Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33392e302f32342d3234203d3e203437353833.roa
File:                     3134392e36322e33392e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          gscoYm2hpphJmLOQLARjhPApJZCAOTquTDGOT291oEc=
Subject key identifier:   1A:AA:59:71:88:7C:89:3B:76:23:83:72:C0:B9:89:21:5E:FF:AE:4D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1F3F4ED98C283D83822B7FB55C08BAD3B879C238
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33392e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     47583
IP address blocks:        149.62.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:3f:4e:d9:8c:28:3d:83:82:2b:7f:b5:5c:08:ba:d3:b8:79:c2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=1AAA5971887C893B76238372C0B989215EFFAE4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bb:c5:2c:07:3d:1f:00:c5:dc:ea:f3:ee:a5:
                    11:eb:43:76:7a:4b:55:69:2c:06:7a:4a:77:ba:b0:
                    ee:dc:12:7a:d8:e9:07:ce:ef:f5:6b:a7:e8:be:ed:
                    bd:66:20:cf:22:01:96:b9:4d:c3:73:66:4d:0c:eb:
                    ce:64:01:a3:04:72:e2:32:10:d1:af:57:6e:b2:1a:
                    69:54:d2:fd:ba:48:d7:d8:6b:d2:45:13:0b:92:41:
                    0f:95:f2:3f:8b:ab:c3:38:38:ea:09:45:82:c4:97:
                    6a:23:c4:cc:9e:81:09:8c:17:9c:16:2d:df:66:8b:
                    f3:36:e6:4c:55:6d:22:db:f8:20:d1:5a:90:20:45:
                    bc:3e:d6:28:db:59:e3:46:39:6f:5f:22:11:0e:4a:
                    e8:d2:c4:5d:40:e0:4e:a7:5b:43:f2:92:bf:75:29:
                    9a:c0:16:5c:5f:b9:32:26:85:72:1b:52:95:63:db:
                    d8:5b:6e:fc:b1:68:27:9f:d6:76:4d:3e:54:5c:52:
                    95:83:b5:c9:83:6f:91:13:35:e1:27:59:c5:0b:0f:
                    8b:63:51:bb:18:11:07:b0:3d:ce:60:f2:ad:c8:4f:
                    bf:95:18:68:56:ee:35:38:ad:ec:f9:14:38:d7:c7:
                    2d:10:1d:de:59:69:c6:23:1d:33:40:ec:ca:97:b8:
                    6f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:AA:59:71:88:7C:89:3B:76:23:83:72:C0:B9:89:21:5E:FF:AE:4D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33392e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:98:68:bd:c0:68:6e:dc:b3:9d:ba:db:e9:1d:61:e9:d6:83:
         71:e7:58:89:f0:16:dd:72:5a:9a:39:36:8c:ab:ad:5e:54:da:
         ac:8d:db:a9:bd:f0:45:ba:20:19:6b:56:13:1a:91:6b:e5:f5:
         94:3c:28:d1:d4:b8:e6:97:a9:60:cd:e1:3a:43:c2:14:82:8f:
         d2:27:60:3d:10:5a:f8:0f:98:56:eb:52:a8:b3:38:2a:36:eb:
         96:c2:ee:dd:7c:3a:e6:60:f6:af:70:11:95:08:1f:98:17:c4:
         8f:07:e2:8c:3b:38:24:f3:6b:b5:34:00:e1:a0:2d:ef:db:17:
         62:1e:40:7b:b5:53:36:28:f9:a5:5c:fb:2b:6b:fd:06:c5:19:
         45:d1:1f:bf:c8:14:97:71:22:c5:b6:8b:69:cf:09:68:b8:31:
         13:48:b0:42:21:d0:08:54:2e:c1:26:38:ea:c8:7d:f8:c9:84:
         82:a5:79:3b:78:10:04:7b:53:95:06:ef:8f:df:b5:9d:65:0f:
         7f:b0:89:78:b0:b9:0c:10:c1:61:8d:71:ee:02:c3:b7:8e:78:
         d3:2d:57:13:ac:2a:fc:96:76:29:35:61:23:ec:25:53:cf:4f:
         9d:1d:fb:57:3e:58:db:76:fe:08:c8:3b:c0:db:2f:9a:7a:4d:
         34:2e:36:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHz9O2YwoPYOCK3+1XAi607h5wjgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKDFBQUE1OTcxODg3Qzg5M0I3NjIzODM3MkMwQjk4OTIxNUVGRkFFNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfu8UsBz0fAMXc6vPupRHrQ3Z6
S1VpLAZ6Sne6sO7cEnrY6QfO7/Vrp+i+7b1mIM8iAZa5TcNzZk0M685kAaMEcuIy
ENGvV26yGmlU0v26SNfYa9JFEwuSQQ+V8j+Lq8M4OOoJRYLEl2ojxMyegQmMF5wW
Ld9mi/M25kxVbSLb+CDRWpAgRbw+1ijbWeNGOW9fIhEOSujSxF1A4E6nW0Pykr91
KZrAFlxfuTImhXIbUpVj29hbbvyxaCef1nZNPlRcUpWDtcmDb5ETNeEnWcULD4tj
UbsYEQewPc5g8q3IT7+VGGhW7jU4rez5FDjXxy0QHd5ZacYjHTNA7MqXuG+FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGqpZcYh8iTt2I4NywLmJIV7/rk0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzNDM5MmUzNjMyMmUzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJU+
JzANBgkqhkiG9w0BAQsFAAOCAQEACJhovcBobtyznbrb6R1h6daDcedYifAW3XJa
mjk2jKutXlTarI3bqb3wRbogGWtWExqRa+X1lDwo0dS45pepYM3hOkPCFIKP0idg
PRBa+A+YVutSqLM4KjbrlsLu3Xw65mD2r3ARlQgfmBfEjwfijDs4JPNrtTQA4aAt
79sXYh5Ae7VTNij5pVz7K2v9BsUZRdEfv8gUl3EixbaLac8JaLgxE0iwQiHQCFQu
wSY46sh9+MmEgqV5O3gQBHtTlQbvj9+1nWUPf7CJeLC5DBDBYY1x7gLDt4540y1X
E6wq/JZ2KTVhI+wlU89PnR37Vz5Y23b+CMg7wNsvmnpNNC428w==
-----END CERTIFICATE-----