Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          X5Nipdgo0yzXKg8I2MempjOdgn6TJSGZVY6GMU15zCw=
Subject key identifier:   3D:C2:04:D7:49:1B:A0:88:18:7F:91:BF:72:3B:7C:C0:4B:A1:49:DC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       602FD1C5CB4BB9E39ABFA4162CBA08002D0080BC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 18 Jul 2025 08:46:54 +0000
ROA not before:           Fri 18 Jul 2025 08:41:54 +0000
ROA not after:            Fri 17 Jul 2026 08:46:54 +0000
asID:                     47583
IP address blocks:        195.35.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:2f:d1:c5:cb:4b:b9:e3:9a:bf:a4:16:2c:ba:08:00:2d:00:80:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 18 08:41:54 2025 GMT
            Not After : Jul 17 08:46:54 2026 GMT
        Subject: CN=3DC204D7491BA088187F91BF723B7CC04BA149DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0b:70:0f:cf:0d:d5:51:56:a7:b7:a7:98:15:
                    78:24:6f:39:d8:11:f9:ff:e4:22:34:59:ee:24:66:
                    c6:92:d0:67:b7:9a:88:ef:14:d3:62:96:1c:e5:aa:
                    36:eb:1e:01:47:8e:63:4e:1c:4b:00:33:d8:53:2f:
                    46:49:f4:ce:9f:b5:5c:48:ca:8f:74:97:4e:b2:da:
                    d1:df:a2:13:e8:fd:ee:2d:b1:57:38:3b:38:c7:5f:
                    1d:22:4c:eb:b0:4e:72:ce:df:8a:0b:10:bc:5b:4c:
                    65:be:fe:05:41:83:4f:f5:b5:39:b7:f9:50:fd:f6:
                    5d:47:90:41:33:37:9f:7c:81:7f:0e:c9:da:27:39:
                    36:9a:01:13:24:f8:0b:3a:e7:6e:e8:ab:0a:48:f4:
                    91:3d:15:cb:3d:58:90:01:3b:e0:59:61:61:ef:b3:
                    c4:6a:92:e4:06:0e:34:54:9d:ae:eb:3e:6c:76:e3:
                    6a:e8:1e:92:22:64:05:59:3e:6e:cb:e2:a5:4c:9e:
                    94:58:a6:75:9c:ec:b2:de:87:4b:f9:ca:3b:22:c6:
                    d0:a6:10:6a:4d:68:11:c9:6e:2c:02:37:4e:b2:dd:
                    0b:03:a9:c2:ae:04:1f:f8:6c:17:7e:21:bf:95:44:
                    5e:b5:24:97:69:5a:01:c9:01:19:d0:69:72:92:5f:
                    a1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C2:04:D7:49:1B:A0:88:18:7F:91:BF:72:3B:7C:C0:4B:A1:49:DC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:4d:ad:18:48:e1:44:ba:3c:66:e4:37:e9:1a:ec:b8:53:3d:
         f7:6d:10:5c:47:52:28:bf:7a:05:b9:cc:17:5e:e1:1f:e3:76:
         0f:b0:d2:c0:df:16:62:d6:f3:63:d1:ac:bd:03:27:b0:93:9d:
         25:00:53:5b:fd:f6:1b:c3:46:4d:fc:c5:d7:d7:96:04:9c:1f:
         1b:a8:d9:cc:f1:f7:e4:ce:c4:f4:cc:b1:58:2b:ab:32:45:06:
         16:bb:8f:0a:80:57:49:7b:44:73:52:04:7e:84:da:33:47:29:
         23:49:47:04:dc:a9:77:99:70:c9:df:c7:a5:c1:2d:76:74:c4:
         2e:18:8a:39:21:98:8a:c6:c7:56:1e:e7:9e:a8:c4:c3:dc:94:
         9f:3d:e7:c6:f1:3c:50:7d:ed:5d:30:3c:7c:ba:ed:ec:ad:c3:
         74:00:68:e8:46:e9:0b:4c:f5:ee:a4:f3:aa:e1:8a:93:8a:7d:
         7e:87:51:3a:40:36:26:f7:b1:ed:54:00:b4:42:e1:d5:ac:75:
         22:e4:06:bd:88:80:36:f1:50:2b:fa:49:17:d4:5c:41:a8:4f:
         a3:e3:31:bb:b3:ec:62:2f:4b:0d:88:91:6f:e6:c7:83:04:50:
         0b:1d:c6:59:53:c3:56:f9:0c:a7:8e:c9:3f:f4:a1:94:c4:b9:
         37:40:5a:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYC/RxctLueOav6QWLLoIAC0AgLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTgwODQxNTRaFw0yNjA3MTcwODQ2NTRaMDMxMTAvBgNV
BAMTKDNEQzIwNEQ3NDkxQkEwODgxODdGOTFCRjcyM0I3Q0MwNEJBMTQ5REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRC3APzw3VUVant6eYFXgkbznY
Efn/5CI0We4kZsaS0Ge3mojvFNNilhzlqjbrHgFHjmNOHEsAM9hTL0ZJ9M6ftVxI
yo90l06y2tHfohPo/e4tsVc4OzjHXx0iTOuwTnLO34oLELxbTGW+/gVBg0/1tTm3
+VD99l1HkEEzN598gX8OydonOTaaARMk+As6527oqwpI9JE9Fcs9WJABO+BZYWHv
s8RqkuQGDjRUna7rPmx242roHpIiZAVZPm7L4qVMnpRYpnWc7LLeh0v5yjsixtCm
EGpNaBHJbiwCN06y3QsDqcKuBB/4bBd+Ib+VRF61JJdpWgHJARnQaXKSX6G1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPcIE10kboIgYf5G/cjt8wEuhSdwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
NjANBgkqhkiG9w0BAQsFAAOCAQEAk02tGEjhRLo8ZuQ36RrsuFM9920QXEdSKL96
BbnMF17hH+N2D7DSwN8WYtbzY9GsvQMnsJOdJQBTW/32G8NGTfzF19eWBJwfG6jZ
zPH35M7E9MyxWCurMkUGFruPCoBXSXtEc1IEfoTaM0cpI0lHBNypd5lwyd/HpcEt
dnTELhiKOSGYisbHVh7nnqjEw9yUnz3nxvE8UH3tXTA8fLrt7K3DdABo6EbpC0z1
7qTzquGKk4p9fodROkA2Jvex7VQAtELh1ax1IuQGvYiANvFQK/pJF9RcQahPo+Mx
u7PsYi9LDYiRb+bHgwRQCx3GWVPDVvkMp47JP/ShlMS5N0Ba+Q==
-----END CERTIFICATE-----