Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS139989.roa
File:                     AS139989.roa (raw, json)
Hash identifier:          Ufsz8+LmWFRwB0wYs7vVCoWyQ3ZavIfh6O6k4oT0eTU=
Subject key identifier:   33:F8:AB:C9:EE:5B:90:B3:18:4D:7A:92:B7:0B:9E:18:4C:06:73:85
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       F1A977FAA92C69E8F37EB43908AD14DDDB0CAF
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS139989.roa
Signing time:             Mon 09 Oct 2023 14:02:20 +0000
ROA not before:           Mon 09 Oct 2023 13:57:20 +0000
ROA not after:            Mon 07 Oct 2024 14:02:20 +0000
asID:                     139989
IP address blocks:        193.111.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f1:a9:77:fa:a9:2c:69:e8:f3:7e:b4:39:08:ad:14:dd:db:0c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct  9 13:57:20 2023 GMT
            Not After : Oct  7 14:02:20 2024 GMT
        Subject: CN=33F8ABC9EE5B90B3184D7A92B70B9E184C067385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:39:cd:60:c1:e7:7b:d7:20:45:6e:39:46:a6:
                    16:50:ad:d7:53:76:a8:0f:df:2d:ce:01:64:2f:7e:
                    e0:23:e6:cf:b3:07:38:8e:75:a3:9f:0e:b4:b9:f8:
                    28:69:1a:5c:9d:c4:99:49:5b:b5:4a:48:94:b2:09:
                    99:1e:0a:02:c6:65:1f:7a:34:1e:24:f6:b1:ba:40:
                    1e:62:a5:6c:58:b3:d3:0a:24:c5:d5:75:e4:b7:12:
                    88:4a:95:4d:d3:19:99:9f:40:55:fe:98:34:2c:da:
                    61:05:43:dd:da:6b:1c:38:43:79:69:eb:f7:91:c4:
                    cf:a1:bc:ba:8d:80:63:40:91:ed:1b:9f:a8:8c:d2:
                    2c:25:96:4d:ef:1a:69:37:83:1d:e1:f7:88:83:4b:
                    01:6e:31:6f:ac:1a:5f:72:73:fc:6a:40:e1:fe:5e:
                    e9:7f:2f:ef:91:e1:11:e5:f9:32:32:1e:18:2b:b3:
                    56:5a:0e:6b:7c:e3:54:25:f4:60:61:87:93:56:89:
                    a5:88:8a:2c:18:a8:ba:77:cc:e7:e2:4f:63:1c:32:
                    ad:60:ad:fa:9d:86:9b:59:28:ce:8a:f1:52:d1:a8:
                    a3:5a:f9:26:c4:0d:11:7e:c4:0f:96:b7:ab:9c:aa:
                    d4:59:47:47:90:05:3c:15:5c:d6:2a:ce:9f:61:bf:
                    2d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F8:AB:C9:EE:5B:90:B3:18:4D:7A:92:B7:0B:9E:18:4C:06:73:85
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS139989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:29:8a:9c:63:db:f7:bf:5f:40:30:f0:94:4e:c7:23:fd:47:
         e8:51:27:ed:9a:b6:02:61:69:f1:1e:56:32:d4:55:57:18:f4:
         58:88:55:31:5e:7c:66:40:50:a5:d9:34:48:de:e7:18:42:39:
         3a:ff:6e:cd:75:7b:39:88:e0:ca:17:95:e6:3f:44:13:fd:9f:
         93:ed:6f:5c:b1:ab:3e:f3:90:03:d5:37:7b:db:74:05:40:8f:
         f9:2d:7f:8b:e6:7a:e2:9d:a7:24:83:c8:01:39:24:70:e0:80:
         ac:06:58:15:b5:21:90:da:b5:59:d8:26:41:8e:de:db:f7:a1:
         17:d2:74:df:4f:75:d6:17:b5:28:02:44:b6:2c:7e:0e:4f:a3:
         55:8a:0f:ed:f9:a5:90:4e:e3:f0:80:c7:68:eb:20:82:f8:e8:
         ed:09:46:ed:b4:e9:20:06:45:14:d1:ff:93:b7:1f:f2:38:ed:
         07:80:2c:73:b6:bb:6c:6a:b8:c3:a5:b2:84:72:c5:de:c2:e4:
         ab:1f:fd:24:4e:ba:9f:41:b3:5f:9e:d7:72:d3:cf:da:0d:f7:
         42:72:ea:62:9b:8b:b7:02:2a:3b:93:55:a3:e2:04:b2:a0:b0:
         c1:da:42:89:f9:9e:70:2b:60:84:aa:15:ec:bf:e7:31:77:76:
         31:be:0b:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAPGpd/qpLGno8360OQitFN3bDK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEwMDkxMzU3MjBaFw0yNDEwMDcxNDAyMjBaMDMxMTAvBgNV
BAMTKDMzRjhBQkM5RUU1QjkwQjMxODREN0E5MkI3MEI5RTE4NEMwNjczODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvOc1gwed71yBFbjlGphZQrddT
dqgP3y3OAWQvfuAj5s+zBziOdaOfDrS5+ChpGlydxJlJW7VKSJSyCZkeCgLGZR96
NB4k9rG6QB5ipWxYs9MKJMXVdeS3EohKlU3TGZmfQFX+mDQs2mEFQ93aaxw4Q3lp
6/eRxM+hvLqNgGNAke0bn6iM0iwllk3vGmk3gx3h94iDSwFuMW+sGl9yc/xqQOH+
Xul/L++R4RHl+TIyHhgrs1ZaDmt841Ql9GBhh5NWiaWIiiwYqLp3zOfiT2McMq1g
rfqdhptZKM6K8VLRqKNa+SbEDRF+xA+Wt6ucqtRZR0eQBTwVXNYqzp9hvy2rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUM/irye5bkLMYTXqStwueGEwGc4UwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTM5OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW98
MA0GCSqGSIb3DQEBCwUAA4IBAQC8KYqcY9v3v19AMPCUTscj/UfoUSftmrYCYWnx
HlYy1FVXGPRYiFUxXnxmQFCl2TRI3ucYQjk6/27NdXs5iODKF5XmP0QT/Z+T7W9c
sas+85AD1Td723QFQI/5LX+L5nrinackg8gBOSRw4ICsBlgVtSGQ2rVZ2CZBjt7b
96EX0nTfT3XWF7UoAkS2LH4OT6NVig/t+aWQTuPwgMdo6yCC+OjtCUbttOkgBkUU
0f+Ttx/yOO0HgCxztrtsarjDpbKEcsXewuSrH/0kTrqfQbNfntdy08/aDfdCcupi
m4u3Aio7k1Wj4gSyoLDB2kKJ+Z5wK2CEqhXsv+cxd3Yxvgs9
-----END CERTIFICATE-----