Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Io0uqsNFWMRzWK0hBxO5SHV2H5/pOpKQHlMKDuh/MnA=
Subject key identifier:   A2:E0:E7:59:F6:7D:30:D7:56:F1:B3:0A:D6:EF:24:1B:56:27:6F:B3
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       588142AD343950E83DDE270F866DA661E9559162
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa
Signing time:             Thu 12 Sep 2024 10:42:10 +0000
ROA not before:           Thu 12 Sep 2024 10:37:10 +0000
ROA not after:            Thu 11 Sep 2025 10:42:10 +0000
asID:                     834
IP address blocks:        159.253.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:81:42:ad:34:39:50:e8:3d:de:27:0f:86:6d:a6:61:e9:55:91:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Sep 12 10:37:10 2024 GMT
            Not After : Sep 11 10:42:10 2025 GMT
        Subject: CN=A2E0E759F67D30D756F1B30AD6EF241B56276FB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:09:60:ed:2e:d4:a0:c3:bd:0d:01:f6:e2:
                    59:e9:2e:c6:86:39:8b:0a:2a:20:f1:c2:10:dc:8d:
                    ee:86:6d:b8:80:78:ae:71:c6:1d:c8:81:1f:07:95:
                    fa:3b:45:79:e5:ff:85:21:bc:e5:8e:db:6b:e1:b1:
                    75:a6:d2:8a:99:52:27:84:9c:ba:b3:1c:1e:d4:31:
                    1c:22:e4:e8:f5:e4:47:9e:2e:43:cf:f8:2d:2e:6d:
                    c8:28:1d:e1:b8:c7:9e:2c:e8:c5:2e:56:07:6b:bd:
                    f8:76:74:46:75:a3:8b:39:7b:6d:4f:fb:df:3f:75:
                    04:42:32:45:6d:b8:e6:10:06:2f:ca:1a:18:fa:e0:
                    64:fe:d5:ec:7b:bc:4b:56:14:1d:e0:f0:c7:95:c4:
                    5c:6d:b8:e6:6d:53:5d:cb:97:74:99:b4:aa:a1:47:
                    81:d4:97:6a:eb:c1:53:96:82:b9:e3:63:6c:c1:3b:
                    52:ef:93:80:dc:db:86:7b:1b:9f:ea:ec:c5:71:ac:
                    41:44:6f:fc:c5:3d:10:7b:a8:eb:11:75:54:3c:89:
                    5a:79:7b:6e:70:34:bb:66:80:d3:6f:81:72:23:63:
                    0d:73:73:03:80:89:d9:c3:50:d7:45:b9:dc:0d:94:
                    b1:78:68:ad:a0:63:75:f9:5c:41:63:e7:50:c8:db:
                    7a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E0:E7:59:F6:7D:30:D7:56:F1:B3:0A:D6:EF:24:1B:56:27:6F:B3
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:42:29:60:a2:3f:81:0f:46:e5:70:33:25:62:66:25:f0:8d:
         89:f0:c4:27:0b:e1:6b:43:45:c6:a3:18:42:e5:f8:a7:cf:b8:
         f9:c3:98:39:74:7a:67:30:f1:dd:e1:ec:46:3d:06:d2:87:90:
         bd:c8:94:9f:80:7b:7f:4c:70:5a:fc:9e:90:59:54:d8:e1:41:
         32:c8:ce:87:ce:2f:7f:ec:44:dd:a8:43:ce:9d:b0:6c:bb:00:
         ff:1c:1d:75:29:cf:2c:26:0e:90:ab:5c:7f:91:1f:de:7d:03:
         f0:0a:52:9d:1f:c4:d8:68:ba:8a:b1:59:3e:eb:6c:70:5c:de:
         35:71:c4:dd:2d:66:79:e7:34:a8:6e:04:0a:e2:67:be:92:b4:
         ad:71:14:96:6b:6c:12:fd:06:88:b3:ba:69:bd:63:97:a2:7f:
         45:d5:90:c5:d4:ea:14:38:f9:be:68:9c:92:63:ce:1a:05:83:
         52:f4:cc:49:dd:e3:bd:83:9d:4e:b6:b7:2f:1a:56:a3:df:25:
         83:c3:32:64:78:8c:87:fb:d8:31:c4:43:49:cb:38:cf:71:14:
         d2:58:26:81:dc:5e:0f:e5:3d:eb:ea:a9:84:f2:75:8b:49:8a:
         d8:eb:5d:e0:d2:3e:0d:ba:e3:61:42:ea:5e:fc:cd:86:d8:6a:
         6c:10:f0:1a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWIFCrTQ5UOg93icPhm2mYelVkWIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDA5MTIxMDM3MTBaFw0yNTA5MTExMDQyMTBaMDMxMTAvBgNV
BAMTKEEyRTBFNzU5RjY3RDMwRDc1NkYxQjMwQUQ2RUYyNDFCNTYyNzZGQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkaAlg7S7UoMO9DQH24lnpLsaG
OYsKKiDxwhDcje6GbbiAeK5xxh3IgR8Hlfo7RXnl/4UhvOWO22vhsXWm0oqZUieE
nLqzHB7UMRwi5Oj15EeeLkPP+C0ubcgoHeG4x54s6MUuVgdrvfh2dEZ1o4s5e21P
+98/dQRCMkVtuOYQBi/KGhj64GT+1ex7vEtWFB3g8MeVxFxtuOZtU13Ll3SZtKqh
R4HUl2rrwVOWgrnjY2zBO1Lvk4Dc24Z7G5/q7MVxrEFEb/zFPRB7qOsRdVQ8iVp5
e25wNLtmgNNvgXIjYw1zcwOAidnDUNdFudwNlLF4aK2gY3X5XEFj51DI23ojAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUouDnWfZ9MNdW8bMK1u8kG1Ynb7MwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0CMA0G
CSqGSIb3DQEBCwUAA4IBAQCuQilgoj+BD0blcDMlYmYl8I2J8MQnC+FrQ0XGoxhC
5finz7j5w5g5dHpnMPHd4exGPQbSh5C9yJSfgHt/THBa/J6QWVTY4UEyyM6Hzi9/
7ETdqEPOnbBsuwD/HB11Kc8sJg6Qq1x/kR/efQPwClKdH8TYaLqKsVk+62xwXN41
ccTdLWZ55zSobgQK4me+krStcRSWa2wS/QaIs7ppvWOXon9F1ZDF1OoUOPm+aJyS
Y84aBYNS9MxJ3eO9g51OtrcvGlaj3yWDwzJkeIyH+9gxxENJyzjPcRTSWCaB3F4P
5T3r6qmE8nWLSYrY613g0j4NuuNhQupe/M2G2GpsEPAa
-----END CERTIFICATE-----