Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35332e302f32342d3234203d3e203437353833.roa
File:                     3139342e33312e35332e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          AOxdXRKy9CM7cUIpeUsgDWOSU10QC7A3OxJksqxL1Dg=
Subject key identifier:   23:20:6E:D0:26:12:E9:D1:D0:E2:F9:2F:BB:0C:C4:16:56:A5:7C:56
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       3559956DE4E68865D03AEC31971B4A71B68353CB
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35332e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:35 +0000
ROA not before:           Mon 26 Feb 2024 08:48:35 +0000
ROA not after:            Mon 24 Feb 2025 08:53:35 +0000
asID:                     47583
IP address blocks:        194.31.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:59:95:6d:e4:e6:88:65:d0:3a:ec:31:97:1b:4a:71:b6:83:53:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:35 2024 GMT
            Not After : Feb 24 08:53:35 2025 GMT
        Subject: CN=23206ED02612E9D1D0E2F92FBB0CC41656A57C56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:44:c7:66:59:24:33:15:c3:1b:a5:ef:d4:c9:
                    bb:2c:7e:5f:53:4a:58:67:7e:40:fc:f2:42:45:e7:
                    85:e7:61:de:08:ef:3d:44:fa:1e:6c:62:38:72:da:
                    d2:8d:9c:64:6f:86:07:73:7b:4e:cb:0c:e2:dc:99:
                    c2:7c:a3:0e:e4:20:0f:01:df:85:3a:06:ec:10:13:
                    d3:26:f8:e4:e1:53:c8:aa:5a:c4:70:1a:70:89:10:
                    fc:05:4e:cb:73:d0:72:74:d1:f7:ae:3d:b5:b5:fa:
                    8d:94:d9:ce:b6:2e:e7:c7:ec:60:3d:b3:b0:4a:56:
                    15:b6:ba:eb:17:62:c5:1d:f0:e8:83:3b:c4:83:f7:
                    30:d8:f3:85:63:95:d1:7b:a5:68:f4:f9:2d:ba:71:
                    69:87:41:22:f8:e2:a4:c0:1b:42:05:58:01:d2:fa:
                    c5:9c:94:14:1d:1e:d4:ec:c4:31:0d:df:e5:4d:58:
                    77:b8:91:08:3a:7a:81:ba:6d:80:9b:fc:79:9f:28:
                    7c:fd:09:2b:32:0c:35:82:64:8e:49:fc:70:ab:78:
                    a6:be:cd:65:11:76:a8:02:dc:02:af:6c:93:82:f2:
                    48:85:da:ac:2e:96:c3:92:ee:8f:b9:da:bf:f2:8e:
                    cc:f2:64:cb:e5:51:d3:52:93:ef:fa:e3:88:e4:4b:
                    63:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:20:6E:D0:26:12:E9:D1:D0:E2:F9:2F:BB:0C:C4:16:56:A5:7C:56
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35332e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:a5:9e:39:d7:83:9f:27:ff:dc:4a:75:c3:5c:b8:05:9d:a2:
         98:53:37:eb:e2:2b:42:14:ce:b4:1b:6c:df:a4:e3:b6:36:18:
         2f:22:f2:44:82:55:cc:44:87:00:9b:d6:f6:19:ab:c2:6e:24:
         e1:8c:90:b4:7f:19:9f:2b:b5:33:0b:69:5e:b3:24:26:7e:2f:
         05:2a:1f:b2:48:3c:85:34:ae:ad:42:84:ef:d3:32:70:12:fd:
         f9:12:89:b2:28:ff:36:f6:f3:c4:b3:2c:ec:0f:11:df:41:ff:
         8a:7c:dc:69:6f:4b:d1:d4:d1:2b:18:59:e6:d0:fc:48:87:24:
         3b:2c:5b:a4:ed:ca:15:e6:75:99:b7:46:44:fb:c8:18:93:dc:
         54:2d:26:28:13:f8:bb:98:c0:bd:3e:09:76:09:72:26:56:e9:
         9c:4e:1e:b3:57:5d:56:5f:c7:97:b3:5b:18:98:57:c6:b0:e9:
         6e:52:5d:40:98:58:d9:aa:13:be:be:c5:68:bd:93:37:60:c0:
         bd:fd:b1:81:06:49:e3:78:0c:a4:83:22:38:18:ec:5a:7b:57:
         84:a1:28:a5:e6:22:f5:d6:c2:f5:14:cf:06:4d:d9:ee:55:e8:
         24:a2:97:46:7b:43:b5:2b:bd:2f:04:d3:d2:c7:16:fa:e2:52:
         2b:4f:36:f2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNVmVbeTmiGXQOuwxlxtKcbaDU8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzVaFw0yNTAyMjQwODUzMzVaMDMxMTAvBgNV
BAMTKDIzMjA2RUQwMjYxMkU5RDFEMEUyRjkyRkJCMENDNDE2NTZBNTdDNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqRMdmWSQzFcMbpe/Uybssfl9T
SlhnfkD88kJF54XnYd4I7z1E+h5sYjhy2tKNnGRvhgdze07LDOLcmcJ8ow7kIA8B
34U6BuwQE9Mm+OThU8iqWsRwGnCJEPwFTstz0HJ00feuPbW1+o2U2c62LufH7GA9
s7BKVhW2uusXYsUd8OiDO8SD9zDY84VjldF7pWj0+S26cWmHQSL44qTAG0IFWAHS
+sWclBQdHtTsxDEN3+VNWHe4kQg6eoG6bYCb/HmfKHz9CSsyDDWCZI5J/HCreKa+
zWURdqgC3AKvbJOC8kiF2qwulsOS7o+52r/yjszyZMvlUdNSk+/644jkS2MTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIyBu0CYS6dHQ4vkvuwzEFlalfFYwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzOTM0MmUzMzMxMmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIf
NTANBgkqhkiG9w0BAQsFAAOCAQEAEaWeOdeDnyf/3Ep1w1y4BZ2imFM36+IrQhTO
tBts36TjtjYYLyLyRIJVzESHAJvW9hmrwm4k4YyQtH8Znyu1MwtpXrMkJn4vBSof
skg8hTSurUKE79MycBL9+RKJsij/NvbzxLMs7A8R30H/inzcaW9L0dTRKxhZ5tD8
SIckOyxbpO3KFeZ1mbdGRPvIGJPcVC0mKBP4u5jAvT4JdglyJlbpnE4es1ddVl/H
l7NbGJhXxrDpblJdQJhY2aoTvr7FaL2TN2DAvf2xgQZJ43gMpIMiOBjsWntXhKEo
peYi9dbC9RTPBk3Z7lXoJKKXRntDtSu9LwTT0scW+uJSK0828g==
-----END CERTIFICATE-----