Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qXWeXxMIlYcVAu0mUcCl9uApcKOZzbQ6Lhjrv7db4Es=
Subject key identifier:   3B:AD:F0:03:DF:DC:A9:9E:A2:CC:A6:B4:9E:48:6B:B7:0F:0B:9D:C3
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       3916416E357AEE03F0CBC98497D74AAB059FD1A1
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa
Signing time:             Sat 28 Sep 2024 00:01:29 +0000
ROA not before:           Fri 27 Sep 2024 23:56:29 +0000
ROA not after:            Sat 27 Sep 2025 00:01:29 +0000
asID:                     834
IP address blocks:        159.253.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Feb 2025 23:54:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:16:41:6e:35:7a:ee:03:f0:cb:c9:84:97:d7:4a:ab:05:9f:d1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Sep 27 23:56:29 2024 GMT
            Not After : Sep 27 00:01:29 2025 GMT
        Subject: CN=3BADF003DFDCA99EA2CCA6B49E486BB70F0B9DC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4c:99:fb:69:84:6e:8e:c4:4a:60:7b:0b:53:
                    2e:b8:3a:a5:2a:0c:83:89:4e:f6:88:bb:5e:b5:03:
                    8b:c4:8d:8d:4b:6b:02:39:48:2e:9e:13:c5:9f:d2:
                    50:de:bc:a1:98:7b:f7:bb:60:60:51:db:81:4d:8f:
                    2f:c5:b7:97:d2:d0:a4:87:dd:cc:86:1a:0c:ca:9a:
                    b7:59:e5:b9:12:9a:89:d8:81:93:a9:91:17:c9:15:
                    60:21:39:7c:d7:88:0a:8f:26:0e:cc:07:60:2b:17:
                    ec:0c:ea:d0:17:53:f2:48:ed:36:47:2d:6f:70:72:
                    e0:06:c9:68:22:cb:b5:17:94:e6:e0:eb:ec:e7:ee:
                    73:99:0d:d0:70:13:c9:0d:ce:09:29:18:5a:36:5e:
                    4b:53:96:c1:3b:fb:b4:2c:c5:39:ff:25:2e:68:eb:
                    1e:27:9c:15:c0:f3:a4:fb:09:f1:41:96:0c:7d:f1:
                    4b:74:f1:83:aa:9c:c2:66:72:21:82:b9:a3:ee:a1:
                    01:a1:70:22:16:09:f7:86:1a:26:7a:8f:aa:6b:2d:
                    48:75:bd:0a:7f:04:f4:09:49:5c:44:1a:97:21:4f:
                    13:ac:4d:a4:bb:9f:7a:a1:86:70:4d:3a:e4:c7:b5:
                    cd:4b:4c:8e:73:86:10:bd:b1:99:fb:e8:31:10:8f:
                    60:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AD:F0:03:DF:DC:A9:9E:A2:CC:A6:B4:9E:48:6B:B7:0F:0B:9D:C3
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:12:fa:bd:81:cc:8b:f6:e7:dd:b2:f3:95:82:dc:03:f3:47:
         51:2d:ae:ae:61:fe:cc:01:e6:b7:7f:64:8f:1a:e5:5b:1e:13:
         09:cc:f2:f8:7a:37:5b:5f:1e:f1:25:6b:41:1b:d2:3b:91:1f:
         5c:17:86:08:76:0d:d5:a4:8b:4d:62:f1:92:2e:7a:35:45:29:
         af:84:74:5d:90:2e:20:71:df:cc:11:9f:54:43:63:8c:3d:02:
         2a:5c:60:11:ab:11:a4:84:53:1b:ad:d0:92:10:53:aa:89:a7:
         16:43:90:66:0f:2b:d1:27:af:72:9a:ca:f4:04:17:11:56:16:
         cb:21:95:1b:d8:43:2f:98:5c:0e:49:57:8b:ca:8b:0d:95:88:
         9f:5c:96:78:61:a9:2f:c3:63:5f:8c:85:70:fb:e8:3a:dc:b8:
         82:93:d9:63:39:fa:37:57:62:ad:9a:ac:e6:e7:2a:52:f3:7c:
         1d:d2:51:7c:68:8f:08:aa:7b:5e:e7:b2:75:16:c4:70:6a:df:
         4e:f1:05:01:4d:17:11:6b:f3:39:ad:c9:79:28:d7:3e:f7:2b:
         84:07:74:9a:38:5a:29:3c:9d:7c:00:2a:99:6f:84:c3:6e:ca:
         2c:d0:c0:cc:10:cf:27:68:4a:a6:e7:df:4c:18:9a:09:d8:6b:
         c4:de:23:08
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUORZBbjV67gPwy8mEl9dKqwWf0aEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDA5MjcyMzU2MjlaFw0yNTA5MjcwMDAxMjlaMDMxMTAvBgNV
BAMTKDNCQURGMDAzREZEQ0E5OUVBMkNDQTZCNDlFNDg2QkI3MEYwQjlEQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoTJn7aYRujsRKYHsLUy64OqUq
DIOJTvaIu161A4vEjY1LawI5SC6eE8Wf0lDevKGYe/e7YGBR24FNjy/Ft5fS0KSH
3cyGGgzKmrdZ5bkSmonYgZOpkRfJFWAhOXzXiAqPJg7MB2ArF+wM6tAXU/JI7TZH
LW9wcuAGyWgiy7UXlObg6+zn7nOZDdBwE8kNzgkpGFo2XktTlsE7+7QsxTn/JS5o
6x4nnBXA86T7CfFBlgx98Ut08YOqnMJmciGCuaPuoQGhcCIWCfeGGiZ6j6prLUh1
vQp/BPQJSVxEGpchTxOsTaS7n3qhhnBNOuTHtc1LTI5zhhC9sZn76DEQj2AXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUO63wA9/cqZ6izKa0nkhrtw8LncMwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0FMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Evq9gcyL9ufdsvOVgtwD80dRLa6uYf7MAea3f2SP
GuVbHhMJzPL4ejdbXx7xJWtBG9I7kR9cF4YIdg3VpItNYvGSLno1RSmvhHRdkC4g
cd/MEZ9UQ2OMPQIqXGARqxGkhFMbrdCSEFOqiacWQ5BmDyvRJ69ymsr0BBcRVhbL
IZUb2EMvmFwOSVeLyosNlYifXJZ4Yakvw2NfjIVw++g63LiCk9ljOfo3V2Ktmqzm
5ypS83wd0lF8aI8Iqnte57J1FsRwat9O8QUBTRcRa/M5rcl5KNc+9yuEB3SaOFop
PJ18ACqZb4TDbsos0MDMEM8naEqm599MGJoJ2GvE3iMI
-----END CERTIFICATE-----