Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/3139352e3138322e342e302f32342d3234203d3e203432363839.roa
File:                     3139352e3138322e342e302f32342d3234203d3e203432363839.roa (raw, json)
Hash identifier:          Pu5rpQ/0T3M9UHF/uPv2L3CkIb4NHMWe3fbKFsgwHAo=
Subject key identifier:   E1:6E:AB:DF:D1:86:B9:0F:7D:DB:36:81:2C:E4:FA:CB:64:77:EF:F8
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       3287F267299CEEB2B0DCEDD3C81BCA30EA051F38
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/3139352e3138322e342e302f32342d3234203d3e203432363839.roa
Signing time:             Tue 19 Mar 2024 10:27:11 +0000
ROA not before:           Tue 19 Mar 2024 10:22:11 +0000
ROA not after:            Tue 18 Mar 2025 10:27:11 +0000
asID:                     42689
IP address blocks:        195.182.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:87:f2:67:29:9c:ee:b2:b0:dc:ed:d3:c8:1b:ca:30:ea:05:1f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Mar 19 10:22:11 2024 GMT
            Not After : Mar 18 10:27:11 2025 GMT
        Subject: CN=E16EABDFD186B90F7DDB36812CE4FACB6477EFF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3a:bd:bc:91:21:e2:cc:67:11:80:87:d1:c5:
                    0d:a7:f0:17:6b:25:eb:28:d2:8b:31:c6:05:b5:29:
                    53:85:8a:c2:39:aa:c9:21:46:7a:fb:10:ee:9f:89:
                    0b:32:6d:ea:34:44:65:86:d7:77:ab:b4:5d:16:5c:
                    c8:5e:49:88:00:ba:11:57:16:d6:bd:a6:3a:79:d2:
                    89:e4:2e:14:92:d7:3b:46:96:10:47:1e:fb:e0:96:
                    a8:97:d6:4c:20:d2:f0:33:1c:f1:42:50:d1:28:6c:
                    25:d0:61:5e:7e:ba:91:58:88:15:18:d1:2e:02:66:
                    96:55:13:09:8e:2b:05:a9:57:b2:d8:87:f8:26:0c:
                    69:d0:fb:c8:0e:21:df:ac:db:19:a3:af:a8:81:6e:
                    33:41:05:37:6f:d6:d9:bc:e2:58:fc:ad:aa:8e:ce:
                    97:28:a7:f1:0d:46:e1:4a:03:b8:b4:98:38:cf:49:
                    37:3a:98:07:14:5c:d3:23:c8:ca:f5:86:ca:73:9e:
                    80:3f:27:2b:bf:b6:a5:82:55:25:52:2a:9b:f7:8d:
                    cb:d1:a8:be:a5:50:b7:72:6e:aa:e5:dd:db:b0:14:
                    d8:e7:72:d9:84:d7:8d:b6:82:a2:fe:28:3c:fe:e6:
                    9a:1f:21:cd:41:35:c5:5f:5e:55:74:5a:95:e1:ad:
                    e5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6E:AB:DF:D1:86:B9:0F:7D:DB:36:81:2C:E4:FA:CB:64:77:EF:F8
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/3139352e3138322e342e302f32342d3234203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a0:1c:1a:81:2d:fb:48:04:c4:aa:7b:78:09:a4:52:8d:1d:
         b0:d1:50:90:3c:eb:bf:14:5e:ee:23:6a:08:c3:d3:05:2c:1d:
         72:36:85:02:e3:1f:78:7b:c3:29:35:ce:69:d4:b2:9a:31:76:
         75:fc:f3:4f:b4:70:01:4f:ef:97:77:41:ca:10:d7:f5:ba:2a:
         be:75:76:5e:fd:48:f7:ef:46:65:41:b0:d3:3a:f6:6f:00:4f:
         cc:bc:34:c1:49:b5:a6:91:f8:03:e1:ee:18:86:b1:dc:28:86:
         b8:5c:23:18:fd:be:02:65:46:12:57:8a:33:8f:62:87:cc:71:
         1e:41:92:c7:cd:af:b2:48:9e:cd:64:f5:4f:4d:3a:f6:76:61:
         15:85:c5:a0:3a:58:8f:d7:58:de:d8:3e:e8:88:73:93:11:f5:
         eb:fa:3b:e2:83:2f:7d:7c:25:55:d5:fa:85:4d:5c:89:6d:a5:
         cb:27:74:db:16:2d:58:97:92:88:bf:97:e3:07:eb:8e:58:a6:
         1b:d0:cc:19:52:f8:96:0e:90:71:18:54:06:68:56:56:2d:d2:
         29:a7:84:3a:2c:9a:94:a7:1b:74:ff:0b:16:9b:db:9d:db:24:
         a0:b8:76:7e:ae:38:3f:1f:29:de:b7:bc:be:47:7d:65:59:34:
         ac:fe:2d:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMofyZymc7rKw3O3TyBvKMOoFHzgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDAzMTkxMDIyMTFaFw0yNTAzMTgxMDI3MTFaMDMxMTAvBgNV
BAMTKEUxNkVBQkRGRDE4NkI5MEY3RERCMzY4MTJDRTRGQUNCNjQ3N0VGRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnOr28kSHizGcRgIfRxQ2n8Bdr
Jeso0osxxgW1KVOFisI5qskhRnr7EO6fiQsybeo0RGWG13ertF0WXMheSYgAuhFX
Fta9pjp50onkLhSS1ztGlhBHHvvglqiX1kwg0vAzHPFCUNEobCXQYV5+upFYiBUY
0S4CZpZVEwmOKwWpV7LYh/gmDGnQ+8gOId+s2xmjr6iBbjNBBTdv1tm84lj8raqO
zpcop/ENRuFKA7i0mDjPSTc6mAcUXNMjyMr1hspznoA/Jyu/tqWCVSVSKpv3jcvR
qL6lULdybqrl3duwFNjnctmE1422gqL+KDz+5pofIc1BNcVfXlV0WpXhreVBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4W6r39GGuQ992zaBLOT6y2R37/gwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzEzOTM1MmUzMTM4MzIyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM2MzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMO2
BDANBgkqhkiG9w0BAQsFAAOCAQEACKAcGoEt+0gExKp7eAmkUo0dsNFQkDzrvxRe
7iNqCMPTBSwdcjaFAuMfeHvDKTXOadSymjF2dfzzT7RwAU/vl3dByhDX9boqvnV2
Xv1I9+9GZUGw0zr2bwBPzLw0wUm1ppH4A+HuGIax3CiGuFwjGP2+AmVGEleKM49i
h8xxHkGSx82vskiezWT1T0069nZhFYXFoDpYj9dY3tg+6IhzkxH16/o74oMvfXwl
VdX6hU1ciW2lyyd02xYtWJeSiL+X4wfrjlimG9DMGVL4lg6QcRhUBmhWVi3SKaeE
OiyalKcbdP8LFpvbndskoLh2fq44Px8p3re8vkd9ZVk0rP4tHQ==
-----END CERTIFICATE-----