Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          x55j3L003m1t4kdNJmPhZsBuDIyEw0rMzNTAjUWqVU0=
Subject key identifier:   51:01:7F:EC:89:13:31:87:8B:F2:1D:E3:4C:CC:45:7E:9D:E8:8B:48
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2B9CF09A239EDBE65A1FB7566DC6C76CB7FC07E5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 15 Sep 2023 07:09:08 +0000
ROA not before:           Fri 15 Sep 2023 07:04:08 +0000
ROA not after:            Fri 13 Sep 2024 07:09:08 +0000
asID:                     47583
IP address blocks:        195.35.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:9c:f0:9a:23:9e:db:e6:5a:1f:b7:56:6d:c6:c7:6c:b7:fc:07:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 15 07:04:08 2023 GMT
            Not After : Sep 13 07:09:08 2024 GMT
        Subject: CN=51017FEC891331878BF21DE34CCC457E9DE88B48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:56:67:ea:12:52:8c:57:ea:e0:8e:3d:02:2d:
                    6e:e8:77:fe:f4:0e:60:89:fe:36:53:43:00:b4:ce:
                    f0:58:f7:3c:4f:ff:fe:19:2e:ae:f6:05:9b:93:ec:
                    36:97:1b:de:ab:b4:c3:a2:1a:4c:29:75:e6:5e:0e:
                    8e:d6:9f:75:63:c7:ab:ba:87:b3:b3:f7:5b:e0:a8:
                    10:8b:6f:9e:41:c6:a3:b2:8b:85:37:78:ee:3f:99:
                    62:b5:ab:ba:08:f9:17:7f:a3:c9:47:56:bc:90:14:
                    34:a6:49:00:83:90:a4:ce:d3:dd:ed:98:3e:10:69:
                    4e:a7:60:cd:88:5f:83:ab:83:0a:4c:29:06:38:27:
                    77:1b:49:e9:bb:7a:ff:3f:20:80:10:51:19:cb:d1:
                    45:a7:b7:ca:cd:c1:25:29:62:00:38:06:e2:a1:0f:
                    60:b0:48:e1:8e:38:e3:b5:b0:03:72:4b:0b:ca:12:
                    03:c9:f4:1f:89:57:9c:8b:e0:89:46:44:2b:6d:53:
                    bf:5c:f6:8c:46:94:7e:11:fd:de:b1:bf:dc:d4:81:
                    9b:80:04:71:9e:e4:27:31:5e:79:63:d8:6d:e4:94:
                    d4:09:3d:92:64:ca:79:d4:ce:f8:19:93:ff:f1:ee:
                    40:3e:12:1a:8a:37:7f:1a:6c:34:e2:b0:4c:5e:0e:
                    ff:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:01:7F:EC:89:13:31:87:8B:F2:1D:E3:4C:CC:45:7E:9D:E8:8B:48
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:54:5c:76:ce:82:aa:6a:8c:a8:de:f9:cf:50:80:a4:20:fc:
         26:dc:c1:ef:1b:d4:9f:28:c5:53:84:ff:81:bf:50:c8:32:cb:
         2e:6b:28:c9:d8:3c:46:e7:29:76:5b:23:c4:c4:49:54:2e:91:
         cd:3c:37:78:29:99:b2:cf:a2:3d:99:89:95:db:5d:e1:ec:ce:
         75:11:81:75:4d:d6:bb:a6:e4:89:18:0f:a1:c2:1a:1f:e5:0d:
         75:c4:a4:1e:84:16:da:4b:42:77:d1:39:00:f9:2d:8e:e8:df:
         e9:19:b2:17:51:ce:b8:42:4c:b7:db:2e:0f:e4:db:65:48:70:
         02:2b:ee:91:87:43:ae:1d:bd:4d:0c:56:cf:bc:1e:9d:c8:2d:
         46:63:3d:57:39:74:c6:19:bd:14:cf:63:1e:68:84:87:f0:4d:
         f6:8d:45:5d:ae:34:de:65:82:61:94:54:4c:09:d7:0b:a8:78:
         23:07:d3:ec:91:b5:5d:94:73:6b:4d:94:ee:31:37:1a:03:5a:
         55:d6:75:0b:c5:a1:1a:f4:f6:ab:cc:26:80:9a:28:85:f8:be:
         29:35:6e:97:07:17:a4:2c:12:03:ea:6d:d6:f2:b8:6e:da:5a:
         17:85:05:7a:ad:86:31:ae:be:ca:52:a7:3c:47:67:33:7e:c8:
         8b:70:6a:54
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK5zwmiOe2+ZaH7dWbcbHbLf8B+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTUwNzA0MDhaFw0yNDA5MTMwNzA5MDhaMDMxMTAvBgNV
BAMTKDUxMDE3RkVDODkxMzMxODc4QkYyMURFMzRDQ0M0NTdFOURFODhCNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYVmfqElKMV+rgjj0CLW7od/70
DmCJ/jZTQwC0zvBY9zxP//4ZLq72BZuT7DaXG96rtMOiGkwpdeZeDo7Wn3Vjx6u6
h7Oz91vgqBCLb55BxqOyi4U3eO4/mWK1q7oI+Rd/o8lHVryQFDSmSQCDkKTO093t
mD4QaU6nYM2IX4OrgwpMKQY4J3cbSem7ev8/IIAQURnL0UWnt8rNwSUpYgA4BuKh
D2CwSOGOOOO1sANySwvKEgPJ9B+JV5yL4IlGRCttU79c9oxGlH4R/d6xv9zUgZuA
BHGe5CcxXnlj2G3klNQJPZJkynnUzvgZk//x7kA+EhqKN38abDTisExeDv9XAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUQF/7IkTMYeL8h3jTMxFfp3oi0gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
NjANBgkqhkiG9w0BAQsFAAOCAQEAXlRcds6CqmqMqN75z1CApCD8JtzB7xvUnyjF
U4T/gb9QyDLLLmsoydg8RucpdlsjxMRJVC6RzTw3eCmZss+iPZmJldtd4ezOdRGB
dU3Wu6bkiRgPocIaH+UNdcSkHoQW2ktCd9E5APktjujf6RmyF1HOuEJMt9suD+Tb
ZUhwAivukYdDrh29TQxWz7wencgtRmM9Vzl0xhm9FM9jHmiEh/BN9o1FXa403mWC
YZRUTAnXC6h4IwfT7JG1XZRza02U7jE3GgNaVdZ1C8WhGvT2q8wmgJoohfi+KTVu
lwcXpCwSA+pt1vK4btpaF4UFeq2GMa6+ylKnPEdnM37Ii3BqVA==
-----END CERTIFICATE-----