Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35352e302f32342d3234203d3e203437353833.roa
File:                     3139342e33312e35352e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          ZXcU1uY+4jgFMaWxuw3DdqMkZInOn+iAtHyi4ENI7GY=
Subject key identifier:   A7:9A:4B:A4:E1:AC:62:11:A9:BF:40:01:6E:3E:86:73:28:A7:DC:65
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       37431BE8C1E37697233106110C2856AB9F0A282E
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35352e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:36 +0000
ROA not before:           Mon 26 Feb 2024 08:48:36 +0000
ROA not after:            Mon 24 Feb 2025 08:53:36 +0000
asID:                     47583
IP address blocks:        194.31.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:43:1b:e8:c1:e3:76:97:23:31:06:11:0c:28:56:ab:9f:0a:28:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Feb 26 08:48:36 2024 GMT
            Not After : Feb 24 08:53:36 2025 GMT
        Subject: CN=A79A4BA4E1AC6211A9BF40016E3E867328A7DC65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:08:08:c7:f5:72:4b:5a:4b:7e:41:6a:82:19:
                    e2:27:e1:95:04:d4:61:53:ff:cf:f1:70:5a:dc:f8:
                    3e:f1:0f:a0:63:54:4f:a7:77:e6:41:d1:5d:ec:03:
                    18:ee:6b:d1:2e:90:6b:5b:35:52:2b:24:55:6f:b2:
                    ea:85:30:75:13:5a:63:d8:f5:ad:13:24:4e:17:4b:
                    17:cd:04:5e:76:fb:9b:bc:6f:a5:7f:f5:e4:ec:06:
                    90:b5:7c:eb:77:6d:61:e4:c8:44:78:35:8a:6f:4c:
                    f3:3e:ef:f1:3d:87:4c:b0:8d:8e:bc:f5:43:f1:2a:
                    f3:31:94:62:53:35:3d:c9:77:ba:05:02:7e:56:f2:
                    c9:e5:1a:f5:55:b8:39:3b:1c:25:b5:85:42:cc:01:
                    d1:3b:dc:39:5f:8f:80:59:60:cf:18:ec:fd:45:f8:
                    3e:6b:2b:43:56:f7:e8:cb:9b:11:2e:49:d4:57:7f:
                    16:b4:f6:54:0b:9a:55:26:87:ff:07:9b:2d:00:bc:
                    44:52:21:1d:2e:97:27:9d:9f:ce:30:9e:7e:87:a9:
                    85:d0:90:54:a1:29:ee:76:4b:a4:74:7d:1d:8e:cc:
                    26:77:dd:c4:13:44:98:d3:0a:6f:d6:95:15:b3:47:
                    11:0e:16:40:8b:66:ae:d0:2b:aa:91:ad:4a:79:5b:
                    08:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9A:4B:A4:E1:AC:62:11:A9:BF:40:01:6E:3E:86:73:28:A7:DC:65
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3139342e33312e35352e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e4:dc:a7:1a:00:f3:20:8f:3a:e2:f9:d2:60:b6:09:f1:49:
         04:03:4c:ac:8f:b1:86:5e:25:e0:02:c8:72:f7:f6:d4:fd:dc:
         99:0f:0c:df:0f:92:2d:e9:7a:22:c1:14:c8:c7:97:1a:97:b7:
         ec:b1:f6:6d:c4:73:bf:de:ff:7a:8f:b3:77:f5:df:ba:87:41:
         30:b0:87:fa:4f:5c:f0:a3:72:cc:4a:8a:c6:c2:81:4f:7e:d6:
         d2:7c:78:35:69:7d:6a:e7:a6:94:14:70:18:7b:11:73:4a:d7:
         cf:14:26:72:b0:2f:d8:1a:9b:96:e7:9b:cf:39:81:b6:e5:7f:
         29:0e:9e:43:07:02:08:b8:3e:00:5b:7b:e8:66:48:78:65:37:
         70:eb:0b:8a:36:1a:36:f0:5c:cd:d2:ce:cd:4e:3b:b6:f1:68:
         29:0a:f3:7b:79:97:0c:1a:48:da:63:07:bc:e7:eb:e6:b9:4c:
         28:71:32:76:ac:db:60:07:b3:98:44:fe:64:15:dd:90:c0:44:
         fc:c1:c1:c8:96:da:bc:c3:bd:83:3a:31:9e:88:3c:40:38:49:
         70:c3:b6:71:58:c7:91:75:6a:97:4a:9a:7f:d1:39:4f:b1:78:
         ef:ab:08:2b:aa:c3:53:24:2c:25:5c:1d:1d:fd:3e:ef:f8:ff:
         08:a7:01:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN0Mb6MHjdpcjMQYRDChWq58KKC4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDAyMjYwODQ4MzZaFw0yNTAyMjQwODUzMzZaMDMxMTAvBgNV
BAMTKEE3OUE0QkE0RTFBQzYyMTFBOUJGNDAwMTZFM0U4NjczMjhBN0RDNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDCAjH9XJLWkt+QWqCGeIn4ZUE
1GFT/8/xcFrc+D7xD6BjVE+nd+ZB0V3sAxjua9EukGtbNVIrJFVvsuqFMHUTWmPY
9a0TJE4XSxfNBF52+5u8b6V/9eTsBpC1fOt3bWHkyER4NYpvTPM+7/E9h0ywjY68
9UPxKvMxlGJTNT3Jd7oFAn5W8snlGvVVuDk7HCW1hULMAdE73Dlfj4BZYM8Y7P1F
+D5rK0NW9+jLmxEuSdRXfxa09lQLmlUmh/8Hmy0AvERSIR0ulyedn84wnn6HqYXQ
kFShKe52S6R0fR2OzCZ33cQTRJjTCm/WlRWzRxEOFkCLZq7QK6qRrUp5WwhHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUp5pLpOGsYhGpv0ABbj6Gcyin3GUwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzOTM0MmUzMzMxMmUzNTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIf
NzANBgkqhkiG9w0BAQsFAAOCAQEArOTcpxoA8yCPOuL50mC2CfFJBANMrI+xhl4l
4ALIcvf21P3cmQ8M3w+SLel6IsEUyMeXGpe37LH2bcRzv97/eo+zd/XfuodBMLCH
+k9c8KNyzEqKxsKBT37W0nx4NWl9auemlBRwGHsRc0rXzxQmcrAv2BqbluebzzmB
tuV/KQ6eQwcCCLg+AFt76GZIeGU3cOsLijYaNvBczdLOzU47tvFoKQrze3mXDBpI
2mMHvOfr5rlMKHEydqzbYAezmET+ZBXdkMBE/MHByJbavMO9gzoxnog8QDhJcMO2
cVjHkXVql0qaf9E5T7F476sIK6rDUyQsJVwdHf0+7/j/CKcBdg==
-----END CERTIFICATE-----