Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e342e302f32342d3234203d3e203630373831.roa
File:                     3135392e3235332e342e302f32342d3234203d3e203630373831.roa (raw, json)
Hash identifier:          Z84ATRNA+4WT0M1WquYZrB9axuky4/4I5P/GgDAi00o=
Subject key identifier:   46:BE:6C:77:A9:03:9C:7C:68:3A:5A:01:18:BA:FC:65:53:E9:2E:A7
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       4997AA5BA839E450FA29A2C5E57F502DE785257A
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e342e302f32342d3234203d3e203630373831.roa
Signing time:             Mon 29 Jan 2024 02:20:38 +0000
ROA not before:           Mon 29 Jan 2024 02:15:38 +0000
ROA not after:            Mon 27 Jan 2025 02:20:38 +0000
asID:                     60781
IP address blocks:        159.253.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:97:aa:5b:a8:39:e4:50:fa:29:a2:c5:e5:7f:50:2d:e7:85:25:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 29 02:15:38 2024 GMT
            Not After : Jan 27 02:20:38 2025 GMT
        Subject: CN=46BE6C77A9039C7C683A5A0118BAFC6553E92EA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:59:45:db:78:8b:50:c9:ac:ae:bf:8c:9d:19:
                    39:89:1d:ba:13:19:10:ba:8b:34:2c:40:25:2f:a8:
                    2c:7f:a2:f0:7a:74:da:38:fa:1e:90:40:73:04:cb:
                    11:a1:d5:38:d3:28:6f:48:13:62:ea:ec:81:0c:14:
                    01:ae:03:d7:20:34:a6:a8:06:7f:0f:28:eb:ef:17:
                    f0:22:49:41:cc:26:b3:42:cf:14:fc:fa:0c:24:bf:
                    dc:9a:ba:65:78:93:cb:30:88:af:9a:77:0f:7a:bc:
                    fa:3e:18:8c:46:d5:4a:5b:75:30:ec:43:65:d6:64:
                    2d:e0:e3:b1:74:d3:8e:b1:42:2b:c8:86:e5:76:57:
                    23:92:99:7e:66:c0:dd:73:2f:1e:f9:5f:1b:37:fc:
                    03:14:c9:6d:67:7d:dc:a1:01:10:9f:dc:f6:de:1c:
                    1d:a7:68:cb:75:3a:23:32:7f:08:7f:8b:b2:b0:e2:
                    b0:61:b6:fb:ad:a5:18:8a:54:c2:dd:d0:ba:d2:f3:
                    89:b7:4b:9c:4c:4c:a2:8a:b8:9c:28:86:b5:b7:86:
                    0b:86:43:20:6d:9b:0a:1e:29:cf:b9:de:c3:2a:84:
                    ce:59:f9:50:ce:c9:47:40:42:3d:69:ef:6c:64:fb:
                    78:d9:bc:bf:cf:58:3f:8a:9f:b8:d8:69:46:b8:95:
                    e7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BE:6C:77:A9:03:9C:7C:68:3A:5A:01:18:BA:FC:65:53:E9:2E:A7
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e342e302f32342d3234203d3e203630373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:85:28:50:64:60:f9:10:ce:e9:31:5d:e5:c9:e5:a1:ba:b6:
         0f:a9:c5:94:29:d6:96:3e:0a:9f:e6:bd:a7:5f:98:ff:54:68:
         14:62:a8:58:e9:e5:c0:7a:b5:cc:83:04:65:d6:a9:50:05:56:
         15:21:04:ee:bd:e4:33:22:39:bc:b3:3a:81:6e:5a:a7:e2:6a:
         7b:1d:42:87:32:2d:03:49:40:72:a3:08:93:5a:fd:93:5e:a3:
         8e:3d:40:04:21:0f:c2:5b:d3:d4:32:51:f2:30:e0:e6:34:31:
         89:01:73:f2:66:30:b1:04:cb:4d:45:f3:4d:b2:51:83:27:40:
         e5:35:c1:57:7e:0a:c9:45:ef:79:de:d8:e7:8a:59:35:d2:5d:
         4d:42:a6:a1:4f:d7:4a:7a:53:76:dc:f8:47:29:34:bc:9f:0a:
         a0:4e:46:ac:0f:15:44:ec:02:27:b0:ba:a2:dd:9e:3e:0e:58:
         85:23:a5:c9:ef:a3:14:25:05:d8:f3:7d:99:f7:9c:4d:91:e1:
         5c:8e:b3:aa:15:d7:39:cd:60:9b:2b:73:d6:42:e5:06:9d:3c:
         f5:2b:44:c9:4a:7c:0a:13:2f:16:63:5e:15:22:f2:41:bc:9e:
         5f:2b:d4:e6:00:38:4f:31:4f:97:87:69:eb:85:8a:01:c7:f0:
         32:3f:0a:01
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSZeqW6g55FD6KaLF5X9QLeeFJXowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjkwMjE1MzhaFw0yNTAxMjcwMjIwMzhaMDMxMTAvBgNV
BAMTKDQ2QkU2Qzc3QTkwMzlDN0M2ODNBNUEwMTE4QkFGQzY1NTNFOTJFQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzWUXbeItQyayuv4ydGTmJHboT
GRC6izQsQCUvqCx/ovB6dNo4+h6QQHMEyxGh1TjTKG9IE2Lq7IEMFAGuA9cgNKao
Bn8PKOvvF/AiSUHMJrNCzxT8+gwkv9yaumV4k8swiK+adw96vPo+GIxG1UpbdTDs
Q2XWZC3g47F0046xQivIhuV2VyOSmX5mwN1zLx75Xxs3/AMUyW1nfdyhARCf3Pbe
HB2naMt1OiMyfwh/i7Kw4rBhtvutpRiKVMLd0LrS84m3S5xMTKKKuJwohrW3hguG
QyBtmwoeKc+53sMqhM5Z+VDOyUdAQj1p72xk+3jZvL/PWD+Kn7jYaUa4lefTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURr5sd6kDnHxoOloBGLr8ZVPpLqcwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ/9
BDANBgkqhkiG9w0BAQsFAAOCAQEAd4UoUGRg+RDO6TFd5cnlobq2D6nFlCnWlj4K
n+a9p1+Y/1RoFGKoWOnlwHq1zIMEZdapUAVWFSEE7r3kMyI5vLM6gW5ap+Jqex1C
hzItA0lAcqMIk1r9k16jjj1ABCEPwlvT1DJR8jDg5jQxiQFz8mYwsQTLTUXzTbJR
gydA5TXBV34KyUXved7Y54pZNdJdTUKmoU/XSnpTdtz4Ryk0vJ8KoE5GrA8VROwC
J7C6ot2ePg5YhSOlye+jFCUF2PN9mfecTZHhXI6zqhXXOc1gmytz1kLlBp089StE
yUp8ChMvFmNeFSLyQbyeXyvU5gA4TzFPl4dp64WKAcfwMj8KAQ==
-----END CERTIFICATE-----