Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa
File:                     3139352e3139312e34392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tAX3Go3Y1oszntsjkGYjvxyMi+6BW1lc0B/JhqET5Wk=
Subject key identifier:   F8:B5:93:E8:E3:3F:00:41:C6:24:B8:FA:3C:D7:B4:84:BE:16:A7:E5
Certificate issuer:       /CN=ac428c8eed241857f73d0f3d483abecb240519d0
Certificate serial:       41FA96DD5C231F2EB33BDF1A5DBBE40DECC47641
Authority key identifier: AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 19 Nov 2024 00:01:08 +0000
ROA not before:           Mon 18 Nov 2024 23:56:08 +0000
ROA not after:            Tue 18 Nov 2025 00:01:08 +0000
asID:                     834
IP address blocks:        195.191.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Feb 2025 22:54:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:fa:96:dd:5c:23:1f:2e:b3:3b:df:1a:5d:bb:e4:0d:ec:c4:76:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac428c8eed241857f73d0f3d483abecb240519d0
        Validity
            Not Before: Nov 18 23:56:08 2024 GMT
            Not After : Nov 18 00:01:08 2025 GMT
        Subject: CN=F8B593E8E33F0041C624B8FA3CD7B484BE16A7E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:db:39:35:cf:3b:d3:43:78:4c:e5:93:6e:79:
                    ab:e9:c3:bd:28:30:b8:f1:91:2b:17:5f:c7:1d:a0:
                    6e:38:20:c8:42:bf:db:cf:8d:04:a4:72:09:78:b1:
                    b2:66:97:aa:5c:81:53:80:d9:7e:85:25:77:9a:ca:
                    f2:32:05:d9:ee:a7:5a:d2:76:fa:4f:cf:53:28:ce:
                    64:75:56:d3:12:98:ad:1d:05:ff:44:9a:0a:1c:db:
                    af:ce:f6:ef:88:2c:36:59:37:65:ca:f5:ab:e3:85:
                    e8:ba:52:41:d4:2f:18:16:de:9e:e1:c4:cd:8f:af:
                    ab:08:5f:d9:84:71:13:a3:99:c0:1c:f3:39:d4:d0:
                    71:35:5e:df:58:0b:a3:b6:9e:a2:7e:f9:6b:bf:71:
                    8c:d5:84:07:da:ae:b4:ea:ae:99:82:37:b3:25:ef:
                    ac:e6:21:33:a9:76:84:3c:6b:4b:18:f8:4e:27:b7:
                    4b:e7:6d:f7:5c:a8:72:54:98:61:05:62:2a:44:62:
                    0c:18:59:9b:5a:3e:50:bd:3b:c1:a2:79:08:cf:5d:
                    58:cb:9d:c4:6a:d7:42:35:cf:ad:f4:99:69:66:5d:
                    ff:55:aa:1a:8f:28:b2:f4:84:a5:91:bb:7e:67:eb:
                    6b:b6:ca:87:37:05:2a:51:d1:e6:f8:1f:5c:b4:81:
                    a7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B5:93:E8:E3:3F:00:41:C6:24:B8:FA:3C:D7:B4:84:BE:16:A7:E5
            X509v3 Authority Key Identifier:
                keyid:AC:42:8C:8E:ED:24:18:57:F7:3D:0F:3D:48:3A:BE:CB:24:05:19:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/AC428C8EED241857F73D0F3D483ABECB240519D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rEKMju0kGFf3PQ89SDq-yyQFGdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1309bdce-70e3-46ae-8f05-0c3ada8f8a42/0/3139352e3139312e34392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:02:e8:5a:e6:61:be:2f:ca:93:9f:8f:26:9d:79:c2:a0:a3:
