Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ArNZnMXmK73jEmnf66XCu8Od2sXO9yHCA//Rw+/sNEE=
Subject key identifier:   F5:97:7F:16:8F:A0:C8:75:A0:2B:80:E7:FA:62:3D:F1:39:48:80:3E
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       289281D30D21CA69C78A75408B6C9471F4A7C09F
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:20:38 +0000
ROA not before:           Tue 23 Jan 2024 06:15:38 +0000
ROA not after:            Tue 21 Jan 2025 06:20:38 +0000
asID:                     834
IP address blocks:        159.253.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:92:81:d3:0d:21:ca:69:c7:8a:75:40:8b:6c:94:71:f4:a7:c0:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:15:38 2024 GMT
            Not After : Jan 21 06:20:38 2025 GMT
        Subject: CN=F5977F168FA0C875A02B80E7FA623DF13948803E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ec:f3:64:25:5d:2e:a8:05:11:8e:b7:23:2b:
                    86:53:7c:5a:58:50:8f:bd:aa:e4:9c:a2:98:67:ff:
                    d7:2c:ab:ef:d2:50:cd:f2:a7:f9:de:19:d1:93:9f:
                    46:a1:97:dd:d6:1e:b0:63:ae:b6:af:db:e7:e4:3d:
                    2b:47:19:67:25:69:7a:1c:fb:f5:af:6f:11:eb:6b:
                    11:20:b7:7a:53:c8:66:4d:bc:b1:3b:e8:7d:43:e7:
                    f9:53:a1:fc:0b:f2:ec:94:8a:88:6f:99:41:6f:77:
                    05:71:07:ac:c5:98:97:35:e0:ad:7a:2a:6e:6c:73:
                    db:40:fa:26:73:d2:e6:a2:4f:a5:56:50:21:f5:b6:
                    db:eb:92:df:81:4d:87:3f:b4:d9:56:83:32:43:c0:
                    c7:02:ed:ba:78:e1:19:22:07:09:a0:02:7f:6f:ef:
                    48:7d:b2:02:d0:77:80:59:d2:2b:66:2f:2d:54:de:
                    00:37:57:fe:a1:a0:48:77:3b:17:aa:35:91:67:5d:
                    3f:bd:79:be:cd:0c:d7:82:96:08:f3:70:ce:b7:43:
                    54:74:62:c6:5c:ec:fa:fd:32:60:4c:bd:ee:5f:bf:
                    f3:90:1c:21:77:07:e8:e9:93:e0:69:88:a5:10:0f:
                    e3:71:fe:65:cc:ba:55:38:ae:82:e4:2b:66:f6:e1:
                    e0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:97:7F:16:8F:A0:C8:75:A0:2B:80:E7:FA:62:3D:F1:39:48:80:3E
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ba:55:07:ce:01:7d:93:9e:92:1f:26:c3:0a:49:63:34:09:
         4e:ba:74:46:ac:14:3c:4b:c0:eb:04:8c:11:ba:29:8f:f9:9e:
         c4:73:2c:08:a0:f1:6c:52:e8:0d:88:5c:fa:a6:3c:b9:74:44:
         24:e8:b4:53:89:ea:40:fb:56:08:2d:87:52:95:b2:e8:3f:d8:
         91:d4:da:9c:50:58:b3:54:c1:6b:60:db:d5:a6:fc:37:b4:3f:
         49:70:58:de:89:fc:1a:e7:55:36:c4:35:83:42:3c:be:96:67:
         7c:c1:9f:5a:ca:72:ad:ce:09:ea:2f:58:49:dd:0a:55:74:a7:
         dc:0e:82:6c:0d:d1:d8:cf:34:7a:ec:28:86:03:21:d8:e8:c4:
         97:56:05:e9:3b:ed:b4:5c:48:b1:d5:85:46:1a:22:9a:70:c2:
         8a:11:81:fd:08:97:e5:22:58:1c:95:b5:ca:00:20:f9:48:51:
         ad:ca:36:1f:be:20:0e:39:30:67:97:bc:69:85:ba:80:4d:81:
         f1:e0:9e:e2:43:8d:ee:b9:44:a6:c0:58:2e:fc:ee:53:56:c8:
         f5:af:2f:84:a4:03:92:89:c6:cd:32:ec:13:1d:55:4d:15:09:
         3c:28:10:e3:c6:3e:3f:0a:42:73:41:ec:22:19:c6:eb:43:42:
         32:fe:c3:63
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUKJKB0w0hymnHinVAi2yUcfSnwJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE1MzhaFw0yNTAxMjEwNjIwMzhaMDMxMTAvBgNV
BAMTKEY1OTc3RjE2OEZBMEM4NzVBMDJCODBFN0ZBNjIzREYxMzk0ODgwM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC87PNkJV0uqAURjrcjK4ZTfFpY
UI+9quScophn/9csq+/SUM3yp/neGdGTn0ahl93WHrBjrrav2+fkPStHGWclaXoc
+/WvbxHraxEgt3pTyGZNvLE76H1D5/lTofwL8uyUiohvmUFvdwVxB6zFmJc14K16
Km5sc9tA+iZz0uaiT6VWUCH1ttvrkt+BTYc/tNlWgzJDwMcC7bp44RkiBwmgAn9v
70h9sgLQd4BZ0itmLy1U3gA3V/6hoEh3OxeqNZFnXT+9eb7NDNeClgjzcM63Q1R0
YsZc7Pr9MmBMve5fv/OQHCF3B+jpk+BpiKUQD+Nx/mXMulU4roLkK2b24eChAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU9Zd/Fo+gyHWgK4Dn+mI98TlIgD4wHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0CMA0G
CSqGSIb3DQEBCwUAA4IBAQCRulUHzgF9k56SHybDCkljNAlOunRGrBQ8S8DrBIwR
uimP+Z7EcywIoPFsUugNiFz6pjy5dEQk6LRTiepA+1YILYdSlbLoP9iR1NqcUFiz
VMFrYNvVpvw3tD9JcFjeifwa51U2xDWDQjy+lmd8wZ9aynKtzgnqL1hJ3QpVdKfc
DoJsDdHYzzR67CiGAyHY6MSXVgXpO+20XEix1YVGGiKacMKKEYH9CJflIlgclbXK
ACD5SFGtyjYfviAOOTBnl7xphbqATYHx4J7iQ43uuUSmwFgu/O5TVsj1ry+EpAOS
icbNMuwTHVVNFQk8KBDjxj4/CkJzQewiGcbrQ0Iy/sNj
-----END CERTIFICATE-----