Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          lafLru48CeWCEZMOImM0brEGYY9kQdLjb3UEGF6esNE=
Subject key identifier:   17:B0:5D:8D:12:CE:E4:22:E7:8B:C5:0C:FB:ED:F2:83:98:9F:66:26
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       22A1C1ED541DBBD7197EEC666034996D4690ECB6
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:21:09 +0000
ROA not before:           Tue 23 Jan 2024 06:16:09 +0000
ROA not after:            Tue 21 Jan 2025 06:21:09 +0000
asID:                     834
IP address blocks:        159.253.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:a1:c1:ed:54:1d:bb:d7:19:7e:ec:66:60:34:99:6d:46:90:ec:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:16:09 2024 GMT
            Not After : Jan 21 06:21:09 2025 GMT
        Subject: CN=17B05D8D12CEE422E78BC50CFBEDF283989F6626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:f4:1e:04:5c:d4:ff:be:25:39:42:13:47:e7:
                    c2:a5:47:4c:1f:72:4f:8c:a1:31:bb:1f:9b:84:c1:
                    26:be:5c:39:bc:38:d7:61:70:3f:0b:a8:f8:92:bd:
                    76:2b:66:ae:dd:14:3a:f2:37:88:c1:89:ac:ee:87:
                    1d:9c:8a:63:46:e6:ad:42:1c:95:a5:26:d7:17:0b:
                    55:fd:5f:fe:a0:77:2b:66:53:d0:87:2a:0f:84:10:
                    d5:a3:dc:02:91:1f:d8:20:e2:fa:a5:b8:9f:bd:c3:
                    ad:8f:43:b6:64:c9:01:a2:2a:86:f3:6f:f4:a2:1a:
                    f1:1b:25:74:47:b6:f9:59:b5:a5:66:bb:ca:db:8b:
                    79:fb:a8:8d:4e:fb:84:2e:cd:0d:fa:08:6f:c2:2b:
                    01:cf:d6:6b:ea:94:ca:6c:4c:ad:ef:f2:1e:f8:c5:
                    36:04:2c:34:74:28:66:71:2c:c1:2b:eb:22:cc:65:
                    dc:45:7e:1a:1a:c9:38:ea:8b:b0:cd:b4:be:9b:fd:
                    6b:92:b0:d3:8d:ff:05:98:ff:90:86:7b:9d:d0:e1:
                    40:2f:03:1b:0b:cb:8c:32:ce:f4:3c:34:fb:65:fb:
                    51:5b:9a:33:43:12:f5:39:e7:a3:3c:44:9a:de:5d:
                    8f:64:6c:c7:9e:de:a2:5d:73:21:5e:3b:8d:30:2b:
                    58:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B0:5D:8D:12:CE:E4:22:E7:8B:C5:0C:FB:ED:F2:83:98:9F:66:26
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:41:84:2f:3c:0c:70:28:b2:97:d7:8d:a2:71:64:89:aa:86:
         a9:20:dc:cc:8b:26:77:e9:b4:5a:14:7a:84:13:c2:21:74:4c:
         a8:a9:e2:02:b3:f5:0f:dc:d7:b6:1d:35:2a:37:5f:fb:ca:1f:
         7e:4b:41:a8:f3:fd:ea:78:42:ad:b2:eb:73:d4:27:cb:dd:81:
         38:36:17:f7:0d:51:13:0f:60:43:86:3c:1c:51:e4:95:73:5b:
         79:60:f7:11:eb:8d:57:a7:ec:44:82:e0:09:84:18:d1:90:79:
         f0:61:f6:dc:72:1d:28:9a:a7:39:f5:46:97:9c:22:30:8e:77:
         f5:53:65:3e:03:98:48:25:33:ae:80:34:90:05:9f:89:85:b2:
         b6:58:2f:ca:37:c7:4d:f1:64:b4:45:63:cf:7a:78:be:33:8d:
         0e:09:ad:b5:0e:e6:3b:c6:bb:90:f0:45:da:55:20:4d:7f:46:
         aa:df:66:01:55:a6:58:3e:e1:7b:d9:92:dd:1f:69:c5:45:2f:
         1d:95:30:1e:1e:56:a2:89:2f:f8:dc:8c:64:21:e5:e9:65:b8:
         79:7a:42:19:4a:2f:c3:58:f5:07:f5:84:2e:9a:fe:4e:9f:2b:
         66:98:b5:25:76:9b:6f:1a:3f:9c:5f:41:d2:aa:08:a2:21:34:
         a1:6a:5c:5b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUIqHB7VQdu9cZfuxmYDSZbUaQ7LYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE2MDlaFw0yNTAxMjEwNjIxMDlaMDMxMTAvBgNV
BAMTKDE3QjA1RDhEMTJDRUU0MjJFNzhCQzUwQ0ZCRURGMjgzOTg5RjY2MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo9B4EXNT/viU5QhNH58KlR0wf
ck+MoTG7H5uEwSa+XDm8ONdhcD8LqPiSvXYrZq7dFDryN4jBiazuhx2cimNG5q1C
HJWlJtcXC1X9X/6gdytmU9CHKg+EENWj3AKRH9gg4vqluJ+9w62PQ7ZkyQGiKobz
b/SiGvEbJXRHtvlZtaVmu8rbi3n7qI1O+4QuzQ36CG/CKwHP1mvqlMpsTK3v8h74
xTYELDR0KGZxLMEr6yLMZdxFfhoayTjqi7DNtL6b/WuSsNON/wWY/5CGe53Q4UAv
AxsLy4wyzvQ8NPtl+1FbmjNDEvU556M8RJreXY9kbMee3qJdcyFeO40wK1gLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUF7BdjRLO5CLni8UM++3yg5ifZiYwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0FMA0G
CSqGSIb3DQEBCwUAA4IBAQAJQYQvPAxwKLKX142icWSJqoapINzMiyZ36bRaFHqE
E8IhdEyoqeICs/UP3Ne2HTUqN1/7yh9+S0Go8/3qeEKtsutz1CfL3YE4Nhf3DVET
D2BDhjwcUeSVc1t5YPcR641Xp+xEguAJhBjRkHnwYfbcch0omqc59UaXnCIwjnf1
U2U+A5hIJTOugDSQBZ+JhbK2WC/KN8dN8WS0RWPPeni+M40OCa21DuY7xruQ8EXa
VSBNf0aq32YBVaZYPuF72ZLdH2nFRS8dlTAeHlaiiS/43IxkIeXpZbh5ekIZSi/D
WPUH9YQumv5OnytmmLUldptvGj+cX0HSqgiiITShalxb
-----END CERTIFICATE-----