Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
File:                     3139352e3138342e39322e302f32332d3233203d3e2035343634.roa (raw, json)
Hash identifier:          croMu0E9wofvL0uxcR7zjKLYZEonbZiHP8TK6ggNZ7I=
Subject key identifier:   23:65:76:36:5A:24:3E:A8:45:88:C7:77:C3:DA:37:5C:1D:D1:51:48
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       5FCC7D21CB5CA26A8F5E5197B87B56D1A21B6789
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
Signing time:             Wed 22 May 2024 09:05:16 +0000
ROA not before:           Wed 22 May 2024 09:00:16 +0000
ROA not after:            Wed 21 May 2025 09:05:16 +0000
asID:                     5464
IP address blocks:        195.184.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cc:7d:21:cb:5c:a2:6a:8f:5e:51:97:b8:7b:56:d1:a2:1b:67:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: May 22 09:00:16 2024 GMT
            Not After : May 21 09:05:16 2025 GMT
        Subject: CN=236576365A243EA84588C777C3DA375C1DD15148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:17:cd:7a:21:bb:2c:ad:f0:9c:f1:60:e8:17:
                    61:3d:8a:ae:88:89:d5:66:19:94:47:c7:de:3f:9a:
                    49:ae:28:4f:8a:a1:80:e6:11:94:5f:03:bf:f3:0b:
                    db:25:79:37:7e:d9:74:c7:72:50:e0:09:ce:d2:28:
                    13:5d:4b:ff:e2:fd:c5:73:0d:f7:e5:0d:90:12:bd:
                    2a:f6:2d:6f:8d:82:af:3d:fd:34:c3:45:d3:07:28:
                    ef:d6:fa:38:a6:b1:2c:91:0d:45:4e:3c:b9:9d:a3:
                    df:81:d3:da:ff:2a:fd:23:8e:05:29:50:f8:e8:dc:
                    fa:f1:15:a4:56:3a:65:ab:a6:ae:b5:bf:ca:65:b6:
                    95:23:69:54:23:ec:c2:a8:a4:e5:bf:4b:5c:11:db:
                    eb:20:a4:98:3c:86:71:1e:ba:ad:a0:f3:99:14:8c:
                    4f:2b:d1:f1:aa:66:20:19:5f:78:ce:e9:d8:ef:b1:
                    80:4e:e1:f1:93:5c:3f:94:92:9f:f3:12:86:69:47:
                    2d:11:05:20:36:cf:cd:c0:46:0b:0d:81:35:8c:c0:
                    55:32:89:33:8f:51:2e:37:2d:45:1b:c7:0a:c5:c8:
                    34:ae:01:df:50:9d:e5:32:37:96:28:98:86:fd:ed:
                    3a:03:f3:be:41:cc:a9:84:a2:3d:6a:0d:06:ab:3b:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:65:76:36:5A:24:3E:A8:45:88:C7:77:C3:DA:37:5C:1D:D1:51:48
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:d4:97:30:b0:a1:ac:9f:63:5a:51:ff:da:87:04:52:09:a4:
         28:c8:4c:cc:b8:03:80:2d:a5:73:8f:b6:91:19:9a:fc:b3:9a:
         92:65:00:6f:67:9b:9c:b9:8b:69:34:03:fd:9d:3f:21:2f:c5:
         12:9f:ed:33:f4:f8:7b:72:ba:12:90:49:76:62:f3:5a:ac:2b:
         96:9c:0d:8e:82:e0:ac:2c:af:29:2a:64:99:03:f9:d8:ef:46:
         d8:71:46:30:c1:d6:55:86:8c:6f:5d:ce:2c:19:f6:d6:46:99:
         4b:c4:7e:a4:72:b9:ea:19:91:cb:83:83:6a:89:62:0c:53:cf:
         b4:52:27:49:31:6b:b1:47:3d:ee:7e:5d:80:2b:2d:b5:c5:e4:
         80:7b:49:65:39:05:11:bd:f3:94:e9:af:9b:26:53:e0:ee:24:
         13:a6:af:89:f5:e2:35:f2:b8:e8:63:5c:f3:91:99:5d:e5:db:
         b3:a3:8f:ba:85:92:2f:a9:c1:40:68:a4:cc:d3:10:0d:69:df:
         38:e4:5c:5e:0d:49:09:a9:fc:1f:49:e7:ce:f4:65:ac:98:2e:
         61:aa:77:4f:17:fd:94:d3:08:02:e5:d0:b3:45:20:75:cd:57:
         12:a1:c8:65:ba:62:2f:de:25:74:da:65:6a:e8:80:39:f8:4f:
         93:6d:d8:74
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUX8x9IctcomqPXlGXuHtW0aIbZ4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDA1MjIwOTAwMTZaFw0yNTA1MjEwOTA1MTZaMDMxMTAvBgNV
BAMTKDIzNjU3NjM2NUEyNDNFQTg0NTg4Qzc3N0MzREEzNzVDMUREMTUxNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBF816IbssrfCc8WDoF2E9iq6I
idVmGZRHx94/mkmuKE+KoYDmEZRfA7/zC9sleTd+2XTHclDgCc7SKBNdS//i/cVz
DfflDZASvSr2LW+Ngq89/TTDRdMHKO/W+jimsSyRDUVOPLmdo9+B09r/Kv0jjgUp
UPjo3PrxFaRWOmWrpq61v8pltpUjaVQj7MKopOW/S1wR2+sgpJg8hnEeuq2g85kU
jE8r0fGqZiAZX3jO6djvsYBO4fGTXD+Ukp/zEoZpRy0RBSA2z83ARgsNgTWMwFUy
iTOPUS43LUUbxwrFyDSuAd9QneUyN5YomIb97ToD875BzKmEoj1qDQarO309AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUI2V2NlokPqhFiMd3w9o3XB3RUUgwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzOTM1MmUzMTM4MzQyZTM5
MzIyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNTM0MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcO4
XDANBgkqhkiG9w0BAQsFAAOCAQEACNSXMLChrJ9jWlH/2ocEUgmkKMhMzLgDgC2l
c4+2kRma/LOakmUAb2ebnLmLaTQD/Z0/IS/FEp/tM/T4e3K6EpBJdmLzWqwrlpwN
joLgrCyvKSpkmQP52O9G2HFGMMHWVYaMb13OLBn21kaZS8R+pHK56hmRy4ODaoli
DFPPtFInSTFrsUc97n5dgCsttcXkgHtJZTkFEb3zlOmvmyZT4O4kE6avifXiNfK4
6GNc85GZXeXbs6OPuoWSL6nBQGikzNMQDWnfOORcXg1JCan8H0nnzvRlrJguYap3
Txf9lNMIAuXQs0Ugdc1XEqHIZbpiL94ldNplauiAOfhPk23YdA==
-----END CERTIFICATE-----