         9d:e4:91:a3:89:7a:b9:50:0f:82:3a:70:94:16:5f:9b:4d:c5:
         20:82:41:f9:c2:e6:bd:50:ac:a0:8b:df:82:2e:28:e2:f9:d7:
         0f:2a:d2:0d:fb:81:a2:12:60:a5:87:9b:35:d1:0c:ec:40:c5:
         cb:3f:ac:dc:eb:6a:09:02:c8:25:0e:b6:fc:d0:fb:35:e2:3b:
         05:6c:fa:24:0a:94:d2:e7:d4:07:01:a7:d4:0d:7e:be:9d:e2:
         1b:71:ea:39:18:bf:ac:b0:70:b1:cc:32:9f:f4:76:83:6a:31:
         15:55:58:75:d8:bc:e2:ae:e1:d7:23:4f:97:a6:70:4f:46:42:
         49:5d:17:6a:76:03:73:2f:33:34:39:a5:61:7d:de:28:03:c2:
         18:f6:41:14:e5:5a:d9:17:24:05:e3:38:b7:0c:88:89:cf:79:
         2c:d5:aa:8a:90:c4:b8:4c:92:05:a0:20:90:00:28:09:e6:81:
         ac:92:b9:e9:a5:b4:60:71:c4:7e:90:af:7b:25:ec:e6:04:b8:
         e4:71:10:65:e2:0f:81:fd:cb:49:0a:f4:3a:e9:38:00:31:74:
         0b:e6:37:bd:11:3d:dc:8e:e9:4b:81:05:cf:cd:c0:dc:b6:c8:
         24:19:b7:74
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQfqW3VwjHy6zO98aXbvkDezEdkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWM0MjhjOGVlZDI0MTg1N2Y3M2QwZjNkNDgzYWJlY2Iy
NDA1MTlkMDAeFw0yNDExMTgyMzU2MDhaFw0yNTExMTgwMDAxMDhaMDMxMTAvBgNV
BAMTKEY4QjU5M0U4RTMzRjAwNDFDNjI0QjhGQTNDRDdCNDg0QkUxNkE3RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI2zk1zzvTQ3hM5ZNueavpw70o
MLjxkSsXX8cdoG44IMhCv9vPjQSkcgl4sbJml6pcgVOA2X6FJXeayvIyBdnup1rS
dvpPz1MozmR1VtMSmK0dBf9Emgoc26/O9u+ILDZZN2XK9avjhei6UkHULxgW3p7h
xM2Pr6sIX9mEcROjmcAc8znU0HE1Xt9YC6O2nqJ++Wu/cYzVhAfarrTqrpmCN7Ml
76zmITOpdoQ8a0sY+E4nt0vnbfdcqHJUmGEFYipEYgwYWZtaPlC9O8GieQjPXVjL
ncRq10I1z630mWlmXf9VqhqPKLL0hKWRu35n62u2yoc3BSpR0eb4H1y0gadlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+LWT6OM/AEHGJLj6PNe0hL4Wp+UwHwYDVR0j
BBgwFoAUrEKMju0kGFf3PQ89SDq+yyQFGdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTMwOWJkY2UtNzBlMy00NmFlLThmMDUtMGMzYWRhOGY4
YTQyLzAvQUM0MjhDOEVFRDI0MTg1N0Y3M0QwRjNENDgzQUJFQ0IyNDA1MTlEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JFS01qdTBrR0ZmM1BRODlTRHEteXlR
RkdkQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTMwOWJkY2Ut
NzBlMy00NmFlLThmMDUtMGMzYWRhOGY4YTQyLzAvMzEzOTM1MmUzMTM5MzEyZTM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDvzEw
DQYJKoZIhvcNAQELBQADggEBAIkC6FrmYb4vypOfjyadecKgo53kkaOJerlQD4I6
cJQWX5tNxSCCQfnC5r1QrKCL34IuKOL51w8q0g37gaISYKWHmzXRDOxAxcs/rNzr
agkCyCUOtvzQ+zXiOwVs+iQKlNLn1AcBp9QNfr6d4htx6jkYv6ywcLHMMp/0doNq
MRVVWHXYvOKu4dcjT5emcE9GQkldF2p2A3MvMzQ5pWF93igDwhj2QRTlWtkXJAXj
OLcMiInPeSzVqoqQxLhMkgWgIJAAKAnmgaySuemltGBxxH6Qr3sl7OYEuORxEGXi
D4H9y0kK9DrpOAAxdAvmN70RPdyO6UuBBc/NwNy2yCQZt3Q=
-----END CERTIFICATE-----