Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e332e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          TkrR3ex5rYeOHrjZKFXhBjWC6wi4JJsHqll8TezEu8g=
Subject key identifier:   9F:63:85:78:CC:47:65:8C:AE:6B:DB:8F:FC:A9:FC:42:55:C0:EA:B3
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       0C9942350126A0E63F171DAEFC23C401841B5AAF
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:21:06 +0000
ROA not before:           Tue 23 Jan 2024 06:16:06 +0000
ROA not after:            Tue 21 Jan 2025 06:21:06 +0000
asID:                     834
IP address blocks:        159.253.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:99:42:35:01:26:a0:e6:3f:17:1d:ae:fc:23:c4:01:84:1b:5a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:16:06 2024 GMT
            Not After : Jan 21 06:21:06 2025 GMT
        Subject: CN=9F638578CC47658CAE6BDB8FFCA9FC4255C0EAB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:15:e4:1b:6f:be:00:ca:9e:ed:ec:21:0f:98:
                    a1:73:b8:0b:d7:f3:e1:95:94:85:60:fc:ec:ec:dd:
                    ad:3e:13:b1:e1:33:01:56:07:25:da:b7:f4:86:0a:
                    ec:a7:4a:89:c5:59:5a:aa:69:fb:ff:5e:b8:a3:a5:
                    26:ca:1f:f3:ae:d9:9c:52:b9:4d:0b:93:3e:e7:8b:
                    08:c2:54:45:82:cc:da:9e:15:75:84:a4:4e:33:f8:
                    4d:b9:f6:17:95:24:4c:2f:ba:ce:96:c3:67:dd:98:
                    20:00:f9:5f:94:a5:d5:12:1c:d1:bd:9b:75:86:c7:
                    73:90:70:44:d8:de:ca:8a:47:db:36:3c:75:b2:52:
                    99:87:67:18:ab:65:8b:7f:c3:05:7d:bd:a7:39:fa:
                    e8:22:c1:40:72:5d:45:5a:f9:d8:af:9c:de:79:61:
                    4a:9e:ff:4d:b7:93:72:01:77:cf:fb:89:96:66:08:
                    26:3f:f4:d7:16:3d:55:9c:21:e6:be:60:c4:04:fb:
                    6c:f3:d5:72:60:5e:10:b4:ab:bb:0f:39:e3:da:01:
                    d1:a1:b0:9d:22:03:72:36:f1:8a:f4:e7:24:97:6b:
                    82:7e:a6:76:e6:9f:99:66:ef:24:d1:98:f5:fe:5b:
                    0a:2c:b8:81:69:a8:17:c6:77:39:4b:de:59:bc:1d:
                    fb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:63:85:78:CC:47:65:8C:AE:6B:DB:8F:FC:A9:FC:42:55:C0:EA:B3
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:31:34:a0:8c:47:05:29:dd:a8:6b:8a:9c:f7:f4:31:f9:30:
         cc:d9:05:93:64:15:1c:a2:4d:e3:a8:da:8b:c6:73:14:cd:dc:
         bc:09:36:e8:95:eb:9e:a2:6c:8c:ca:94:e9:79:ca:8d:c0:87:
         a7:a8:71:08:b8:9c:c7:f0:32:e7:60:22:9d:cd:7b:d1:32:01:
         27:08:d2:5d:28:44:6b:d3:2d:36:63:5e:c0:b9:df:cc:ff:42:
         cd:ec:74:74:15:0f:3a:8f:f3:d4:bd:a5:c4:33:64:b8:b0:4c:
         8d:51:db:d0:92:2e:da:69:0f:be:f6:c8:1f:0b:72:5c:3c:e6:
         cc:7b:f7:ef:62:65:d3:cb:54:f2:e2:e8:fd:87:9e:27:c8:fa:
         e3:18:68:10:f7:05:7f:a9:cf:f2:6f:d5:1b:48:7e:44:e5:7b:
         93:9a:63:29:53:97:43:14:45:d4:46:0f:be:72:d4:8a:30:10:
         a4:e9:8d:36:df:31:7c:ae:95:81:d8:f9:6a:d2:5a:b5:3a:d5:
         cd:85:cb:9c:ef:c6:a5:a4:e6:ce:de:ae:5f:9c:8b:ab:57:43:
         8f:a0:68:85:6d:16:59:20:00:4e:98:14:58:3a:3b:95:f0:f1:
         68:ad:48:01:02:06:66:eb:90:17:3c:bc:61:64:74:9a:03:f5:
         72:5d:05:79
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDJlCNQEmoOY/Fx2u/CPEAYQbWq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE2MDZaFw0yNTAxMjEwNjIxMDZaMDMxMTAvBgNV
BAMTKDlGNjM4NTc4Q0M0NzY1OENBRTZCREI4RkZDQTlGQzQyNTVDMEVBQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtFeQbb74Ayp7t7CEPmKFzuAvX
8+GVlIVg/Ozs3a0+E7HhMwFWByXat/SGCuynSonFWVqqafv/XrijpSbKH/Ou2ZxS
uU0Lkz7niwjCVEWCzNqeFXWEpE4z+E259heVJEwvus6Ww2fdmCAA+V+UpdUSHNG9
m3WGx3OQcETY3sqKR9s2PHWyUpmHZxirZYt/wwV9vac5+ugiwUByXUVa+divnN55
YUqe/023k3IBd8/7iZZmCCY/9NcWPVWcIea+YMQE+2zz1XJgXhC0q7sPOePaAdGh
sJ0iA3I28Yr05ySXa4J+pnbmn5lm7yTRmPX+WwosuIFpqBfGdzlL3lm8HfuVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUn2OFeMxHZYyua9uP/Kn8QlXA6rMwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0DMA0G
CSqGSIb3DQEBCwUAA4IBAQB0MTSgjEcFKd2oa4qc9/Qx+TDM2QWTZBUcok3jqNqL
xnMUzdy8CTboleueomyMypTpecqNwIenqHEIuJzH8DLnYCKdzXvRMgEnCNJdKERr
0y02Y17Aud/M/0LN7HR0FQ86j/PUvaXEM2S4sEyNUdvQki7aaQ++9sgfC3JcPObM
e/fvYmXTy1Ty4uj9h54nyPrjGGgQ9wV/qc/yb9UbSH5E5XuTmmMpU5dDFEXURg++
ctSKMBCk6Y023zF8rpWB2Plq0lq1OtXNhcuc78alpObO3q5fnIurV0OPoGiFbRZZ
IABOmBRYOjuV8PForUgBAgZm65AXPLxhZHSaA/VyXQV5
-----END CERTIFICATE-----