Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa
File:                     3139352e382e34392e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          4nPeE4WDot0aQzE1E2AL4UC2dMhv5fMNvAbvgkN5zUQ=
Subject key identifier:   15:46:93:68:7A:14:BA:63:E1:00:AA:B4:A8:B2:5D:97:12:93:B7:81
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       3FBE8DE915443704622E160F553BF2219377C5E0
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 05 May 2025 06:54:05 +0000
ROA not before:           Mon 05 May 2025 06:49:05 +0000
ROA not after:            Mon 04 May 2026 06:54:05 +0000
asID:                     60458
IP address blocks:        195.8.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:be:8d:e9:15:44:37:04:62:2e:16:0f:55:3b:f2:21:93:77:c5:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: May  5 06:49:05 2025 GMT
            Not After : May  4 06:54:05 2026 GMT
        Subject: CN=154693687A14BA63E100AAB4A8B25D971293B781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:97:5a:40:86:f7:04:14:91:b1:20:3a:ae:
                    b1:92:76:9a:e9:55:cf:f6:23:1d:1a:e7:cc:1f:89:
                    e9:7f:7d:83:a4:97:f1:15:92:cf:2d:5e:af:4e:ab:
                    7e:ad:aa:6f:85:76:ef:c7:b7:e5:29:cc:1e:31:61:
                    62:fb:3c:ec:62:3f:47:e4:70:d7:04:7d:15:04:dd:
                    44:8c:36:99:ac:13:25:f0:43:59:61:6b:37:0c:cb:
                    13:25:c2:63:6c:39:01:8c:01:fd:2c:00:eb:24:65:
                    d5:e0:1f:49:8f:9f:72:ea:18:31:bd:a1:90:71:fc:
                    06:86:f8:f0:3a:69:61:e6:ff:9c:9a:b6:75:99:a5:
                    a0:d0:00:40:64:26:6f:83:1a:c1:ff:73:98:1e:eb:
                    b9:2b:dc:86:61:7d:fa:bf:0f:5e:8c:e3:8b:3b:33:
                    a3:e9:c1:9d:16:d0:79:8c:e7:28:67:b3:11:9a:f9:
                    97:1c:59:72:12:4e:d6:b6:79:fe:33:dd:fc:7d:1e:
                    66:0f:0b:75:09:5f:86:0e:71:6e:86:b1:63:73:ff:
                    15:03:b2:1e:80:bf:55:74:59:b8:91:4e:97:43:af:
                    b4:cd:06:23:bf:b8:27:fb:2f:d2:03:91:d6:01:d3:
                    69:23:b3:0a:3b:4f:3e:0d:e2:fc:d2:a3:38:84:81:
                    1f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:46:93:68:7A:14:BA:63:E1:00:AA:B4:A8:B2:5D:97:12:93:B7:81
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34392e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:7c:52:14:ff:72:2c:c2:6f:ce:5a:71:e2:66:4d:39:f7:2b:
         4d:1c:1b:7c:29:3a:7d:94:bb:68:f4:6d:38:0c:29:47:f6:c4:
         34:fe:8d:0f:7f:8a:48:e0:bb:e2:78:55:39:8e:77:a7:bb:51:
         40:92:b4:af:cd:70:a4:1b:77:75:a0:0f:d7:4a:89:06:be:5b:
         55:4b:f4:a2:0e:50:75:ea:84:36:62:14:41:d1:e7:7f:d8:67:
         55:46:dd:1f:fa:d4:1d:cf:53:ff:c3:76:27:c4:6c:0d:a0:40:
         84:30:df:f5:3f:28:b8:9f:1e:76:41:e1:0d:96:99:ef:7c:c9:
         80:c4:3c:fa:cd:10:ab:49:bf:a6:47:e7:43:29:ce:27:c3:11:
         16:d0:28:65:80:a0:ba:89:73:6f:76:f1:01:3a:38:0c:64:41:
         8a:23:3b:65:72:76:81:8a:32:34:81:00:96:89:5d:e4:fb:0b:
         f0:87:f7:cd:55:d1:f6:5d:94:7a:8d:54:09:15:83:24:4f:eb:
         df:47:90:68:48:05:a8:cf:56:e2:77:4a:cc:66:6f:3e:37:ef:
         44:6e:b0:d2:cc:a2:b4:03:a7:6e:df:a8:a5:54:ea:36:cb:f2:
         30:ba:b6:73:6c:3f:cd:57:70:c6:ac:b1:9f:d0:a9:98:5a:db:
         89:2c:bf:a0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUP76N6RVENwRiLhYPVTvyIZN3xeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTA1MDUwNjQ5MDVaFw0yNjA1MDQwNjU0MDVaMDMxMTAvBgNV
BAMTKDE1NDY5MzY4N0ExNEJBNjNFMTAwQUFCNEE4QjI1RDk3MTI5M0I3ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrMZdaQIb3BBSRsSA6rrGSdprp
Vc/2Ix0a58wfiel/fYOkl/EVks8tXq9Oq36tqm+Fdu/Ht+UpzB4xYWL7POxiP0fk
cNcEfRUE3USMNpmsEyXwQ1lhazcMyxMlwmNsOQGMAf0sAOskZdXgH0mPn3LqGDG9
oZBx/AaG+PA6aWHm/5yatnWZpaDQAEBkJm+DGsH/c5ge67kr3IZhffq/D16M44s7
M6PpwZ0W0HmM5yhnsxGa+ZccWXISTta2ef4z3fx9HmYPC3UJX4YOcW6GsWNz/xUD
sh6Av1V0WbiRTpdDr7TNBiO/uCf7L9IDkdYB02kjswo7Tz4N4vzSoziEgR/RAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFUaTaHoUumPhAKq0qLJdlxKTt4EwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM1MmUzODJlMzQzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzAzNDM1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDCDEw
DQYJKoZIhvcNAQELBQADggEBAMd8UhT/cizCb85aceJmTTn3K00cG3wpOn2Uu2j0
bTgMKUf2xDT+jQ9/ikjgu+J4VTmOd6e7UUCStK/NcKQbd3WgD9dKiQa+W1VL9KIO
UHXqhDZiFEHR53/YZ1VG3R/61B3PU//DdifEbA2gQIQw3/U/KLifHnZB4Q2Wme98
yYDEPPrNEKtJv6ZH50MpzifDERbQKGWAoLqJc2928QE6OAxkQYojO2VydoGKMjSB
AJaJXeT7C/CH981V0fZdlHqNVAkVgyRP699HkGhIBajPVuJ3Ssxmbz4370RusNLM
orQDp27fqKVU6jbL8jC6tnNsP81XcMassZ/QqZha24ksv6A=
-----END CERTIFICATE-----