Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa
File:                     3139352e382e34392e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          GdGJgvYNNoZ/kupnHkCEn3oqTJ2JjJlQIIvW1S8EcMM=
Subject key identifier:   20:C7:34:19:E7:B3:04:41:3D:1D:5C:CB:72:2D:2D:DE:44:A8:57:9C
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       36004069F1E6E3F13623D4FD53E193A026763607
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 03 Jun 2024 06:05:16 +0000
ROA not before:           Mon 03 Jun 2024 06:00:16 +0000
ROA not after:            Mon 02 Jun 2025 06:05:16 +0000
asID:                     60458
IP address blocks:        195.8.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:00:40:69:f1:e6:e3:f1:36:23:d4:fd:53:e1:93:a0:26:76:36:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun  3 06:00:16 2024 GMT
            Not After : Jun  2 06:05:16 2025 GMT
        Subject: CN=20C73419E7B304413D1D5CCB722D2DDE44A8579C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:57:2b:5a:89:e3:0e:37:25:1a:f8:fd:21:
                    10:88:9c:bf:2c:fa:7f:09:4f:67:57:ed:9a:70:0b:
                    f8:87:b1:8e:72:48:be:d9:71:b0:9f:16:78:76:a6:
                    ee:c2:2f:65:89:6e:97:77:33:2b:b5:d7:ae:a7:9c:
                    07:b9:53:49:53:b0:46:ee:b2:9e:6d:73:b6:3c:e0:
                    79:dc:0c:98:f8:66:6d:32:00:1e:7c:0d:97:bd:e9:
                    9f:14:f7:a8:e4:3f:d2:0e:8f:9d:dc:e5:2e:1b:2c:
                    47:c1:1d:dc:83:ea:4a:73:73:e8:43:55:d6:ba:21:
                    0c:fc:e9:d1:e9:97:40:25:d8:c5:50:76:6b:6e:cc:
                    14:a3:e9:4b:0a:60:fd:26:81:82:76:43:ef:7c:01:
                    ca:97:d9:72:5c:6f:2e:7e:06:96:3c:ab:87:bb:6a:
                    fe:35:44:b5:f8:b6:39:a1:ab:3f:6d:27:6d:7d:6f:
                    25:32:69:43:b2:a4:43:47:35:84:0e:c1:59:bf:7b:
                    20:5a:c3:be:66:02:e3:de:19:67:5f:37:e7:9f:8a:
                    b3:11:ac:6c:aa:40:1e:d9:9a:fc:74:14:dc:e1:76:
                    a5:fe:c5:09:ef:15:7d:04:9f:91:81:cc:da:68:23:
                    d6:d5:93:44:10:6b:db:e8:ac:cb:43:b4:c3:f9:a4:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C7:34:19:E7:B3:04:41:3D:1D:5C:CB:72:2D:2D:DE:44:A8:57:9C
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:e5:8c:c3:3b:dc:2e:7b:3a:ec:04:df:09:a3:8f:2b:3e:56:
         db:e7:b8:8e:75:d6:37:35:6d:5c:13:26:ce:19:43:f6:0e:5d:
         21:1f:a2:e5:84:84:ec:5e:2a:7f:cd:88:79:17:97:ee:40:c2:
         04:3a:d2:64:3b:cd:71:b9:2d:b5:65:99:5a:d3:4f:3f:c1:89:
         3a:b3:72:ef:45:c7:59:27:11:00:8a:44:54:04:34:6e:16:16:
         79:52:92:43:d4:fe:93:6a:4e:10:70:b4:5a:b9:7e:6d:6e:00:
         ac:96:66:65:53:e4:03:c0:e1:29:d0:ad:c5:ea:70:b8:eb:4c:
         ec:a3:dc:a2:19:f1:c4:92:ef:87:58:a5:1d:4e:77:82:ea:3b:
         c2:b1:b4:0f:ca:52:29:a1:60:93:35:30:23:51:8b:6b:13:ed:
         31:b8:b6:cb:19:e4:ba:e9:58:f3:25:25:fd:77:9e:a1:8c:96:
         c5:77:c8:31:f4:4e:f7:5f:5a:e1:ce:65:4d:1b:9f:f8:4f:49:
         a3:16:be:73:8d:67:46:b5:2d:2d:44:37:2b:dd:0d:d8:bb:c9:
         38:30:0f:bd:2a:1a:4f:92:60:f8:68:46:6e:b0:f6:5a:f9:ca:
         8e:10:8c:5b:d2:27:12:83:03:ff:b0:5a:b4:6d:6b:ad:a6:50:
         22:b2:03:cd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNgBAafHm4/E2I9T9U+GToCZ2NgcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MDMwNjAwMTZaFw0yNTA2MDIwNjA1MTZaMDMxMTAvBgNV
BAMTKDIwQzczNDE5RTdCMzA0NDEzRDFENUNDQjcyMkQyRERFNDRBODU3OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwh1crWonjDjclGvj9IRCInL8s
+n8JT2dX7ZpwC/iHsY5ySL7ZcbCfFnh2pu7CL2WJbpd3Myu1166nnAe5U0lTsEbu
sp5tc7Y84HncDJj4Zm0yAB58DZe96Z8U96jkP9IOj53c5S4bLEfBHdyD6kpzc+hD
Vda6IQz86dHpl0Al2MVQdmtuzBSj6UsKYP0mgYJ2Q+98AcqX2XJcby5+BpY8q4e7
av41RLX4tjmhqz9tJ219byUyaUOypENHNYQOwVm/eyBaw75mAuPeGWdfN+efirMR
rGyqQB7Zmvx0FNzhdqX+xQnvFX0En5GBzNpoI9bVk0QQa9vorMtDtMP5pBPfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIMc0GeezBEE9HVzLci0t3kSoV5wwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM1MmUzODJlMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzAzNDM1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDCDEw
DQYJKoZIhvcNAQELBQADggEBANHljMM73C57OuwE3wmjjys+VtvnuI511jc1bVwT
Js4ZQ/YOXSEfouWEhOxeKn/NiHkXl+5AwgQ60mQ7zXG5LbVlmVrTTz/BiTqzcu9F
x1knEQCKRFQENG4WFnlSkkPU/pNqThBwtFq5fm1uAKyWZmVT5APA4SnQrcXqcLjr
TOyj3KIZ8cSS74dYpR1Od4LqO8KxtA/KUimhYJM1MCNRi2sT7TG4tssZ5LrpWPMl
Jf13nqGMlsV3yDH0TvdfWuHOZU0bn/hPSaMWvnONZ0a1LS1ENyvdDdi7yTgwD70q
Gk+SYPhoRm6w9lr5yo4QjFvSJxKDA/+wWrRta62mUCKyA80=
-----END CERTIFICATE-----