Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa
File:                     3139352e382e3131392e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          00lrJWkec3fubbrqFxOXSFvzFz6jGW/mxIc2Z+19+og=
Subject key identifier:   0E:22:C0:74:83:AA:1C:80:29:85:3E:EA:10:D1:8F:E7:A5:9E:78:AA
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       023071B1377284BBFDCC37F6094B6EA6C140F965
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 03 Jul 2023 05:41:57 +0000
ROA not before:           Mon 03 Jul 2023 05:36:57 +0000
ROA not after:            Mon 01 Jul 2024 05:41:57 +0000
asID:                     60458
IP address blocks:        195.8.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:30:71:b1:37:72:84:bb:fd:cc:37:f6:09:4b:6e:a6:c1:40:f9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jul  3 05:36:57 2023 GMT
            Not After : Jul  1 05:41:57 2024 GMT
        Subject: CN=0E22C07483AA1C8029853EEA10D18FE7A59E78AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:41:66:e3:5d:da:55:3b:ca:1f:20:96:da:cb:
                    e4:b3:bd:a8:5f:97:3f:4f:ca:c4:3d:1c:f9:f9:d3:
                    dd:cf:e1:33:2a:d2:f1:df:eb:76:5e:34:ef:b6:80:
                    38:d2:3e:f6:12:82:5f:9c:3f:7a:c1:cf:74:54:41:
                    16:84:f0:2b:9b:de:99:03:63:14:21:ff:a8:32:50:
                    1e:2e:c1:70:b7:01:2e:23:0a:2d:c6:51:01:bf:09:
                    40:90:71:fb:69:55:76:49:9e:7f:a1:64:a3:5b:78:
                    d8:d5:14:fb:15:20:2b:6c:d8:d2:42:81:67:ac:cb:
                    8b:da:c0:f2:fd:1f:a5:93:43:db:ba:91:f2:66:67:
                    58:36:4b:44:47:d9:81:c0:d7:9d:bf:64:85:2c:cb:
                    11:e5:8c:93:b5:00:2d:2e:67:25:b4:64:ee:23:73:
                    de:03:ba:73:c8:20:15:8d:85:a0:1f:0b:93:9e:04:
                    f0:e5:ec:47:42:81:12:ba:1d:ee:53:1d:cf:a0:3f:
                    5f:24:24:61:1c:87:05:bd:2c:eb:b2:09:10:91:59:
                    06:98:82:f6:94:d1:72:be:97:4d:f5:23:4e:79:d7:
                    60:d7:25:db:f9:19:4c:4f:4a:a4:19:4b:eb:40:69:
                    ef:cc:4a:0c:f9:8e:df:53:de:02:cc:cd:82:0f:c1:
                    d6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:22:C0:74:83:AA:1C:80:29:85:3E:EA:10:D1:8F:E7:A5:9E:78:AA
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e3131392e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:db:a5:16:70:55:2d:0f:24:78:d2:b2:94:81:2e:ff:94:47:
         e9:5d:44:f8:89:17:f7:ff:7b:ad:68:26:8c:9f:66:ad:0c:b7:
         89:a1:1a:cc:24:3e:09:7e:6b:47:64:26:fd:5a:5b:18:a5:5b:
         fa:69:bd:ba:25:41:07:68:e0:f8:aa:1c:e4:52:46:c9:ff:52:
         06:da:b3:70:b3:44:bb:8f:f1:40:f1:02:b7:ae:32:05:3f:57:
         aa:a4:4f:de:7b:a1:6b:bf:0c:98:9a:6c:3f:fc:5e:e4:02:55:
         87:d8:72:34:11:c2:c9:28:8a:a1:99:6b:1d:8c:24:8e:4d:aa:
         c3:6c:7c:ce:6f:a4:c2:6c:01:b6:b5:58:c3:cd:e5:17:aa:18:
         9b:a5:96:e6:60:31:59:a2:86:72:33:53:9f:c4:ec:8f:a3:2d:
         c0:82:94:bf:7b:2f:e1:7f:ff:5f:1c:8a:01:39:93:fb:06:61:
         3c:44:c8:de:e6:f2:5e:d7:70:3c:47:78:9e:c9:65:c1:6b:95:
         ba:27:08:77:26:83:11:6c:bd:81:4a:30:38:e4:07:a5:99:2e:
         a8:f6:c9:ca:8a:4f:a5:0c:54:d6:81:d5:31:f3:fa:1e:24:dd:
         9b:40:25:88:90:23:d6:26:64:c6:81:2f:d4:8b:05:94:4c:09:
         4e:a7:b7:c1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAjBxsTdyhLv9zDf2CUtupsFA+WUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yMzA3MDMwNTM2NTdaFw0yNDA3MDEwNTQxNTdaMDMxMTAvBgNV
BAMTKDBFMjJDMDc0ODNBQTFDODAyOTg1M0VFQTEwRDE4RkU3QTU5RTc4QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQWbjXdpVO8ofIJbay+Szvahf
lz9PysQ9HPn5093P4TMq0vHf63ZeNO+2gDjSPvYSgl+cP3rBz3RUQRaE8Cub3pkD
YxQh/6gyUB4uwXC3AS4jCi3GUQG/CUCQcftpVXZJnn+hZKNbeNjVFPsVICts2NJC
gWesy4vawPL9H6WTQ9u6kfJmZ1g2S0RH2YHA152/ZIUsyxHljJO1AC0uZyW0ZO4j
c94DunPIIBWNhaAfC5OeBPDl7EdCgRK6He5THc+gP18kJGEchwW9LOuyCRCRWQaY
gvaU0XK+l031I05512DXJdv5GUxPSqQZS+tAae/MSgz5jt9T3gLMzYIPwdahAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDiLAdIOqHIAphT7qENGP56WeeKowHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM1MmUzODJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMI
dzANBgkqhkiG9w0BAQsFAAOCAQEAxNulFnBVLQ8keNKylIEu/5RH6V1E+IkX9/97
rWgmjJ9mrQy3iaEazCQ+CX5rR2Qm/VpbGKVb+mm9uiVBB2jg+Koc5FJGyf9SBtqz
cLNEu4/xQPECt64yBT9XqqRP3nuha78MmJpsP/xe5AJVh9hyNBHCySiKoZlrHYwk
jk2qw2x8zm+kwmwBtrVYw83lF6oYm6WW5mAxWaKGcjNTn8Tsj6MtwIKUv3sv4X//
XxyKATmT+wZhPETI3ubyXtdwPEd4nsllwWuVuicIdyaDEWy9gUowOOQHpZkuqPbJ
yopPpQxU1oHVMfP6HiTdm0AliJAj1iZkxoEv1IsFlEwJTqe3wQ==
-----END CERTIFICATE-----