Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35342e302f32342d3332203d3e2039303039.roa
File:                     3139342e33312e35342e302f32342d3332203d3e2039303039.roa (raw, json)
Hash identifier:          uv8lDCnxeG4TNgqwKwcPQqmuQP2wBdBo0tHXZvireKE=
Subject key identifier:   64:29:1B:46:6F:46:0A:B2:03:E2:CC:7A:2F:A3:E4:67:E3:AF:94:01
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       0E22F1C358F1D0474B06281C5E9C855F7BEB54B6
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35342e302f32342d3332203d3e2039303039.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     9009
IP address blocks:        194.31.54.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:22:f1:c3:58:f1:d0:47:4b:06:28:1c:5e:9c:85:5f:7b:eb:54:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=64291B466F460AB203E2CC7A2FA3E467E3AF9401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7d:31:77:42:09:2e:4d:4c:56:db:e0:88:1f:
                    4d:39:52:04:a3:24:00:97:0e:bd:7d:ff:8a:25:20:
                    a1:c4:37:b4:8b:86:0a:70:7c:2d:73:26:21:25:3c:
                    9e:d8:c0:2a:0e:9b:8a:67:8a:63:79:59:67:ac:6c:
                    6c:12:01:5d:98:39:0a:25:49:7b:2f:22:2e:fc:18:
                    1e:e8:f1:ea:a0:eb:9a:e9:16:f8:27:61:1c:70:3d:
                    9c:5b:ae:e7:42:af:17:70:48:36:35:af:1e:f5:57:
                    1a:ce:f1:fa:d8:06:a5:b9:ee:fb:2f:bd:ca:2c:f3:
                    34:fb:02:12:2d:20:d5:88:82:33:a7:18:6f:a9:68:
                    ec:bd:a9:2f:aa:d3:f4:2e:50:67:d2:08:53:19:87:
                    f1:8a:09:42:35:29:f3:03:32:05:7c:e1:95:11:39:
                    06:fb:a0:d5:88:87:10:53:f0:f6:4a:14:78:fd:62:
                    35:37:fa:27:eb:9b:c3:4e:f1:c1:8b:ab:88:be:e2:
                    fe:62:f7:f3:3c:d2:4a:1a:28:b6:60:dc:a4:a0:8c:
                    d5:75:e6:87:36:3f:ad:a3:84:c3:fe:90:1b:ce:d4:
                    cc:8c:37:2c:bb:29:6e:89:2b:e9:0e:13:e8:83:5e:
                    fc:cd:c0:ae:24:e0:42:0d:54:e1:b0:b0:72:31:4d:
                    75:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:29:1B:46:6F:46:0A:B2:03:E2:CC:7A:2F:A3:E4:67:E3:AF:94:01
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35342e302f32342d3332203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:5b:b7:e9:0e:c2:c1:76:f6:1a:3c:89:55:01:8c:3f:e5:af:
         7f:c0:ee:0a:75:b2:f6:7b:5c:95:5d:40:7d:e0:61:55:41:2b:
         08:9e:ac:b3:33:4f:ec:33:ee:7a:10:58:e4:7c:65:f7:33:72:
         11:cf:db:93:46:2f:32:64:0d:f9:37:58:c6:66:04:02:9a:43:
         8e:96:cb:4b:88:d2:4e:f1:59:7e:99:6b:c4:cd:5d:9c:a3:bb:
         5b:cf:19:42:44:67:29:4b:b8:4d:3d:0c:1d:0d:5c:31:96:e4:
         89:e7:1a:bf:33:23:a2:d7:5d:34:f0:a7:79:6f:3a:4e:f1:0a:
         2a:9f:f9:c1:91:9f:67:57:e4:49:72:de:67:ea:84:63:3d:0f:
         f8:0c:cc:b2:19:c4:f2:a1:0b:06:ff:a7:1a:d9:00:6c:fd:09:
         9a:ce:b5:a9:44:f6:c0:05:7c:77:39:12:8d:21:eb:85:62:cc:
         92:41:67:df:e7:a1:2d:f2:69:8d:24:91:80:5e:39:f7:64:9b:
         2f:28:f1:f4:4f:d1:d6:87:2b:43:41:fd:b5:85:0c:81:a6:10:
         88:70:43:07:27:1d:b9:54:16:f8:70:39:16:64:4c:2a:de:97:
         13:5a:2f:10:fd:e9:ed:f9:81:a6:70:29:5e:92:ee:ed:98:6f:
         99:9d:b3:c3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDiLxw1jx0EdLBigcXpyFX3vrVLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKDY0MjkxQjQ2NkY0NjBBQjIwM0UyQ0M3QTJGQTNFNDY3RTNBRjk0MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDefTF3QgkuTUxW2+CIH005UgSj
JACXDr19/4olIKHEN7SLhgpwfC1zJiElPJ7YwCoOm4pnimN5WWesbGwSAV2YOQol
SXsvIi78GB7o8eqg65rpFvgnYRxwPZxbrudCrxdwSDY1rx71VxrO8frYBqW57vsv
vcos8zT7AhItINWIgjOnGG+paOy9qS+q0/QuUGfSCFMZh/GKCUI1KfMDMgV84ZUR
OQb7oNWIhxBT8PZKFHj9YjU3+ifrm8NO8cGLq4i+4v5i9/M80koaKLZg3KSgjNV1
5oc2P62jhMP+kBvO1MyMNyy7KW6JK+kOE+iDXvzNwK4k4EINVOGwsHIxTXXPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZCkbRm9GCrID4sx6L6PkZ+OvlAEwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzOTM0MmUzMzMxMmUzNTM0
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCHzYw
DQYJKoZIhvcNAQELBQADggEBAJBbt+kOwsF29ho8iVUBjD/lr3/A7gp1svZ7XJVd
QH3gYVVBKwierLMzT+wz7noQWOR8ZfczchHP25NGLzJkDfk3WMZmBAKaQ46Wy0uI
0k7xWX6Za8TNXZyju1vPGUJEZylLuE09DB0NXDGW5InnGr8zI6LXXTTwp3lvOk7x
Ciqf+cGRn2dX5Ely3mfqhGM9D/gMzLIZxPKhCwb/pxrZAGz9CZrOtalE9sAFfHc5
Eo0h64VizJJBZ9/noS3yaY0kkYBeOfdkmy8o8fRP0daHK0NB/bWFDIGmEIhwQwcn
HblUFvhwORZkTCrelxNaLxD96e35gaZwKV6S7u2Yb5mds8M=
-----END CERTIFICATE-----