Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3231203d3e203437353833.roa
File:                     3139352e33352e382e302f32312d3231203d3e203437353833.roa (raw, json)
Hash identifier:          6T2RHNa73BivYWtIJrXSHOppU+fhpeMvFN3Tx1wImy4=
Subject key identifier:   8B:3A:14:69:28:EF:F2:06:5F:42:AA:A3:E2:0E:5E:48:C9:77:33:08
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4B5A69429A9DB330AED1A0B7FD22651A11B1E9B1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3231203d3e203437353833.roa
Signing time:             Mon 06 Nov 2023 17:36:46 +0000
ROA not before:           Mon 06 Nov 2023 17:31:46 +0000
ROA not after:            Mon 04 Nov 2024 17:36:46 +0000
asID:                     47583
IP address blocks:        195.35.8.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:5a:69:42:9a:9d:b3:30:ae:d1:a0:b7:fd:22:65:1a:11:b1:e9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  6 17:31:46 2023 GMT
            Not After : Nov  4 17:36:46 2024 GMT
        Subject: CN=8B3A146928EFF2065F42AAA3E20E5E48C9773308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7e:c1:ee:6d:27:7b:71:94:45:8e:a2:42:f7:
                    77:e1:0f:52:72:7c:50:e7:8f:07:61:7e:06:ed:63:
                    28:5e:05:3f:74:7d:f7:79:50:5d:f6:27:50:e3:99:
                    77:3c:ea:29:ce:57:ac:d5:63:71:a9:8e:64:8c:7b:
                    58:8d:46:a3:d3:87:69:fa:f0:9c:5d:a9:a6:cf:14:
                    d6:06:bf:e3:58:74:ef:11:c3:8b:6b:2d:e2:a1:88:
                    cc:d6:c1:79:2b:5f:ec:79:0c:8c:c3:d9:d9:c5:19:
                    d2:09:6a:76:9b:c6:15:4e:b0:3d:1f:bd:73:ba:7e:
                    4a:a4:fe:5b:e4:33:5c:61:4a:9a:11:3a:bf:91:39:
                    e7:a0:5c:36:22:0c:91:91:69:39:08:2b:73:14:79:
                    95:8f:23:bf:35:cf:e6:86:83:8a:4d:1a:0f:b4:a6:
                    23:7e:cf:31:57:66:c7:f3:1f:b6:9b:ba:af:4f:64:
                    67:9f:0a:1a:4e:c6:13:45:a5:20:87:9f:17:60:c9:
                    fa:d2:80:cb:08:2a:08:4f:aa:4b:b7:69:2b:db:24:
                    10:b3:1c:5f:fe:36:39:74:3e:e0:7e:68:4d:bc:dd:
                    99:bf:88:2d:1f:00:70:ef:00:81:ec:23:73:08:b9:
                    6e:56:92:2b:bf:42:7b:cb:6d:21:8d:b9:4d:3c:85:
                    da:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3A:14:69:28:EF:F2:06:5F:42:AA:A3:E2:0E:5E:48:C9:77:33:08
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3231203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:1f:df:da:4d:3a:ae:42:c9:21:26:26:7b:cf:b8:c6:20:b1:
         f1:6e:1f:a8:c8:83:3b:79:f2:e9:92:2d:7b:23:82:cf:ac:b6:
         b2:42:79:43:e3:76:0c:21:e5:9a:b6:01:e1:32:62:4f:d3:53:
         da:2e:da:86:1b:87:ae:82:20:24:23:a9:a2:8e:d9:5c:c3:96:
         9f:31:fd:3a:46:72:48:15:d4:94:46:53:af:03:6c:a0:cc:7a:
         3a:1a:9f:a8:c2:c1:00:35:04:1d:10:13:c3:16:41:89:20:99:
         07:1e:00:ca:c6:48:ac:90:66:fb:53:48:30:92:de:d8:1d:17:
         06:6d:df:f7:66:ba:7f:62:ed:b4:a7:f6:55:7d:b7:99:19:ab:
         51:2b:b8:79:8b:19:f7:6d:12:ff:3f:a9:1d:00:d9:0f:18:9d:
         4b:d7:46:00:99:6c:2e:90:c3:96:67:00:cd:9b:5a:c5:31:91:
         c2:ae:aa:98:4c:e4:7d:4b:f7:37:4b:4c:25:b5:bb:61:4c:f9:
         e9:cf:25:b2:b7:86:b2:ea:0f:a0:ee:11:ee:9c:8d:f4:de:81:
         a3:70:41:6e:1d:41:d2:08:ec:03:a2:68:42:21:a2:2c:71:29:
         b1:1a:34:8a:42:53:22:3b:8b:cb:7b:58:d2:57:4b:b1:73:88:
         dc:32:e4:6c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS1ppQpqdszCu0aC3/SJlGhGx6bEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzExMDYxNzMxNDZaFw0yNDExMDQxNzM2NDZaMDMxMTAvBgNV
BAMTKDhCM0ExNDY5MjhFRkYyMDY1RjQyQUFBM0UyMEU1RTQ4Qzk3NzMzMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFfsHubSd7cZRFjqJC93fhD1Jy
fFDnjwdhfgbtYyheBT90ffd5UF32J1DjmXc86inOV6zVY3GpjmSMe1iNRqPTh2n6
8JxdqabPFNYGv+NYdO8Rw4trLeKhiMzWwXkrX+x5DIzD2dnFGdIJanabxhVOsD0f
vXO6fkqk/lvkM1xhSpoROr+ROeegXDYiDJGRaTkIK3MUeZWPI781z+aGg4pNGg+0
piN+zzFXZsfzH7abuq9PZGefChpOxhNFpSCHnxdgyfrSgMsIKghPqku3aSvbJBCz
HF/+Njl0PuB+aE283Zm/iC0fAHDvAIHsI3MIuW5Wkiu/QnvLbSGNuU08hdqXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUizoUaSjv8gZfQqqj4g5eSMl3MwgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzODJl
MzAyZjMyMzEyZDMyMzEyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPDIwgw
DQYJKoZIhvcNAQELBQADggEBAEIf39pNOq5CySEmJnvPuMYgsfFuH6jIgzt58umS
LXsjgs+strJCeUPjdgwh5Zq2AeEyYk/TU9ou2oYbh66CICQjqaKO2VzDlp8x/TpG
ckgV1JRGU68DbKDMejoan6jCwQA1BB0QE8MWQYkgmQceAMrGSKyQZvtTSDCS3tgd
FwZt3/dmun9i7bSn9lV9t5kZq1EruHmLGfdtEv8/qR0A2Q8YnUvXRgCZbC6Qw5Zn
AM2bWsUxkcKuqphM5H1L9zdLTCW1u2FM+enPJbK3hrLqD6DuEe6cjfTegaNwQW4d
QdII7AOiaEIhoixxKbEaNIpCUyI7i8t7WNJXS7FziNwy5Gw=
-----END CERTIFICATE-----