Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa
File:                     3139332e34322e39372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          UMSiQnwOk5afOSug+SIrjI+ffBb8QhfiSvFR9W9PVL0=
Subject key identifier:   5C:92:5F:88:2F:66:C1:16:36:7A:33:0E:FD:11:A6:FC:51:6B:B2:40
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       57B94557105DFA8711FFF4CC6446B41452B8CEB5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Jun 2024 15:03:49 +0000
ROA not before:           Tue 04 Jun 2024 14:58:49 +0000
ROA not after:            Tue 03 Jun 2025 15:03:49 +0000
asID:                     834
IP address blocks:        193.42.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:b9:45:57:10:5d:fa:87:11:ff:f4:cc:64:46:b4:14:52:b8:ce:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jun  4 14:58:49 2024 GMT
            Not After : Jun  3 15:03:49 2025 GMT
        Subject: CN=5C925F882F66C116367A330EFD11A6FC516BB240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:54:4e:cf:59:d1:3e:b2:dd:90:20:df:9c:59:
                    e2:59:c9:82:f0:97:8b:32:35:27:db:81:04:1f:07:
                    ab:94:76:82:9d:ff:6f:91:9b:83:d9:7e:69:4a:42:
                    83:c9:0f:3a:df:90:c3:a6:78:37:fc:7e:7f:0c:b5:
                    4b:54:ba:0a:4e:38:88:03:91:73:1e:4f:a4:81:e8:
                    88:e8:de:28:ba:29:c8:5d:09:82:cc:1a:74:0c:d7:
                    db:53:ba:9d:4b:21:1f:4b:0f:48:9e:d8:54:e1:14:
                    82:21:68:ba:70:74:8e:f5:6e:62:1c:a1:63:23:b4:
                    83:14:ad:84:d9:e4:7a:bc:05:3b:b0:d4:b1:5d:33:
                    08:63:16:c2:35:81:96:3e:6a:a7:ed:fc:ad:d9:8d:
                    92:eb:22:e6:1e:5e:bd:b7:11:6d:d4:61:69:94:36:
                    b6:32:2d:b3:d3:19:fc:dd:69:c2:04:eb:26:cd:ac:
                    a2:3e:12:b4:ee:49:6a:d6:f8:51:b2:5f:83:40:bc:
                    ee:61:48:31:90:d2:76:38:c5:9b:ad:ec:14:62:4b:
                    d6:67:1d:55:fb:8b:f1:b1:60:27:ee:c6:c6:a2:be:
                    15:a5:93:3e:3a:ab:66:0f:f9:9a:bf:af:19:44:a9:
                    64:c8:50:c6:9b:7e:6f:7e:cf:b2:42:91:70:dc:d6:
                    0f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:92:5F:88:2F:66:C1:16:36:7A:33:0E:FD:11:A6:FC:51:6B:B2:40
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:2f:ce:54:a1:64:4d:f5:2e:80:91:cb:5c:38:fe:02:40:92:
         2b:28:01:4c:3e:4d:c2:c9:11:cb:7a:e1:74:9d:16:03:44:02:
         88:df:6d:ba:cb:21:12:ac:2f:fc:0e:fc:90:c3:c6:2e:3c:3d:
         dd:bf:e9:50:69:b7:96:73:31:8c:07:43:64:10:47:ad:d4:de:
         66:64:5c:e6:8c:b1:91:e7:6c:49:eb:99:73:79:3c:05:4c:b8:
         1f:b7:1b:88:a6:42:e7:e3:ee:c0:aa:2b:c3:37:4d:4e:11:5e:
         ba:66:b4:21:b4:ab:be:eb:b6:a6:28:3b:8f:62:49:9b:1d:71:
         9d:3c:c4:a8:cb:f3:b5:d0:64:f9:ca:26:05:f0:3a:7b:b8:12:
         a2:46:e5:84:b7:c1:91:2e:d5:34:45:6e:4f:ee:c1:1c:a3:4f:
         bf:a3:f4:05:df:1b:95:85:f6:38:49:14:8b:94:69:63:93:77:
         18:63:d9:db:31:22:d0:b5:73:63:1c:82:ee:9b:0d:f0:d6:48:
         7a:05:c3:71:24:0f:b4:ce:b6:b8:4a:f0:a0:14:e1:83:bf:87:
         0a:27:8e:4a:1c:6f:2e:a4:98:03:bf:b8:37:9a:a5:6b:bc:eb:
         7d:c0:a0:d9:6b:70:52:27:b3:e7:1b:66:b6:00:b7:64:00:d0:
         06:de:09:9e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUV7lFVxBd+ocR//TMZEa0FFK4zrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA2MDQxNDU4NDlaFw0yNTA2MDMxNTAzNDlaMDMxMTAvBgNV
BAMTKDVDOTI1Rjg4MkY2NkMxMTYzNjdBMzMwRUZEMTFBNkZDNTE2QkIyNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNVE7PWdE+st2QIN+cWeJZyYLw
l4syNSfbgQQfB6uUdoKd/2+Rm4PZfmlKQoPJDzrfkMOmeDf8fn8MtUtUugpOOIgD
kXMeT6SB6Ijo3ii6KchdCYLMGnQM19tTup1LIR9LD0ie2FThFIIhaLpwdI71bmIc
oWMjtIMUrYTZ5Hq8BTuw1LFdMwhjFsI1gZY+aqft/K3ZjZLrIuYeXr23EW3UYWmU
NrYyLbPTGfzdacIE6ybNrKI+ErTuSWrW+FGyX4NAvO5hSDGQ0nY4xZut7BRiS9Zn
HVX7i/GxYCfuxsaivhWlkz46q2YP+Zq/rxlEqWTIUMabfm9+z7JCkXDc1g9vAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUXJJfiC9mwRY2ejMO/RGm/FFrskAwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTMzMmUzNDMyMmUzOTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSphMA0G
CSqGSIb3DQEBCwUAA4IBAQA1L85UoWRN9S6AkctcOP4CQJIrKAFMPk3CyRHLeuF0
nRYDRAKI3226yyESrC/8DvyQw8YuPD3dv+lQabeWczGMB0NkEEet1N5mZFzmjLGR
52xJ65lzeTwFTLgftxuIpkLn4+7AqivDN01OEV66ZrQhtKu+67amKDuPYkmbHXGd
PMSoy/O10GT5yiYF8Dp7uBKiRuWEt8GRLtU0RW5P7sEco0+/o/QF3xuVhfY4SRSL
lGljk3cYY9nbMSLQtXNjHILumw3w1kh6BcNxJA+0zra4SvCgFOGDv4cKJ45KHG8u
pJgDv7g3mqVrvOt9wKDZa3BSJ7PnG2a2ALdkANAG3gme
-----END CERTIFICATE-----