Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
File:                     3139342e35302e3233332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          L3p459uMFd20wdhlSROP5I7yuWhHhv+RLCrvkQjX8Ms=
Subject key identifier:   6D:16:2C:22:60:2D:99:31:09:FC:11:84:42:E6:CC:AD:F6:93:A1:E9
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       4A65DE4974CBD0ABEF7AD2F6B0539E5767317F0D
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
Signing time:             Wed 20 Nov 2024 07:43:28 +0000
ROA not before:           Wed 20 Nov 2024 07:38:28 +0000
ROA not after:            Wed 19 Nov 2025 07:43:28 +0000
asID:                     9009
IP address blocks:        194.50.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:65:de:49:74:cb:d0:ab:ef:7a:d2:f6:b0:53:9e:57:67:31:7f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov 20 07:38:28 2024 GMT
            Not After : Nov 19 07:43:28 2025 GMT
        Subject: CN=6D162C22602D993109FC118442E6CCADF693A1E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3e:f3:e0:1c:76:61:85:b2:df:7f:fb:f5:49:
                    76:df:35:04:7e:6f:fa:e2:57:8c:e3:0a:78:54:ac:
                    48:fe:56:74:f9:c1:d6:84:72:7c:4d:3b:27:58:a1:
                    71:a0:3d:72:9a:08:ac:c3:37:ad:d7:af:a3:1d:0a:
                    38:6e:a9:97:d4:87:43:63:ff:21:dd:f0:9c:73:6c:
                    5b:f0:f7:1e:38:b3:97:fe:88:96:4b:b6:34:54:12:
                    25:66:cf:17:88:ed:82:b3:46:2f:15:38:70:ae:69:
                    df:4e:21:85:93:41:7d:3b:6b:fb:a3:b6:24:8a:5f:
                    20:e7:af:8e:4a:e0:58:52:97:09:26:ed:cc:e9:b3:
                    79:46:f6:8d:fb:e7:36:f4:89:29:c5:ed:a5:0d:3d:
                    4f:4c:2a:43:ba:37:a1:98:98:b9:22:e0:b8:d7:29:
                    96:5c:86:11:8e:bc:cb:d3:5d:1b:90:31:0b:49:8c:
                    1c:70:2d:ea:10:44:9c:b6:b7:e1:d6:4a:ac:c7:be:
                    65:b2:e1:39:8a:c9:38:db:9d:06:a7:53:32:cc:53:
                    a7:74:3b:12:f2:eb:68:94:0d:79:db:14:96:87:38:
                    6e:7e:1b:d9:f7:ae:f9:08:3c:40:15:67:b7:73:f4:
                    34:2c:21:ff:be:05:3e:cf:6c:3d:5f:71:12:83:b1:
                    98:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:16:2C:22:60:2D:99:31:09:FC:11:84:42:E6:CC:AD:F6:93:A1:E9
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:dd:48:d3:bb:c0:38:0f:64:b0:13:9b:77:ae:4d:a4:1d:f7:
         a8:fb:79:89:01:83:b7:af:9c:0f:9f:25:21:2e:49:f0:9f:f8:
         8d:52:ac:48:ec:d9:b0:2e:5e:24:a0:ba:63:90:ca:55:b9:e4:
         6c:3d:ab:4b:d8:18:d3:ba:b1:17:d2:d9:7d:fd:d7:c4:37:13:
         52:1c:e1:cf:c5:d8:85:e2:fe:be:ed:96:ba:f6:77:f5:a8:62:
         67:c3:d9:90:f6:4a:d8:51:f3:1d:37:cc:61:31:aa:20:9b:b2:
         98:91:14:77:b3:01:24:ec:6f:7c:de:6e:3f:50:6c:6e:07:d5:
         0b:f1:2a:b3:23:c4:0f:ba:30:e3:ba:5d:4c:d9:b3:31:67:be:
         e1:d7:3f:96:6b:13:87:0b:9a:00:dd:62:38:00:e4:0c:80:58:
         4e:79:09:26:bf:ec:d5:05:b8:a1:16:21:6f:8e:ac:06:37:a3:
         a6:51:d6:da:b7:a8:57:3f:de:a2:0d:b5:ab:f8:32:d7:60:a8:
         0f:07:66:9d:78:fa:89:57:1c:ab:3c:5a:f9:43:ff:14:81:63:
         fb:f6:a3:6f:f4:b7:af:9d:b6:38:20:fc:23:3f:81:20:49:dd:
         19:d5:47:86:ed:90:15:1c:b6:0c:3c:57:bb:c1:df:2a:ee:d2:
         f5:ac:f8:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSmXeSXTL0KvvetL2sFOeV2cxfw0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDExMjAwNzM4MjhaFw0yNTExMTkwNzQzMjhaMDMxMTAvBgNV
BAMTKDZEMTYyQzIyNjAyRDk5MzEwOUZDMTE4NDQyRTZDQ0FERjY5M0ExRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlPvPgHHZhhbLff/v1SXbfNQR+
b/riV4zjCnhUrEj+VnT5wdaEcnxNOydYoXGgPXKaCKzDN63Xr6MdCjhuqZfUh0Nj
/yHd8JxzbFvw9x44s5f+iJZLtjRUEiVmzxeI7YKzRi8VOHCuad9OIYWTQX07a/uj
tiSKXyDnr45K4FhSlwkm7czps3lG9o375zb0iSnF7aUNPU9MKkO6N6GYmLki4LjX
KZZchhGOvMvTXRuQMQtJjBxwLeoQRJy2t+HWSqzHvmWy4TmKyTjbnQanUzLMU6d0
OxLy62iUDXnbFJaHOG5+G9n3rvkIPEAVZ7dz9DQsIf++BT7PbD1fcRKDsZjrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbRYsImAtmTEJ/BGEQubMrfaToekwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzEzOTM0MmUzNTMwMmUzMjMz
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIy
6TANBgkqhkiG9w0BAQsFAAOCAQEAv91I07vAOA9ksBObd65NpB33qPt5iQGDt6+c
D58lIS5J8J/4jVKsSOzZsC5eJKC6Y5DKVbnkbD2rS9gY07qxF9LZff3XxDcTUhzh
z8XYheL+vu2WuvZ39ahiZ8PZkPZK2FHzHTfMYTGqIJuymJEUd7MBJOxvfN5uP1Bs
bgfVC/EqsyPED7ow47pdTNmzMWe+4dc/lmsThwuaAN1iOADkDIBYTnkJJr/s1QW4
oRYhb46sBjejplHW2reoVz/eog21q/gy12CoDwdmnXj6iVccqzxa+UP/FIFj+/aj
b/S3r522OCD8Iz+BIEndGdVHhu2QFRy2DDxXu8HfKu7S9az4Qg==
-----END CERTIFICATE-----