Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa
File:                     3139342e33312e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          1JGVsN0WKp7Ld1VbUPYaLFNGtKX6rPcrtLdzmcf2WCg=
Subject key identifier:   5F:FC:39:D8:CF:81:EB:EA:90:84:AF:F9:36:43:15:68:F1:A5:5B:DA
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3B5139E127D9E08D6CFCB156EDFEC8C9EFAD407D
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 21 Feb 2024 20:20:39 +0000
ROA not before:           Wed 21 Feb 2024 20:15:39 +0000
ROA not after:            Wed 19 Feb 2025 20:20:39 +0000
asID:                     834
IP address blocks:        194.31.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:51:39:e1:27:d9:e0:8d:6c:fc:b1:56:ed:fe:c8:c9:ef:ad:40:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 21 20:15:39 2024 GMT
            Not After : Feb 19 20:20:39 2025 GMT
        Subject: CN=5FFC39D8CF81EBEA9084AFF936431568F1A55BDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b5:af:b4:3c:c9:23:bd:c2:ea:77:53:9f:5d:
                    84:91:65:08:cd:72:42:0d:1b:c9:7c:7c:d5:23:3b:
                    db:69:24:7b:f3:71:ed:be:6c:f4:18:e8:27:b5:f6:
                    9a:8d:f2:d3:94:89:9e:53:70:45:94:5b:ab:05:7d:
                    6f:4a:54:b2:46:2b:dc:c1:7c:2e:26:00:c0:d6:cd:
                    2c:a6:23:30:b4:5c:6f:5c:bb:14:86:30:c6:97:57:
                    be:82:4e:b4:91:a2:c6:7c:fe:ea:38:de:6c:92:59:
                    bf:80:a1:40:2c:09:7d:b1:98:b6:2e:f2:e8:ff:32:
                    78:22:9e:b4:86:4e:f7:73:23:c3:9e:f8:53:8c:04:
                    3e:90:46:60:6f:c4:d6:ac:e3:4f:70:39:bb:07:dd:
                    2f:68:9e:70:fb:58:03:8d:e3:90:41:09:96:88:67:
                    d4:17:ec:b0:f7:67:2b:70:80:ac:49:74:4d:c6:57:
                    e2:38:d3:66:f1:bf:6a:13:8e:6d:2d:b6:a4:ff:ba:
                    08:25:4e:cf:8f:74:bb:b4:54:de:68:41:e3:d6:4c:
                    ce:e5:56:5e:6e:5d:be:9b:f6:35:1a:80:b6:d7:84:
                    a1:54:32:9f:d5:86:74:df:2d:ac:8f:6d:c2:ef:d9:
                    2d:fd:08:44:b4:2a:f5:a1:0e:ef:4b:6a:e4:9f:79:
                    25:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:FC:39:D8:CF:81:EB:EA:90:84:AF:F9:36:43:15:68:F1:A5:5B:DA
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:df:e6:b4:14:f1:8b:b2:84:b2:c8:56:ea:2f:7d:21:2f:73:
         f2:f4:11:50:0b:ee:08:01:8c:79:68:d8:08:09:93:83:07:e0:
         83:d6:19:0d:7d:73:c0:93:fa:97:a7:d7:94:75:e1:19:93:77:
         39:2f:86:84:7d:11:b2:3a:3b:8a:4f:86:cc:e6:1b:73:6f:20:
         8f:2b:10:d4:d4:9d:39:73:de:7f:de:fd:b4:1e:e3:87:87:ec:
         39:84:1e:a5:a9:c0:90:58:f1:2d:0e:ab:a4:9a:3a:19:da:0e:
         32:7a:dc:93:aa:99:db:ff:73:60:bd:5d:25:5f:38:51:0b:58:
         8a:74:cb:98:9d:3c:5f:13:ad:af:30:e7:d5:39:86:5b:3f:bc:
         c5:9b:30:64:c5:12:d2:62:e2:60:0a:a9:2d:08:1e:f1:88:51:
         3a:b9:ff:17:c3:08:da:c8:19:b0:5f:e7:43:14:41:2f:4a:6b:
         23:65:fa:7e:f3:92:8e:23:86:c9:ca:67:40:49:5f:d6:28:6d:
         f0:4a:f2:43:04:0a:94:a7:53:e8:e9:76:46:8b:1e:0a:66:2f:
         04:10:11:ae:34:0a:35:b2:8b:57:1e:08:2c:9c:1d:7a:b0:a7:
         0b:cb:87:29:c6:b3:d7:4f:d5:65:6c:f9:77:87:bd:c7:6c:68:
         08:b2:4d:29
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO1E54SfZ4I1s/LFW7f7Iye+tQH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjEyMDE1MzlaFw0yNTAyMTkyMDIwMzlaMDMxMTAvBgNV
BAMTKDVGRkMzOUQ4Q0Y4MUVCRUE5MDg0QUZGOTM2NDMxNTY4RjFBNTVCREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvta+0PMkjvcLqd1OfXYSRZQjN
ckING8l8fNUjO9tpJHvzce2+bPQY6Ce19pqN8tOUiZ5TcEWUW6sFfW9KVLJGK9zB
fC4mAMDWzSymIzC0XG9cuxSGMMaXV76CTrSRosZ8/uo43mySWb+AoUAsCX2xmLYu
8uj/MnginrSGTvdzI8Oe+FOMBD6QRmBvxNas409wObsH3S9onnD7WAON45BBCZaI
Z9QX7LD3ZytwgKxJdE3GV+I402bxv2oTjm0ttqT/ugglTs+PdLu0VN5oQePWTM7l
Vl5uXb6b9jUagLbXhKFUMp/VhnTfLayPbcLv2S39CES0KvWhDu9LauSfeSVNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUX/w52M+B6+qQhK/5NkMVaPGlW9owHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCH5Qw
DQYJKoZIhvcNAQELBQADggEBAGPf5rQU8YuyhLLIVuovfSEvc/L0EVAL7ggBjHlo
2AgJk4MH4IPWGQ19c8CT+pen15R14RmTdzkvhoR9EbI6O4pPhszmG3NvII8rENTU
nTlz3n/e/bQe44eH7DmEHqWpwJBY8S0Oq6SaOhnaDjJ63JOqmdv/c2C9XSVfOFEL
WIp0y5idPF8Tra8w59U5hls/vMWbMGTFEtJi4mAKqS0IHvGIUTq5/xfDCNrIGbBf
50MUQS9KayNl+n7zko4jhsnKZ0BJX9YobfBK8kMECpSnU+jpdkaLHgpmLwQQEa40
CjWyi1ceCCycHXqwpwvLhynGs9dP1WVs+XeHvcdsaAiyTSk=
-----END CERTIFICATE-----