Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33352e31322e302f32332d3234203d3e203234393430.roa
File:                     3139342e33352e31322e302f32332d3234203d3e203234393430.roa (raw, json)
Hash identifier:          sTObopOXX31LfGHNGUXxPpH5dS0AI2gIq8gYQeglodY=
Subject key identifier:   60:16:15:60:18:4E:83:09:65:D5:E0:50:B0:3D:7B:AF:EB:C2:FD:D3
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       05AEB18EBA3E5DF2F008B000CB13E139BC0BDA45
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33352e31322e302f32332d3234203d3e203234393430.roa
Signing time:             Mon 26 Feb 2024 08:52:54 +0000
ROA not before:           Mon 26 Feb 2024 08:47:54 +0000
ROA not after:            Mon 24 Feb 2025 08:52:54 +0000
asID:                     24940
IP address blocks:        194.35.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ae:b1:8e:ba:3e:5d:f2:f0:08:b0:00:cb:13:e1:39:bc:0b:da:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:54 2024 GMT
            Not After : Feb 24 08:52:54 2025 GMT
        Subject: CN=60161560184E830965D5E050B03D7BAFEBC2FDD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:63:27:08:46:be:8c:50:d4:7d:76:1c:6b:ce:
                    59:30:a8:00:c6:ea:89:ca:f7:56:41:19:2a:77:af:
                    95:c5:ab:84:33:0d:79:43:9d:34:10:6b:79:da:2d:
                    50:60:b7:d7:0f:55:38:69:c1:46:a9:79:dc:af:49:
                    ae:34:6f:40:47:9b:79:9e:29:0e:9d:74:d7:16:57:
                    94:1a:0f:34:b9:e5:3e:e9:b6:63:e8:06:ed:25:8d:
                    90:0b:54:ea:36:56:a1:c2:5d:87:1f:93:89:f8:2c:
                    68:1f:d1:4d:99:49:f9:6c:79:10:4c:c9:a3:c6:66:
                    7e:bc:bb:d9:d0:08:c8:3f:b2:70:c6:64:70:49:4e:
                    b3:ff:5e:a1:af:ab:fa:59:fe:82:b9:85:3e:49:9d:
                    8b:55:78:c3:e5:81:a3:f7:88:b8:09:49:1a:e4:11:
                    da:53:f2:91:68:5a:2b:80:8f:b0:57:a5:2c:e7:c9:
                    c3:e7:69:36:5c:03:9b:c0:a2:20:bb:1a:57:64:6f:
                    a2:f0:1b:ad:b8:f3:c8:e0:ad:0e:dc:36:4c:e0:46:
                    c8:b4:47:71:fb:1a:0c:83:4c:c8:3c:2f:d9:33:9a:
                    00:d1:d1:c1:16:20:12:8a:fb:47:89:c6:e8:48:b1:
                    8a:9f:80:18:1b:1b:19:52:a4:0e:ab:28:59:0f:fb:
                    1a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:16:15:60:18:4E:83:09:65:D5:E0:50:B0:3D:7B:AF:EB:C2:FD:D3
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3139342e33352e31322e302f32332d3234203d3e203234393430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:d8:b6:c5:a8:1e:a8:d5:26:6b:4d:95:f0:e0:d9:8b:64:80:
         5e:c2:08:ca:8b:18:b2:9a:da:01:df:4c:fb:a4:3a:e3:fc:d8:
         5f:94:52:fd:47:61:19:d2:c7:e1:eb:4a:e0:80:c1:f5:d3:42:
         14:9c:c7:73:58:58:8c:2d:28:59:83:44:fe:3b:3c:6a:7c:ad:
         ba:d6:2c:61:c8:c4:83:76:e8:06:49:1f:3a:49:da:82:b0:04:
         a0:8f:93:2e:54:ad:3c:1b:be:8f:8d:4f:3c:86:f0:bf:d4:6a:
         8c:67:cb:4e:57:28:3f:b4:31:9b:12:e2:25:a1:e3:bc:a1:15:
         37:ed:0b:2a:a8:20:b3:c9:19:98:46:88:0e:6e:0a:68:2d:55:
         87:88:13:88:6b:eb:96:5f:95:3d:f5:58:69:e6:f9:b8:61:d5:
         c0:e9:5a:91:bf:5c:f2:f0:c3:4f:c5:d5:c2:67:3c:f8:97:32:
         41:31:e3:b5:db:09:65:cd:e0:b9:65:11:8c:dc:4f:b8:33:fc:
         1e:04:70:6f:72:64:41:70:1e:16:a4:78:4c:5f:b1:64:6a:45:
         9c:1b:d5:db:d1:5a:51:30:54:f5:90:fb:bf:9e:f1:58:72:f2:
         94:6a:6e:b8:1e:40:74:b2:f9:c5:fd:59:95:34:74:7f:a5:57:
         16:82:1d:ee
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBa6xjro+XfLwCLAAyxPhObwL2kUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTRaFw0yNTAyMjQwODUyNTRaMDMxMTAvBgNV
BAMTKDYwMTYxNTYwMTg0RTgzMDk2NUQ1RTA1MEIwM0Q3QkFGRUJDMkZERDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcYycIRr6MUNR9dhxrzlkwqADG
6onK91ZBGSp3r5XFq4QzDXlDnTQQa3naLVBgt9cPVThpwUapedyvSa40b0BHm3me
KQ6ddNcWV5QaDzS55T7ptmPoBu0ljZALVOo2VqHCXYcfk4n4LGgf0U2ZSflseRBM
yaPGZn68u9nQCMg/snDGZHBJTrP/XqGvq/pZ/oK5hT5JnYtVeMPlgaP3iLgJSRrk
EdpT8pFoWiuAj7BXpSznycPnaTZcA5vAoiC7Gldkb6LwG62488jgrQ7cNkzgRsi0
R3H7GgyDTMg8L9kzmgDR0cEWIBKK+0eJxuhIsYqfgBgbGxlSpA6rKFkP+xr1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYBYVYBhOgwll1eBQsD17r+vC/dMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzOTM0MmUzMzM1MmUzMTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzIzNDM5MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcIj
DDANBgkqhkiG9w0BAQsFAAOCAQEASti2xageqNUma02V8ODZi2SAXsIIyosYspra
Ad9M+6Q64/zYX5RS/UdhGdLH4etK4IDB9dNCFJzHc1hYjC0oWYNE/js8anytutYs
YcjEg3boBkkfOknagrAEoI+TLlStPBu+j41PPIbwv9RqjGfLTlcoP7QxmxLiJaHj
vKEVN+0LKqggs8kZmEaIDm4KaC1Vh4gTiGvrll+VPfVYaeb5uGHVwOlakb9c8vDD
T8XVwmc8+JcyQTHjtdsJZc3guWURjNxPuDP8HgRwb3JkQXAeFqR4TF+xZGpFnBvV
29FaUTBU9ZD7v57xWHLylGpuuB5AdLL5xf1ZlTR0f6VXFoId7g==
-----END CERTIFICATE-----