Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35322e302f32342d3234203d3e203437353833.roa
File:                     3139342e33312e35322e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          YaIkMjc5dT+mO+7W+MHnK1GCQXhdJtC58NlAdbIx+zU=
Subject key identifier:   09:B5:8D:78:2C:20:41:67:F2:AC:36:AC:A7:03:EF:66:23:E5:15:F7
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       1ADADB28B0E05F77914160960735C20B1696E858
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35322e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     47583
IP address blocks:        194.31.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:da:db:28:b0:e0:5f:77:91:41:60:96:07:35:c2:0b:16:96:e8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=09B58D782C204167F2AC36ACA703EF6623E515F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ea:49:de:ed:01:47:d9:3c:79:a8:76:a7:fa:
                    ca:14:1f:b9:cd:7c:de:de:a9:6d:72:85:51:5e:ba:
                    2a:35:a7:45:45:3d:d0:5e:6a:5e:d2:d1:73:14:ce:
                    a8:46:d6:0b:9d:52:02:8e:9f:c0:4f:2e:27:24:ce:
                    b2:8d:62:d0:c3:63:44:d1:61:e0:4d:6e:37:33:a5:
                    60:af:16:8b:8a:f3:c5:b9:76:ba:48:4d:4b:91:9a:
                    39:ba:5f:f0:10:2a:e0:eb:8e:d4:e0:a7:56:fa:e6:
                    f1:22:fa:18:67:f6:62:bd:72:ba:03:c2:5a:0b:33:
                    1b:da:57:56:73:60:d7:75:6b:54:d1:5d:ac:82:c2:
                    52:be:e2:b4:2a:50:e8:09:00:9e:a3:03:48:87:3d:
                    19:a6:a5:f5:10:18:2c:84:68:c2:98:f7:c0:0a:ea:
                    7b:33:ce:21:7e:97:6e:6b:80:89:36:ad:ab:79:62:
                    a5:d7:cc:78:e6:04:cb:2c:81:38:25:3a:50:32:16:
                    a1:6a:e3:c4:c7:06:bb:c7:a0:91:4b:c1:c5:40:68:
                    27:dc:12:cc:14:46:54:96:e3:00:ed:4b:58:2e:34:
                    fd:37:e6:23:f2:a0:bf:dd:3a:8c:89:7f:10:c8:56:
                    35:5b:c3:2b:1b:6f:bc:67:1f:f7:51:b1:dc:39:f6:
                    81:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B5:8D:78:2C:20:41:67:F2:AC:36:AC:A7:03:EF:66:23:E5:15:F7
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35322e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:82:30:32:9d:e8:2d:9d:d3:31:60:4c:01:39:80:b7:0c:b4:
         96:fb:6f:14:60:45:b5:d9:9e:e9:50:d5:72:7a:21:19:7c:ff:
         54:48:16:df:42:bd:95:40:66:83:54:0b:2b:94:4c:dd:a6:ef:
         00:95:76:67:9e:b8:32:c9:1d:21:da:0e:df:39:f6:93:c1:93:
         8d:74:0f:6a:3f:17:b6:ac:32:7f:14:db:ec:9e:0d:3f:88:fc:
         62:91:0a:ab:ba:4c:0b:16:7e:79:83:82:0c:ee:41:f0:84:8f:
         4e:e0:d4:e8:b8:e5:a2:3e:6f:d6:03:fd:35:58:44:57:a0:f8:
         1b:73:d8:70:d4:da:72:f0:04:70:46:a4:f8:59:90:b8:29:5a:
         1b:4a:ec:96:3f:25:06:e3:03:58:33:48:c4:d3:c4:af:fd:5f:
         22:ff:3e:fe:66:31:3e:42:23:ff:d7:c5:a4:68:4c:55:a9:93:
         e5:b5:1c:70:94:69:b8:fa:85:89:14:ae:be:ec:bc:f5:38:11:
         8b:9f:98:f2:85:e0:a3:de:e3:37:0a:8c:67:0b:ca:99:5b:97:
         ea:71:f9:10:44:f6:b9:d4:52:31:a5:b5:49:6b:76:b2:07:3a:
         f6:ac:2d:43:cf:58:ed:5d:50:43:b6:8c:05:40:49:7c:be:41:
         56:9e:3b:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGtrbKLDgX3eRQWCWBzXCCxaW6FgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKDA5QjU4RDc4MkMyMDQxNjdGMkFDMzZBQ0E3MDNFRjY2MjNFNTE1RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI6kne7QFH2Tx5qHan+soUH7nN
fN7eqW1yhVFeuio1p0VFPdBeal7S0XMUzqhG1gudUgKOn8BPLickzrKNYtDDY0TR
YeBNbjczpWCvFouK88W5drpITUuRmjm6X/AQKuDrjtTgp1b65vEi+hhn9mK9croD
wloLMxvaV1ZzYNd1a1TRXayCwlK+4rQqUOgJAJ6jA0iHPRmmpfUQGCyEaMKY98AK
6nszziF+l25rgIk2rat5YqXXzHjmBMssgTglOlAyFqFq48THBrvHoJFLwcVAaCfc
EswURlSW4wDtS1guNP035iPyoL/dOoyJfxDIVjVbwysbb7xnH/dRsdw59oFDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCbWNeCwgQWfyrDaspwPvZiPlFfcwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzOTM0MmUzMzMxMmUzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIf
NDANBgkqhkiG9w0BAQsFAAOCAQEAl4IwMp3oLZ3TMWBMATmAtwy0lvtvFGBFtdme
6VDVcnohGXz/VEgW30K9lUBmg1QLK5RM3abvAJV2Z564MskdIdoO3zn2k8GTjXQP
aj8XtqwyfxTb7J4NP4j8YpEKq7pMCxZ+eYOCDO5B8ISPTuDU6Ljloj5v1gP9NVhE
V6D4G3PYcNTacvAEcEak+FmQuClaG0rslj8lBuMDWDNIxNPEr/1fIv8+/mYxPkIj
/9fFpGhMVamT5bUccJRpuPqFiRSuvuy89TgRi5+Y8oXgo97jNwqMZwvKmVuX6nH5
EET2udRSMaW1SWt2sgc69qwtQ89Y7V1QQ7aMBUBJfL5BVp47lg==
-----END CERTIFICATE-----