Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e372e302f32342d3234203d3e20383334.roa
File:                     3135392e3235332e372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          y/1qkVRRmxrQB8tF/6HVu1wXPN9Fx+NbA8oFFXYHeOw=
Subject key identifier:   7B:28:89:70:2B:0A:63:DA:F1:E4:55:2F:27:E6:9C:06:97:45:8E:EF
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       1D82F36EC594BE854A05FBEAE777034B21132C8F
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jan 2024 06:21:11 +0000
ROA not before:           Tue 23 Jan 2024 06:16:11 +0000
ROA not after:            Tue 21 Jan 2025 06:21:11 +0000
asID:                     834
IP address blocks:        159.253.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:82:f3:6e:c5:94:be:85:4a:05:fb:ea:e7:77:03:4b:21:13:2c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Jan 23 06:16:11 2024 GMT
            Not After : Jan 21 06:21:11 2025 GMT
        Subject: CN=7B2889702B0A63DAF1E4552F27E69C0697458EEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f8:85:fe:51:fd:9b:2c:28:0e:78:6d:a5:0c:
                    8d:70:df:bd:6e:dd:fe:af:1b:2e:45:66:2c:d1:43:
                    06:98:70:b5:d4:80:e4:ed:c8:79:ba:bd:d9:49:42:
                    c9:a6:07:19:a0:ad:c3:97:f5:76:a6:5c:02:d0:f3:
                    67:a9:87:42:92:51:1b:4a:03:ff:45:4f:f9:29:94:
                    3d:50:1e:59:11:02:d8:22:9b:1c:dd:a6:b9:84:0d:
                    72:41:9d:f9:97:7e:ef:1e:d5:2c:a6:97:3c:6c:d4:
                    76:bf:24:e8:24:03:9e:05:02:10:6f:56:f8:6b:92:
                    6a:b5:4a:37:8f:59:c3:d4:ed:17:76:64:9d:f4:cc:
                    b3:6c:4b:25:48:35:01:42:d6:32:ff:53:ec:0a:5c:
                    31:71:1a:1b:62:f2:c9:8a:26:3c:17:d5:61:c4:8d:
                    f9:81:97:c1:2b:86:70:d9:ed:a0:12:f0:00:f7:5b:
                    3a:dc:68:d2:94:32:d2:db:28:89:6e:dd:ff:78:1c:
                    fd:27:3e:48:6d:f7:5a:7e:1f:86:f5:c4:4d:47:81:
                    ac:a8:b1:78:95:11:e2:4a:07:d3:64:46:51:e5:2f:
                    c2:fc:95:db:d2:06:5e:4a:c8:4b:b7:07:d6:73:f9:
                    4f:b3:eb:b7:18:c5:25:fc:11:1b:5e:1b:97:9e:9b:
                    c1:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:28:89:70:2B:0A:63:DA:F1:E4:55:2F:27:E6:9C:06:97:45:8E:EF
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:16:76:a3:ec:fd:e8:02:de:85:5b:91:33:7e:b1:31:0f:4b:
         e1:17:3d:3b:ca:ac:d0:c2:38:fc:6f:d0:4e:c4:6a:49:fd:63:
         72:9a:9c:6f:bb:56:79:24:81:a6:99:5e:da:c4:43:33:51:0c:
         ed:52:0c:0d:58:da:9e:87:5f:4d:7e:d9:37:99:f6:04:bb:d0:
         0e:b7:d8:c2:5e:2f:83:3f:f5:86:a7:be:b7:81:d7:77:1d:71:
         f2:89:e1:4e:de:7c:51:40:d0:81:12:85:2d:d6:f5:8e:17:a2:
         81:19:b8:5e:4f:73:06:08:6e:06:41:ac:93:7a:81:f3:ec:08:
         c4:f7:37:b1:92:4d:40:f8:93:4e:e2:13:ec:16:c1:e7:cf:f5:
         11:4b:ac:05:ca:9e:aa:37:6e:de:a6:76:7f:b8:f3:32:59:77:
         8d:3d:3e:93:a1:49:59:c2:e2:20:5a:1c:2f:82:c3:f4:cb:2a:
         40:5e:a9:fb:eb:f9:81:16:7e:95:e3:02:6e:ba:ab:aa:b8:24:
         ad:23:f5:bc:42:64:85:33:d0:95:6d:ba:e5:b0:64:fd:86:60:
         96:d4:a7:d0:c9:7b:08:cf:5b:06:36:13:79:87:53:2c:46:46:
         9e:ed:18:7a:c7:1d:15:ba:39:06:e0:d3:bc:dc:70:23:ac:e9:
         bd:c9:68:73
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHYLzbsWUvoVKBfvq53cDSyETLI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNDAxMjMwNjE2MTFaFw0yNTAxMjEwNjIxMTFaMDMxMTAvBgNV
BAMTKDdCMjg4OTcwMkIwQTYzREFGMUU0NTUyRjI3RTY5QzA2OTc0NThFRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM+IX+Uf2bLCgOeG2lDI1w371u
3f6vGy5FZizRQwaYcLXUgOTtyHm6vdlJQsmmBxmgrcOX9XamXALQ82eph0KSURtK
A/9FT/kplD1QHlkRAtgimxzdprmEDXJBnfmXfu8e1Symlzxs1Ha/JOgkA54FAhBv
Vvhrkmq1SjePWcPU7Rd2ZJ30zLNsSyVINQFC1jL/U+wKXDFxGhti8smKJjwX1WHE
jfmBl8ErhnDZ7aAS8AD3WzrcaNKUMtLbKIlu3f94HP0nPkht91p+H4b1xE1Hgayo
sXiVEeJKB9NkRlHlL8L8ldvSBl5KyEu3B9Zz+U+z67cYxSX8ERteG5eem8HLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUeyiJcCsKY9rx5FUvJ+acBpdFju8wHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/0HMA0G
CSqGSIb3DQEBCwUAA4IBAQArFnaj7P3oAt6FW5EzfrExD0vhFz07yqzQwjj8b9BO
xGpJ/WNympxvu1Z5JIGmmV7axEMzUQztUgwNWNqeh19Nftk3mfYEu9AOt9jCXi+D
P/WGp763gdd3HXHyieFO3nxRQNCBEoUt1vWOF6KBGbheT3MGCG4GQayTeoHz7AjE
9zexkk1A+JNO4hPsFsHnz/URS6wFyp6qN27epnZ/uPMyWXeNPT6ToUlZwuIgWhwv
gsP0yypAXqn76/mBFn6V4wJuuququCStI/W8QmSFM9CVbbrlsGT9hmCW1KfQyXsI
z1sGNhN5h1MsRkae7Rh6xx0VujkG4NO83HAjrOm9yWhz
-----END CERTIFICATE-----