Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e382e302f32312d3234203d3e203437353833.roa
File:                     3134372e39332e382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          4QpewIXBoiFHnkZVg2GOiS6sAbbU545V91TtwSUIWJE=
Subject key identifier:   08:8D:11:C2:37:52:61:43:53:72:91:52:24:08:3A:C3:15:D5:09:1C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       152AF79979A6003667C5BC0B984DEDDFF67E292D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e382e302f32312d3234203d3e203437353833.roa
Signing time:             Wed 27 Nov 2024 14:36:32 +0000
ROA not before:           Wed 27 Nov 2024 14:31:32 +0000
ROA not after:            Wed 26 Nov 2025 14:36:32 +0000
asID:                     47583
IP address blocks:        147.93.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2a:f7:99:79:a6:00:36:67:c5:bc:0b:98:4d:ed:df:f6:7e:29:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov 27 14:31:32 2024 GMT
            Not After : Nov 26 14:36:32 2025 GMT
        Subject: CN=088D11C2375261435372915224083AC315D5091C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0d:44:27:75:47:d6:ab:5e:38:fc:03:c7:0f:
                    f9:5f:e0:7c:23:ce:88:76:c6:7a:d4:45:b5:e2:5c:
                    b4:52:e5:af:48:80:17:9a:a1:48:3f:9f:68:fc:b2:
                    0a:a7:7c:b7:7a:93:60:73:c4:86:0f:32:96:79:1b:
                    af:90:fd:3a:d8:13:84:e1:7f:ad:e7:79:bc:82:d2:
                    9c:7c:85:34:d8:64:5c:b0:83:e6:c5:d9:06:9f:ba:
                    48:99:31:96:70:d7:f0:11:23:fe:d6:3a:3a:6d:a8:
                    17:c6:f0:82:4e:f1:87:81:96:5c:a4:50:33:5e:1b:
                    27:d9:80:d0:05:6c:1f:5b:6d:c7:21:c4:a6:4e:ff:
                    0f:13:1c:5a:a9:e5:95:dc:98:10:8a:48:c6:58:67:
                    5b:bd:36:24:56:d9:f9:cd:cc:03:15:ef:73:88:e3:
                    04:21:3b:0b:b8:d5:fd:6f:90:5b:7e:f7:f7:43:22:
                    40:ec:ab:27:1d:20:39:60:17:0d:d3:99:7c:51:63:
                    37:72:bf:94:67:6c:13:7f:11:fd:a2:5d:61:5d:fe:
                    bf:c6:d4:b3:39:7d:99:44:f3:3b:01:46:66:18:e7:
                    e6:ec:e3:ab:20:41:f4:51:10:a7:34:65:14:20:dc:
                    0a:29:1e:1d:b4:c0:38:14:c0:be:ab:e4:63:be:a8:
                    48:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8D:11:C2:37:52:61:43:53:72:91:52:24:08:3A:C3:15:D5:09:1C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.93.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:4e:7e:2a:66:c3:c4:27:bc:92:06:3e:c6:17:d6:eb:ac:12:
         a8:93:a0:3c:2f:06:b9:64:eb:4e:cd:a4:a9:d0:c3:1f:ae:62:
         90:6c:43:fd:76:13:9f:1f:ec:48:0f:30:d7:10:d2:5b:09:61:
         1c:26:fa:e5:f5:81:dc:22:55:1e:5c:dd:c0:23:8e:2c:b6:9d:
         a8:2b:61:02:91:84:1c:f6:c7:b9:3b:cd:4b:bb:cb:23:b2:ac:
         ae:56:b5:d7:08:09:b3:be:70:8f:18:5d:29:2b:6e:d6:c6:ca:
         84:96:6c:e0:c7:30:6b:87:17:36:99:76:ac:55:06:b3:b6:23:
         ad:07:b0:87:48:98:b3:ff:6e:32:96:ee:e6:9e:ac:85:b5:94:
         89:47:b7:36:3d:8a:8b:82:7e:39:16:14:52:00:ee:b4:89:27:
         84:40:93:35:60:36:1d:82:48:1b:6d:18:ce:b8:cc:b1:0b:3c:
         b0:e5:ec:9c:59:11:a7:2e:5b:c1:93:3c:a5:b7:51:d0:4f:c0:
         c3:54:aa:50:a5:ca:53:a6:bc:32:51:36:45:a2:3d:de:83:ad:
         57:8e:37:b9:eb:01:31:a7:32:e0:c4:80:1f:cc:97:23:48:3e:
         48:d3:68:2e:97:61:17:fb:92:1e:91:4a:84:e0:34:cc:0b:27:
         60:8e:88:ee
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFSr3mXmmADZnxbwLmE3t3/Z+KS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDExMjcxNDMxMzJaFw0yNTExMjYxNDM2MzJaMDMxMTAvBgNV
BAMTKDA4OEQxMUMyMzc1MjYxNDM1MzcyOTE1MjI0MDgzQUMzMTVENTA5MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0DUQndUfWq144/APHD/lf4Hwj
zoh2xnrURbXiXLRS5a9IgBeaoUg/n2j8sgqnfLd6k2BzxIYPMpZ5G6+Q/TrYE4Th
f63nebyC0px8hTTYZFywg+bF2QafukiZMZZw1/ARI/7WOjptqBfG8IJO8YeBllyk
UDNeGyfZgNAFbB9bbcchxKZO/w8THFqp5ZXcmBCKSMZYZ1u9NiRW2fnNzAMV73OI
4wQhOwu41f1vkFt+9/dDIkDsqycdIDlgFw3TmXxRYzdyv5RnbBN/Ef2iXWFd/r/G
1LM5fZlE8zsBRmYY5+bs46sgQfRREKc0ZRQg3AopHh20wDgUwL6r5GO+qEjLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCI0RwjdSYUNTcpFSJAg6wxXVCRwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM3MmUzOTMzMmUzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOTXQgw
DQYJKoZIhvcNAQELBQADggEBAGZOfipmw8QnvJIGPsYX1uusEqiToDwvBrlk607N
pKnQwx+uYpBsQ/12E58f7EgPMNcQ0lsJYRwm+uX1gdwiVR5c3cAjjiy2nagrYQKR
hBz2x7k7zUu7yyOyrK5WtdcICbO+cI8YXSkrbtbGyoSWbODHMGuHFzaZdqxVBrO2
I60HsIdImLP/bjKW7uaerIW1lIlHtzY9iouCfjkWFFIA7rSJJ4RAkzVgNh2CSBtt
GM64zLELPLDl7JxZEacuW8GTPKW3UdBPwMNUqlClylOmvDJRNkWiPd6DrVeON7nr
ATGnMuDEgB/MlyNIPkjTaC6XYRf7kh6RSoTgNMwLJ2COiO4=
-----END CERTIFICATE-----