Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3139352e372e342e302f32322d3332203d3e203531313637.roa
File:                     3139352e372e342e302f32322d3332203d3e203531313637.roa (raw, json)
Hash identifier:          zAnytjKjZJ7AbVlIQzkLbqtA41Ik2ACn+853IuakWr4=
Subject key identifier:   D2:FF:9E:B3:A6:EC:21:9B:AC:8A:4B:A6:1C:F9:AE:BB:5B:99:4E:4A
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       24851A8725A20E0FF77C3DCAC1B922284902A9FD
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3139352e372e342e302f32322d3332203d3e203531313637.roa
Signing time:             Fri 20 Dec 2024 15:23:29 +0000
ROA not before:           Fri 20 Dec 2024 15:18:29 +0000
ROA not after:            Fri 19 Dec 2025 15:23:29 +0000
asID:                     51167
IP address blocks:        195.7.4.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 14:31:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:85:1a:87:25:a2:0e:0f:f7:7c:3d:ca:c1:b9:22:28:49:02:a9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Dec 20 15:18:29 2024 GMT
            Not After : Dec 19 15:23:29 2025 GMT
        Subject: CN=D2FF9EB3A6EC219BAC8A4BA61CF9AEBB5B994E4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8d:db:0a:20:8e:3b:8a:04:32:d8:1f:e6:f6:
                    73:32:f9:11:78:d4:57:77:12:be:89:ae:b0:ed:e8:
                    90:4d:8e:1e:78:83:61:6d:01:f7:6e:28:4d:21:06:
                    64:71:b7:f4:85:94:9f:c6:aa:72:ca:a0:10:ef:19:
                    4c:b4:a3:83:7e:4b:ed:1b:d1:e4:27:0f:74:7c:5b:
                    ec:63:b3:7a:fa:48:7b:bb:94:fc:4f:64:77:63:94:
                    d2:98:ad:75:92:3d:1b:70:fd:b0:7a:c6:01:9c:99:
                    d6:05:04:b7:28:5a:9d:65:fc:50:50:51:90:fe:53:
                    20:a5:b2:15:47:43:e4:41:0b:91:9f:05:2d:9e:a8:
                    3e:bc:13:2a:3e:31:67:9d:49:39:ee:29:38:10:a4:
                    f2:a4:e2:3e:cf:d6:36:28:37:65:36:b3:5e:3a:c0:
                    63:c3:c6:8c:cf:22:8e:ab:7c:58:09:f8:5a:69:20:
                    be:ec:19:ea:46:a5:0f:4b:76:e8:71:ec:1d:f6:e4:
                    1d:b3:64:db:a2:af:f8:2b:9d:f7:b4:2a:8b:20:f5:
                    c8:97:87:41:55:c4:f6:b1:6d:26:96:8b:ff:f9:13:
                    74:68:0a:d6:58:df:1d:f8:8e:d8:1b:f5:c7:56:dd:
                    ae:6b:37:f0:56:fe:69:8b:95:ce:64:ee:84:4a:3f:
                    77:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FF:9E:B3:A6:EC:21:9B:AC:8A:4B:A6:1C:F9:AE:BB:5B:99:4E:4A
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3139352e372e342e302f32322d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.7.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:57:52:12:e6:89:49:62:19:8c:70:a4:41:70:2f:bf:96:89:
         95:46:d6:a8:ae:f2:88:6e:16:16:ce:f2:f0:34:9b:7d:64:2b:
         9c:e5:34:5d:be:d9:b5:4a:b9:13:84:25:5e:63:b7:3d:fc:cb:
         28:6b:0f:8d:b8:e9:cf:25:07:6d:7d:d5:2c:21:1f:04:de:d5:
         05:3d:96:e2:50:41:52:12:3d:58:c6:f0:e2:7d:e5:5b:74:52:
         33:fc:31:b9:97:8b:f1:88:0e:cd:7e:00:5b:eb:fa:31:01:e5:
         0f:de:43:cb:a3:bf:b2:83:2d:8a:bf:bd:1f:6c:81:c8:b5:d1:
         e9:f3:d9:fd:14:4d:fc:01:a1:83:86:63:76:3e:c6:59:09:08:
         ab:94:a7:d3:fd:a0:af:d1:02:39:ff:cc:27:87:23:0a:b4:de:
         e1:cd:e5:08:55:61:30:85:6f:ae:70:4c:06:c6:b0:6a:94:f6:
         cf:ed:f1:d9:d2:9e:98:63:fd:9f:f5:a6:b0:3b:de:a8:b0:d9:
         ac:6a:09:e3:61:f7:38:aa:82:6d:49:90:9e:b6:e9:d9:d0:17:
         81:36:91:30:e3:72:6b:ec:d4:dc:a2:2e:ab:31:7d:2b:31:36:
         1c:40:c1:df:d5:15:db:4d:53:03:35:f2:c9:b6:c7:d1:9c:7e:
         02:70:95:fb
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUJIUahyWiDg/3fD3KwbkiKEkCqf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDEyMjAxNTE4MjlaFw0yNTEyMTkxNTIzMjlaMDMxMTAvBgNV
BAMTKEQyRkY5RUIzQTZFQzIxOUJBQzhBNEJBNjFDRjlBRUJCNUI5OTRFNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjdsKII47igQy2B/m9nMy+RF4
1Fd3Er6JrrDt6JBNjh54g2FtAfduKE0hBmRxt/SFlJ/GqnLKoBDvGUy0o4N+S+0b
0eQnD3R8W+xjs3r6SHu7lPxPZHdjlNKYrXWSPRtw/bB6xgGcmdYFBLcoWp1l/FBQ
UZD+UyClshVHQ+RBC5GfBS2eqD68Eyo+MWedSTnuKTgQpPKk4j7P1jYoN2U2s146
wGPDxozPIo6rfFgJ+FppIL7sGepGpQ9Lduhx7B325B2zZNuir/grnfe0Kosg9ciX
h0FVxPaxbSaWi//5E3RoCtZY3x34jtgb9cdW3a5rN/BW/mmLlc5k7oRKP3cjAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQU0v+es6bsIZusikumHPmuu1uZTkowHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM5MzUyZTM3MmUz
NDJlMzAyZjMyMzIyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALD
BwQwDQYJKoZIhvcNAQELBQADggEBAE9XUhLmiUliGYxwpEFwL7+WiZVG1qiu8ohu
FhbO8vA0m31kK5zlNF2+2bVKuROEJV5jtz38yyhrD4246c8lB2191SwhHwTe1QU9
luJQQVISPVjG8OJ95Vt0UjP8MbmXi/GIDs1+AFvr+jEB5Q/eQ8ujv7KDLYq/vR9s
gci10enz2f0UTfwBoYOGY3Y+xlkJCKuUp9P9oK/RAjn/zCeHIwq03uHN5QhVYTCF
b65wTAbGsGqU9s/t8dnSnphj/Z/1prA73qiw2axqCeNh9ziqgm1JkJ626dnQF4E2
kTDjcmvs1NyiLqsxfSsxNhxAwd/VFdtNUwM18sm2x9GcfgJwlfs=
-----END CERTIFICATE-----