Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa
File:                     3135392e34382e342e302f32322d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          2UE+P2TLBzdICKiuRrCDHnt6ckeum8Lp5hqF4eU1Vps=
Subject key identifier:   83:B5:0A:7A:EB:7B:52:88:7C:62:78:1C:95:37:A0:0E:9F:D5:C2:32
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       39C36BC5B056052DE95F6719B5AD9EEB6A73C311
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa
Signing time:             Mon 27 Jan 2025 09:44:58 +0000
ROA not before:           Mon 27 Jan 2025 09:39:58 +0000
ROA not after:            Mon 26 Jan 2026 09:44:58 +0000
asID:                     204170
IP address blocks:        159.48.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c3:6b:c5:b0:56:05:2d:e9:5f:67:19:b5:ad:9e:eb:6a:73:c3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:39:58 2025 GMT
            Not After : Jan 26 09:44:58 2026 GMT
        Subject: CN=83B50A7AEB7B52887C62781C9537A00E9FD5C232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c1:ba:ba:9d:57:aa:f5:06:b1:c8:39:5a:e9:
                    52:c6:ce:ba:da:b8:21:06:8c:e0:e6:d8:3b:b4:50:
                    f5:3a:1d:56:55:59:1b:c3:24:73:c4:08:d6:5f:e0:
                    fd:e0:ca:1b:dd:4f:e5:9b:ba:0e:52:10:35:8a:6d:
                    1b:16:b1:c8:09:83:e8:cf:2e:dd:91:7d:4e:aa:4d:
                    47:51:cc:ca:8d:a9:2d:47:ec:85:ac:82:26:ad:04:
                    b4:b6:ab:ff:40:ea:47:d4:2d:b6:cd:c7:80:15:e6:
                    7d:89:2c:b3:98:d6:48:63:93:ee:15:92:c8:70:29:
                    57:88:62:fe:38:36:e8:7a:6c:d6:3a:bd:b2:d3:bb:
                    58:43:54:13:0f:7d:9e:2c:33:08:84:5e:4f:96:ad:
                    fd:72:dd:e6:27:ab:e1:ce:13:e9:d0:75:3c:52:60:
                    4f:0a:8b:06:51:f2:4d:26:06:4a:d2:f4:5f:b2:c2:
                    5a:3a:a8:23:f6:2d:33:7d:da:33:e7:56:d8:e8:2b:
                    10:a6:b6:28:df:81:29:21:d2:dd:c3:6c:ab:73:86:
                    f9:f2:22:09:95:ac:78:00:d6:75:a1:fa:fa:bb:9d:
                    ba:d6:a0:81:21:01:70:a4:06:94:de:11:ff:1d:2c:
                    73:b1:42:1d:e6:7b:e8:6b:7c:68:94:6c:cf:93:9e:
                    a7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B5:0A:7A:EB:7B:52:88:7C:62:78:1C:95:37:A0:0E:9F:D5:C2:32
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e342e302f32322d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.48.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:84:eb:02:31:5b:83:58:92:de:a5:70:91:cf:81:fc:87:f3:
         9a:2d:e4:7d:86:8f:06:83:a0:b2:33:70:85:a1:fa:13:4e:8b:
         dd:03:bd:4e:51:c2:f0:19:91:fc:a8:66:57:f6:78:4d:16:69:
         ed:d6:50:c6:cc:88:d5:e2:36:f6:0f:c3:20:b5:c2:ff:d1:e7:
         47:4a:4a:4f:d6:00:4c:ce:81:4d:6e:83:34:6d:3c:a5:3a:6e:
         7f:9f:47:87:6e:d4:55:4e:d7:13:58:df:ab:a3:7d:7d:f5:c5:
         9c:f0:a3:a1:bd:0e:ab:ad:e5:ea:f6:8d:c1:a6:83:18:2d:6a:
         94:b4:fe:a4:82:2a:34:89:bc:2d:e9:d4:d2:83:50:09:49:fd:
         9e:56:db:44:d9:3d:b8:ed:33:de:97:10:bf:5c:03:52:23:f7:
         88:6b:fd:87:7e:2b:48:88:cf:6a:42:4e:87:da:d8:2a:d0:08:
         57:c8:2d:bf:8f:31:2f:c3:58:b4:52:38:b8:e5:49:92:31:2a:
         4d:9f:bc:0c:78:83:73:43:21:8b:f0:1e:6e:80:e2:46:8f:ac:
         c0:97:6c:3e:8a:1a:ce:85:38:f1:34:c0:b4:ed:ed:f7:31:44:
         8a:ad:91:a6:15:19:40:57:30:72:39:e8:af:0c:14:c4:be:9a:
         a2:30:97:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOcNrxbBWBS3pX2cZta2e62pzwxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTM5NThaFw0yNjAxMjYwOTQ0NThaMDMxMTAvBgNV
BAMTKDgzQjUwQTdBRUI3QjUyODg3QzYyNzgxQzk1MzdBMDBFOUZENUMyMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDewbq6nVeq9QaxyDla6VLGzrra
uCEGjODm2Du0UPU6HVZVWRvDJHPECNZf4P3gyhvdT+Wbug5SEDWKbRsWscgJg+jP
Lt2RfU6qTUdRzMqNqS1H7IWsgiatBLS2q/9A6kfULbbNx4AV5n2JLLOY1khjk+4V
kshwKVeIYv44Nuh6bNY6vbLTu1hDVBMPfZ4sMwiEXk+Wrf1y3eYnq+HOE+nQdTxS
YE8KiwZR8k0mBkrS9F+ywlo6qCP2LTN92jPnVtjoKxCmtijfgSkh0t3DbKtzhvny
IgmVrHgA1nWh+vq7nbrWoIEhAXCkBpTeEf8dLHOxQh3me+hrfGiUbM+TnqelAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUg7UKeut7Uoh8YngclTegDp/VwjIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM5MmUzNDM4MmUzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAp8w
BDANBgkqhkiG9w0BAQsFAAOCAQEAd4TrAjFbg1iS3qVwkc+B/Ifzmi3kfYaPBoOg
sjNwhaH6E06L3QO9TlHC8BmR/KhmV/Z4TRZp7dZQxsyI1eI29g/DILXC/9HnR0pK
T9YATM6BTW6DNG08pTpuf59Hh27UVU7XE1jfq6N9ffXFnPCjob0Oq63l6vaNwaaD
GC1qlLT+pIIqNIm8LenU0oNQCUn9nlbbRNk9uO0z3pcQv1wDUiP3iGv9h34rSIjP
akJOh9rYKtAIV8gtv48xL8NYtFI4uOVJkjEqTZ+8DHiDc0Mhi/AeboDiRo+swJds
PooazoU48TTAtO3t9zFEiq2RphUZQFcwcjnorwwUxL6aojCXVw==
-----END CERTIFICATE-----