Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa
File:                     3139332e34322e39372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          FvtxovtZYNnqn6EJ2VrNZHaahXevXItdfjozrQrcRgs=
Subject key identifier:   AF:52:5F:82:C6:85:36:9F:B5:66:08:6D:F7:96:51:B7:BA:D1:0C:76
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       69FC5F328615C79D8AA36068336ED97757957675
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Jul 2023 14:37:40 +0000
ROA not before:           Tue 04 Jul 2023 14:32:40 +0000
ROA not after:            Tue 02 Jul 2024 14:37:40 +0000
asID:                     834
IP address blocks:        193.42.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:fc:5f:32:86:15:c7:9d:8a:a3:60:68:33:6e:d9:77:57:95:76:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jul  4 14:32:40 2023 GMT
            Not After : Jul  2 14:37:40 2024 GMT
        Subject: CN=AF525F82C685369FB566086DF79651B7BAD10C76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1a:07:6d:84:fe:c6:01:ef:f3:ed:b7:76:ae:
                    38:6e:82:09:dc:6e:20:68:e7:de:19:45:a4:d5:e0:
                    a7:12:0a:1b:81:ad:90:9f:8e:06:79:02:b2:18:c5:
                    27:eb:69:9f:55:7f:21:6a:1a:1d:8a:b8:05:44:df:
                    48:76:e5:49:5c:ed:5f:d5:89:5b:0b:e7:fd:87:a7:
                    6d:9e:fd:2f:f5:b3:88:9c:30:ec:41:4e:f8:38:16:
                    60:6c:3a:27:cb:51:53:3d:c9:36:72:92:0b:e1:54:
                    83:60:bc:ac:d6:79:c8:6e:9c:c2:62:2e:ff:7c:92:
                    ec:0f:bd:19:e4:11:fc:f2:66:8a:89:34:01:1a:7b:
                    97:aa:42:ad:0e:69:57:a6:7d:fd:61:84:76:9d:e9:
                    f5:dc:31:09:92:bb:55:4d:39:4b:19:c9:6b:c5:a1:
                    64:ee:d1:ba:3e:65:36:79:20:41:da:a4:71:d8:a2:
                    db:5e:4d:8f:b1:25:0b:4e:60:bb:86:95:0d:27:44:
                    b3:c4:89:cf:d0:6e:9d:41:c9:4b:82:c2:7e:b9:7f:
                    d7:c9:66:58:d3:c8:80:66:65:c3:58:45:0e:02:bd:
                    93:36:cf:ee:4b:96:e8:39:8d:ad:fc:1f:ad:15:df:
                    c5:2a:20:95:79:24:a7:68:5f:eb:42:65:86:9a:8a:
                    02:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:52:5F:82:C6:85:36:9F:B5:66:08:6D:F7:96:51:B7:BA:D1:0C:76
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139332e34322e39372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:6f:70:df:3a:02:70:6b:45:86:d8:6a:e8:d3:8b:16:ad:33:
         e3:6d:79:bd:ea:02:8d:2d:53:b7:62:af:ed:c8:ad:59:7f:01:
         cc:7b:f3:3f:b3:de:d2:dd:60:80:37:0f:84:54:96:26:63:98:
         c8:ab:52:cc:20:22:8e:51:e9:b2:09:96:63:0f:9e:f6:c9:7b:
         a7:74:15:70:70:a4:0f:07:bc:30:49:40:c0:2d:f1:15:09:cb:
         6a:c6:7e:8b:93:2a:0d:2b:16:59:92:8d:b9:86:0e:57:e8:56:
         b1:39:d5:3d:c2:e4:8d:58:86:23:a1:12:fb:b4:e9:6a:98:2f:
         49:15:b6:4e:3f:1f:19:de:2c:4d:20:27:a2:10:76:a4:18:11:
         fc:fc:cb:b2:92:83:ae:cb:f4:a8:5c:f6:c0:7d:98:84:08:30:
         51:23:e9:d5:7b:d9:80:f2:74:17:b7:0f:f6:a2:00:7b:df:b0:
         2e:a5:06:52:88:73:49:3c:c7:f7:ea:a3:b8:2c:26:68:69:dd:
         a8:0b:4a:05:8a:f4:f9:a8:72:c9:b6:5d:1e:0c:43:9d:f5:ed:
         08:15:19:64:f4:6b:d2:07:14:d3:9e:38:1f:eb:0c:cd:b9:20:
         35:f8:0d:c9:b4:86:60:b4:0f:e1:2a:08:42:ee:7f:61:14:f8:
         2d:19:7a:b2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUafxfMoYVx52Ko2BoM27Zd1eVdnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA3MDQxNDMyNDBaFw0yNDA3MDIxNDM3NDBaMDMxMTAvBgNV
BAMTKEFGNTI1RjgyQzY4NTM2OUZCNTY2MDg2REY3OTY1MUI3QkFEMTBDNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYGgdthP7GAe/z7bd2rjhuggnc
biBo594ZRaTV4KcSChuBrZCfjgZ5ArIYxSfraZ9VfyFqGh2KuAVE30h25Ulc7V/V
iVsL5/2Hp22e/S/1s4icMOxBTvg4FmBsOifLUVM9yTZykgvhVINgvKzWechunMJi
Lv98kuwPvRnkEfzyZoqJNAEae5eqQq0OaVemff1hhHad6fXcMQmSu1VNOUsZyWvF
oWTu0bo+ZTZ5IEHapHHYotteTY+xJQtOYLuGlQ0nRLPEic/Qbp1ByUuCwn65f9fJ
ZljTyIBmZcNYRQ4CvZM2z+5Llug5ja38H60V38UqIJV5JKdoX+tCZYaaigLlAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUr1JfgsaFNp+1Zght95ZRt7rRDHYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTMzMmUzNDMyMmUzOTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSphMA0G
CSqGSIb3DQEBCwUAA4IBAQAPb3DfOgJwa0WG2Gro04sWrTPjbXm96gKNLVO3Yq/t
yK1ZfwHMe/M/s97S3WCANw+EVJYmY5jIq1LMICKOUemyCZZjD572yXundBVwcKQP
B7wwSUDALfEVCctqxn6LkyoNKxZZko25hg5X6FaxOdU9wuSNWIYjoRL7tOlqmC9J
FbZOPx8Z3ixNICeiEHakGBH8/MuykoOuy/SoXPbAfZiECDBRI+nVe9mA8nQXtw/2
ogB737AupQZSiHNJPMf36qO4LCZoad2oC0oFivT5qHLJtl0eDEOd9e0IFRlk9GvS
BxTTnjgf6wzNuSA1+A3JtIZgtA/hKghC7n9hFPgtGXqy
-----END CERTIFICATE-----