Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa
File:                     3135392e34382e342e302f32322d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          RDwJS6aSZ5fzf4RZBOSQzdk4V4TrgQfNsxr/8yNm9o0=
Subject key identifier:   31:AD:DE:FD:AD:6B:AA:C8:1F:E4:F0:0B:13:87:D1:4A:5D:49:1C:C6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       60EAEA5C1F650D8E0933DBB95655DEBE48C08DAB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa
Signing time:             Mon 26 Feb 2024 08:53:22 +0000
ROA not before:           Mon 26 Feb 2024 08:48:22 +0000
ROA not after:            Mon 24 Feb 2025 08:53:22 +0000
asID:                     204170
IP address blocks:        159.48.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ea:ea:5c:1f:65:0d:8e:09:33:db:b9:56:55:de:be:48:c0:8d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:22 2024 GMT
            Not After : Feb 24 08:53:22 2025 GMT
        Subject: CN=31ADDEFDAD6BAAC81FE4F00B1387D14A5D491CC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b3:67:ce:4f:18:f5:63:31:72:2e:7e:02:c0:
                    5f:fd:8f:68:35:98:cc:17:6c:5f:59:f1:b9:f9:4c:
                    be:ad:b0:ee:3c:01:cc:f4:29:9c:c7:53:f4:af:a1:
                    0e:ce:45:54:9e:dd:ba:cb:00:4f:59:59:18:1d:03:
                    f8:bc:13:da:87:aa:dc:85:73:c9:1f:2e:15:2a:7b:
                    7f:8d:20:9e:c9:77:b0:02:ba:21:15:28:8a:a5:c9:
                    0f:c5:01:ea:8d:af:3f:ac:76:61:45:a0:c4:a8:08:
                    b2:01:91:59:1f:68:26:a7:8d:6a:eb:61:31:08:5c:
                    1a:76:8d:4c:25:3e:b7:20:e0:3b:05:cb:de:5b:71:
                    c1:c4:aa:8c:dc:57:30:38:f4:11:87:83:c5:e8:10:
                    0a:60:7c:27:29:45:49:b7:03:e1:eb:a9:9b:ac:37:
                    e3:8f:ab:84:23:8a:9e:53:ee:ce:6d:23:2b:5c:ac:
                    09:16:72:80:0f:81:61:83:3f:34:14:9b:61:a4:78:
                    b9:18:7a:ed:5a:a0:d2:19:ad:a9:f5:29:53:49:f7:
                    38:9e:f3:dd:5b:29:f1:3a:a8:fa:2e:15:c4:95:57:
                    82:0e:d6:93:91:63:81:86:d7:fb:0a:43:f6:6c:0e:
                    a8:ec:14:5e:f7:88:70:29:85:44:d2:99:e7:59:3b:
                    39:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:AD:DE:FD:AD:6B:AA:C8:1F:E4:F0:0B:13:87:D1:4A:5D:49:1C:C6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.48.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:e7:4d:a3:2e:54:94:7b:21:42:3d:96:10:fc:60:b8:99:91:
         85:f6:c8:c1:a1:9f:35:05:b5:ef:51:f9:be:79:2c:83:09:49:
         df:cb:8a:ac:cb:1f:f8:62:36:ca:e3:0d:d0:13:56:1d:a1:36:
         05:72:6c:96:35:ff:a9:e7:9f:1b:0a:e9:5c:52:ae:60:e5:3b:
         1d:07:7e:09:ce:15:49:9f:bf:b2:1c:7c:17:bf:eb:d0:ea:b3:
         ad:7a:4b:43:8a:48:6c:de:1a:79:9b:6f:a5:ad:71:67:4a:68:
         f3:a8:65:c8:f0:91:86:a5:99:c9:4c:4e:1d:9a:47:5e:3d:c2:
         48:90:13:da:0b:cf:96:f6:0f:1a:45:e1:96:ad:eb:f6:59:a6:
         70:58:37:c9:20:38:b1:ef:76:d5:b3:62:15:65:84:36:5f:4c:
         e3:e5:a4:04:ee:46:39:83:82:4c:c8:de:f9:e9:b5:a9:79:57:
         75:cf:f5:d8:1e:04:79:6b:6d:43:4a:ed:09:3e:4c:b0:33:aa:
         52:2f:3a:7d:f8:94:f9:4b:17:62:ab:54:40:a1:91:09:aa:83:
         20:18:5a:5c:03:50:05:7d:a5:be:db:de:84:2a:7e:a1:ee:2e:
         45:69:89:09:4b:17:99:0a:c6:0d:e4:0b:f6:20:81:ab:ae:bf:
         d7:95:e7:f5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYOrqXB9lDY4JM9u5VlXevkjAjaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjJaFw0yNTAyMjQwODUzMjJaMDMxMTAvBgNV
BAMTKDMxQURERUZEQUQ2QkFBQzgxRkU0RjAwQjEzODdEMTRBNUQ0OTFDQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDks2fOTxj1YzFyLn4CwF/9j2g1
mMwXbF9Z8bn5TL6tsO48Acz0KZzHU/SvoQ7ORVSe3brLAE9ZWRgdA/i8E9qHqtyF
c8kfLhUqe3+NIJ7Jd7ACuiEVKIqlyQ/FAeqNrz+sdmFFoMSoCLIBkVkfaCanjWrr
YTEIXBp2jUwlPrcg4DsFy95bccHEqozcVzA49BGHg8XoEApgfCcpRUm3A+HrqZus
N+OPq4Qjip5T7s5tIytcrAkWcoAPgWGDPzQUm2GkeLkYeu1aoNIZran1KVNJ9zie
891bKfE6qPouFcSVV4IO1pORY4GG1/sKQ/ZsDqjsFF73iHAphUTSmedZOznPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMa3e/a1rqsgf5PALE4fRSl1JHMYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM5MmUzNDM4MmUzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAp8w
BDANBgkqhkiG9w0BAQsFAAOCAQEAn+dNoy5UlHshQj2WEPxguJmRhfbIwaGfNQW1
71H5vnksgwlJ38uKrMsf+GI2yuMN0BNWHaE2BXJsljX/qeefGwrpXFKuYOU7HQd+
Cc4VSZ+/shx8F7/r0OqzrXpLQ4pIbN4aeZtvpa1xZ0po86hlyPCRhqWZyUxOHZpH
Xj3CSJAT2gvPlvYPGkXhlq3r9lmmcFg3ySA4se921bNiFWWENl9M4+WkBO5GOYOC
TMje+em1qXlXdc/12B4EeWttQ0rtCT5MsDOqUi86ffiU+UsXYqtUQKGRCaqDIBha
XANQBX2lvtvehCp+oe4uRWmJCUsXmQrGDeQL9iCBq66/15Xn9Q==
-----END CERTIFICATE-----