ll6qBcs78PMrjy3JXYg==
-----END CERTIFICATE-----