Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          WdmXfTeMM/49I3hnbkIEij86yHiMXswG5pj7ZcGZtuc=
Subject key identifier:   0C:DD:4C:80:FD:8C:E5:35:6E:E8:20:26:8D:41:F4:82:CD:3A:BE:3F
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       6CE2275B089F1B334F36E53856D21F54E6F300C9
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Nov 2024 09:31:33 +0000
ROA not before:           Mon 18 Nov 2024 09:26:33 +0000
ROA not after:            Mon 17 Nov 2025 09:31:33 +0000
asID:                     834
IP address blocks:        159.253.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e2:27:5b:08:9f:1b:33:4f:36:e5:38:56:d2:1f:54:e6:f3:00:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Nov 18 09:26:33 2024 GMT
            Not After : Nov 17 09:31:33 2025 GMT
        Subject: CN=0CDD4C80FD8CE5356EE820268D41F482CD3ABE3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4a:42:81:83:71:1c:d6:c5:9b:cb:c0:54:c4:
                    96:1d:80:a7:53:be:9c:de:92:d4:8d:21:d8:8d:cc:
                    f0:4a:fa:70:5e:12:68:84:c9:ac:b7:82:61:00:84:
                    b0:38:56:d6:15:dd:fd:65:8b:f0:ac:ad:ba:7b:eb:
                    2a:e7:d2:71:ff:bc:8f:23:a4:97:b5:07:6d:d3:89:
                    42:fe:dc:d6:d4:27:bd:43:58:3d:6e:b3:95:a3:6b:
                    40:37:2a:53:fd:d8:ea:9e:b8:60:bf:71:10:23:2c:
                    14:f7:e5:a7:4a:69:b8:a8:29:38:92:ff:9b:be:fa:
                    00:ba:3d:c2:8e:8c:38:68:36:e0:74:f4:0c:14:ca:
                    7e:e6:6d:ac:9a:cc:ac:32:c1:86:a0:4c:c2:65:07:
                    a0:fa:67:e0:0c:bd:9b:f2:a7:b3:8d:b6:d2:f1:33:
                    d8:6e:7c:1c:75:a0:54:7e:aa:bd:22:0b:67:ca:71:
                    08:a4:66:81:ca:30:58:a4:a4:56:09:c3:12:e4:a4:
                    51:c8:e0:03:7b:a5:16:08:e9:fb:21:60:22:e9:a7:
                    0a:c9:b1:55:de:6c:9c:10:a4:bb:1f:63:70:a9:8e:
                    0f:31:f9:d1:41:9e:64:64:0d:9f:39:2b:a8:29:fb:
                    b2:bc:30:50:26:c2:66:4f:52:cb:d5:62:d9:2d:4f:
                    b2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DD:4C:80:FD:8C:E5:35:6E:E8:20:26:8D:41:F4:82:CD:3A:BE:3F
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e8:47:7e:34:75:3e:be:4e:d0:6f:4e:5e:89:5a:75:ea:52:
         0e:cc:bf:1c:19:12:d2:fd:74:71:a8:f6:f5:d5:4b:57:0d:26:
         2f:b7:bd:47:e8:84:d8:f4:b9:0f:dd:6e:50:48:9a:4c:a5:2f:
         c6:fa:be:25:69:a6:13:4b:5a:1f:96:a0:8c:eb:44:fc:b6:42:
         6b:05:56:2e:31:21:e3:49:fd:f4:8f:32:9a:da:b4:11:3b:7b:
         3a:e8:9f:a8:1d:30:e7:79:d1:a0:7a:d2:d3:93:63:7c:da:97:
         58:19:b6:92:96:bd:41:63:e6:c2:fd:03:6b:4c:1e:4d:e6:7a:
         fc:7b:20:32:eb:e7:78:3d:b9:0c:d7:1a:6f:bd:2b:0e:30:45:
         14:38:02:f7:17:9c:f6:ee:83:23:b2:04:c1:37:da:f6:45:13:
         f9:7e:df:3f:34:28:bb:95:aa:52:17:0e:f7:a1:ff:19:ea:79:
         a9:ef:3c:44:b4:64:e5:5b:88:5a:dc:d7:d6:74:d4:10:38:82:
         4f:21:74:9b:78:54:90:52:03:d5:c2:25:14:51:e3:c7:99:c3:
         62:61:56:17:5f:05:06:c6:20:5f:96:ac:e1:7b:8f:f3:24:ad:
         e1:c6:55:52:ef:c6:15:da:9f:fd:07:6a:85:b8:36:63:f3:7e:
         e1:99:45:c6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbOInWwifGzNPNuU4VtIfVObzAMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDExMTgwOTI2MzNaFw0yNTExMTcwOTMxMzNaMDMxMTAvBgNV
BAMTKDBDREQ0QzgwRkQ4Q0U1MzU2RUU4MjAyNjhENDFGNDgyQ0QzQUJFM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXSkKBg3Ec1sWby8BUxJYdgKdT
vpzektSNIdiNzPBK+nBeEmiEyay3gmEAhLA4VtYV3f1li/Csrbp76yrn0nH/vI8j
pJe1B23TiUL+3NbUJ71DWD1us5Wja0A3KlP92OqeuGC/cRAjLBT35adKabioKTiS
/5u++gC6PcKOjDhoNuB09AwUyn7mbayazKwywYagTMJlB6D6Z+AMvZvyp7ONttLx
M9hufBx1oFR+qr0iC2fKcQikZoHKMFikpFYJwxLkpFHI4AN7pRYI6fshYCLppwrJ
sVXebJwQpLsfY3Cpjg8x+dFBnmRkDZ85K6gp+7K8MFAmwmZPUsvVYtktT7JnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUDN1MgP2M5TVu6CAmjUH0gs06vj8wHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0BMA0G
CSqGSIb3DQEBCwUAA4IBAQBX6Ed+NHU+vk7Qb05eiVp16lIOzL8cGRLS/XRxqPb1
1UtXDSYvt71H6ITY9LkP3W5QSJpMpS/G+r4laaYTS1oflqCM60T8tkJrBVYuMSHj
Sf30jzKa2rQRO3s66J+oHTDnedGgetLTk2N82pdYGbaSlr1BY+bC/QNrTB5N5nr8
eyAy6+d4PbkM1xpvvSsOMEUUOAL3F5z27oMjsgTBN9r2RRP5ft8/NCi7lapSFw73
of8Z6nmp7zxEtGTlW4ha3NfWdNQQOIJPIXSbeFSQUgPVwiUUUePHmcNiYVYXXwUG
xiBflqzhe4/zJK3hxlVS78YV2p/9B2qFuDZj837hmUXG
-----END CERTIFICATE-----