Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3232203d3e203437353833.roa
File:                     3139352e33352e34342e302f32322d3232203d3e203437353833.roa (raw, json)
Hash identifier:          Lk3I9oRignmWCB8Vw/gMmt29a+lmnbLW2ltn+rk0EJA=
Subject key identifier:   49:26:89:2A:99:F9:16:8D:6C:0C:CB:A5:58:2F:93:78:25:67:D5:97
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       584F46AED48D4854C9CA0073909023451CDD9959
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3232203d3e203437353833.roa
Signing time:             Wed 27 Sep 2023 14:36:17 +0000
ROA not before:           Wed 27 Sep 2023 14:31:17 +0000
ROA not after:            Wed 25 Sep 2024 14:36:17 +0000
asID:                     47583
IP address blocks:        195.35.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:4f:46:ae:d4:8d:48:54:c9:ca:00:73:90:90:23:45:1c:dd:99:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 14:31:17 2023 GMT
            Not After : Sep 25 14:36:17 2024 GMT
        Subject: CN=4926892A99F9168D6C0CCBA5582F93782567D597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:88:2c:a6:41:07:f0:61:83:d1:15:d2:42:d8:
                    11:b9:02:3d:2d:6b:ae:5d:45:f7:b8:f1:f1:7b:d4:
                    be:ab:7d:37:97:d5:9c:3e:2c:55:63:68:d5:f2:cd:
                    e2:5a:24:b8:77:01:74:97:06:04:69:09:43:2f:98:
                    65:ac:97:1b:a2:d4:5b:06:54:25:ef:ea:b9:5a:68:
                    a8:c2:a1:2b:96:ab:c8:a8:0b:cd:3a:7c:71:d2:d7:
                    ae:19:c9:ba:47:57:0f:51:80:07:fc:9b:d3:63:d4:
                    bb:34:9d:1f:e1:1d:7a:93:ac:cb:ce:5b:ce:3f:01:
                    10:e0:f8:1c:55:eb:cb:6f:09:9e:7c:72:1f:aa:4c:
                    82:d2:cb:d7:7f:77:c8:36:02:63:23:5f:2c:9b:9b:
                    e5:2a:5f:82:09:24:fe:26:d9:cd:5f:2b:35:11:93:
                    07:51:d0:53:f4:c1:cf:9b:2e:d1:8e:67:4f:15:c2:
                    16:29:c5:2a:9f:a6:1b:16:64:41:1e:61:53:c1:df:
                    2d:38:b4:37:c0:a8:b0:1e:bd:6e:bf:f5:ba:93:27:
                    ff:54:e7:f4:35:14:62:6f:58:f8:0f:d9:e5:94:75:
                    30:a7:32:cf:67:95:47:50:5f:8f:86:58:fb:00:11:
                    e6:48:dc:c3:67:19:26:a9:ab:c8:31:a8:57:c4:39:
                    25:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:26:89:2A:99:F9:16:8D:6C:0C:CB:A5:58:2F:93:78:25:67:D5:97
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3232203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:9b:9f:85:a3:08:6b:7c:d3:33:0a:56:ce:ea:7a:29:d4:05:
         89:eb:fe:a6:fb:69:68:58:5f:85:b1:fb:29:91:67:f1:98:9e:
         d2:a8:b7:75:72:c3:2c:96:d1:d7:c6:8c:bd:75:f3:33:cd:d3:
         6c:e2:55:91:e4:76:a7:b6:c3:9f:c1:20:ee:fb:a0:0b:ab:d9:
         cb:8a:67:15:00:9f:07:87:f4:65:b8:28:4c:e8:84:1c:ce:98:
         52:c2:e4:53:b3:13:83:dc:33:95:53:ed:5d:16:19:93:1a:02:
         69:43:ed:eb:7d:32:f2:a2:ca:df:8a:59:57:ac:cd:0b:b4:d2:
         cd:2e:b8:9b:15:b7:71:b3:8f:a8:7f:9a:a1:0f:e9:27:a7:e1:
         04:5a:2e:5b:f9:1a:dc:1f:65:96:4c:29:12:4d:b9:4e:0e:93:
         f2:8d:4a:13:d0:4d:85:8f:5a:6e:6c:d5:23:03:e8:c1:e4:41:
         52:ea:2c:40:c7:25:89:67:64:79:31:83:12:b8:d3:e4:fa:1b:
         3f:fa:20:f4:3d:71:ab:ae:7b:de:22:3e:84:10:5d:08:c9:73:
         14:ae:27:ff:7d:bb:9b:61:08:e3:cb:1d:3c:74:b1:4c:8d:f8:
         93:20:bb:34:14:17:33:74:af:58:dc:92:f1:8c:04:68:3d:d9:
         b2:59:ae:c9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWE9GrtSNSFTJygBzkJAjRRzdmVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxNDMxMTdaFw0yNDA5MjUxNDM2MTdaMDMxMTAvBgNV
BAMTKDQ5MjY4OTJBOTlGOTE2OEQ2QzBDQ0JBNTU4MkY5Mzc4MjU2N0Q1OTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSiCymQQfwYYPRFdJC2BG5Aj0t
a65dRfe48fF71L6rfTeX1Zw+LFVjaNXyzeJaJLh3AXSXBgRpCUMvmGWslxui1FsG
VCXv6rlaaKjCoSuWq8ioC806fHHS164ZybpHVw9RgAf8m9Nj1Ls0nR/hHXqTrMvO
W84/ARDg+BxV68tvCZ58ch+qTILSy9d/d8g2AmMjXyybm+UqX4IJJP4m2c1fKzUR
kwdR0FP0wc+bLtGOZ08VwhYpxSqfphsWZEEeYVPB3y04tDfAqLAevW6/9bqTJ/9U
5/Q1FGJvWPgP2eWUdTCnMs9nlUdQX4+GWPsAEeZI3MNnGSapq8gxqFfEOSUhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSSaJKpn5Fo1sDMulWC+TeCVn1ZcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM0
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
LDANBgkqhkiG9w0BAQsFAAOCAQEAQJufhaMIa3zTMwpWzup6KdQFiev+pvtpaFhf
hbH7KZFn8Zie0qi3dXLDLJbR18aMvXXzM83TbOJVkeR2p7bDn8Eg7vugC6vZy4pn
FQCfB4f0ZbgoTOiEHM6YUsLkU7MTg9wzlVPtXRYZkxoCaUPt630y8qLK34pZV6zN
C7TSzS64mxW3cbOPqH+aoQ/pJ6fhBFouW/ka3B9llkwpEk25Tg6T8o1KE9BNhY9a
bmzVIwPoweRBUuosQMcliWdkeTGDErjT5PobP/og9D1xq6573iI+hBBdCMlzFK4n
/327m2EI48sdPHSxTI34kyC7NBQXM3SvWNyS8YwEaD3ZslmuyQ==
-----END CERTIFICATE-----