Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203632323430.roa
File:                     3135392e34382e35332e302f32342d3332203d3e203632323430.roa (raw, json)
Hash identifier:          BkX74ok/rF3008qSo53zdWeVgDfZHhE/nxo8K3cD1Dw=
Subject key identifier:   B2:37:31:3F:A3:84:B9:D4:E5:D4:45:6B:82:CC:F7:9A:18:5E:A0:C3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       153DB43EFC8372466F896A6775C3184FD6FD3727
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203632323430.roa
Signing time:             Mon 26 Feb 2024 08:52:59 +0000
ROA not before:           Mon 26 Feb 2024 08:47:59 +0000
ROA not after:            Mon 24 Feb 2025 08:52:59 +0000
asID:                     62240
IP address blocks:        159.48.53.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:3d:b4:3e:fc:83:72:46:6f:89:6a:67:75:c3:18:4f:d6:fd:37:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:47:59 2024 GMT
            Not After : Feb 24 08:52:59 2025 GMT
        Subject: CN=B237313FA384B9D4E5D4456B82CCF79A185EA0C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8f:0c:10:d5:94:a8:1f:23:33:53:92:4d:c9:
                    73:a3:f4:ae:a4:5e:64:86:05:f3:b6:ea:65:a0:7a:
                    a0:86:bf:0f:5b:94:a1:fc:7c:10:8b:ec:7b:e3:6d:
                    d0:0f:2b:77:2c:2a:cf:95:9f:d8:7f:fc:5c:e5:13:
                    f8:5f:a2:01:a9:46:23:64:b4:80:15:07:9e:6e:96:
                    2a:04:77:fd:12:0a:66:e9:b5:81:ba:9c:41:56:d2:
                    ff:a7:5c:2a:4f:db:c1:9a:86:d0:65:24:ff:ed:63:
                    fc:4e:13:d9:82:0a:9e:59:3c:d0:89:5a:16:a6:f7:
                    c0:69:c9:13:12:98:ea:3c:ba:a8:28:4b:09:ef:1f:
                    e7:a5:27:0a:fd:66:f7:1d:38:1a:b6:ac:70:89:e2:
                    86:af:eb:7e:d7:1f:04:1b:46:0b:04:f3:20:02:a3:
                    7f:41:eb:79:e8:37:6f:4e:54:04:64:fc:63:5d:cb:
                    be:0e:88:6e:ad:0f:df:67:66:dd:6d:40:d8:25:3a:
                    74:35:87:97:1a:8b:5d:6f:12:05:01:2d:02:7b:b6:
                    bd:f4:e2:dd:4c:ee:11:7e:ef:88:13:c3:df:33:c1:
                    63:45:81:a5:b5:4f:e5:97:80:a4:1b:ab:f6:fd:1d:
                    38:86:c2:ee:25:1e:e4:58:c4:a3:6c:7f:7a:23:81:
                    4c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:37:31:3F:A3:84:B9:D4:E5:D4:45:6B:82:CC:F7:9A:18:5E:A0:C3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.48.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:04:83:2c:aa:b0:8e:c1:c9:04:5c:c8:42:87:c3:39:81:f9:
         96:69:bc:00:71:2f:69:77:0d:f5:8a:e4:8c:28:64:b4:e4:cc:
         29:f7:14:bb:1b:bc:c5:c8:49:cc:e9:c2:d8:7c:4d:c3:1a:b7:
         34:85:be:2d:cd:50:00:09:dd:11:40:07:43:10:b4:aa:5e:2c:
         74:92:b8:16:9e:ef:da:36:c1:73:12:83:f3:e9:83:0c:84:b6:
         d2:23:4f:46:bd:6b:f1:67:09:e3:3e:43:c2:8e:21:ad:87:d4:
         bf:f8:2f:6b:ef:0e:1e:95:ba:43:23:15:9c:9d:ba:03:a0:19:
         34:b5:03:8c:d4:b8:13:13:08:c0:36:38:ff:f8:3b:ca:a5:b1:
         d6:94:73:61:3d:be:a8:f8:aa:54:ef:fb:91:c1:d5:0a:da:5c:
         2d:0b:15:32:e2:2d:c5:93:27:17:96:fe:6f:fd:6e:b9:ef:d2:
         8e:76:c4:ce:eb:85:b9:a4:f9:5d:a8:fb:d3:9e:60:60:92:6f:
         8c:e8:96:5a:20:a4:f2:6d:37:16:14:ee:62:2a:ee:5b:2e:b7:
         7c:35:b3:68:af:47:d1:13:99:ad:bb:44:04:fc:43:23:7b:2b:
         71:df:ce:23:ec:93:85:da:87:27:5b:07:25:5a:86:93:05:f7:
         27:93:99:ef
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFT20PvyDckZviWpndcMYT9b9NycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ3NTlaFw0yNTAyMjQwODUyNTlaMDMxMTAvBgNV
BAMTKEIyMzczMTNGQTM4NEI5RDRFNUQ0NDU2QjgyQ0NGNzlBMTg1RUEwQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDojwwQ1ZSoHyMzU5JNyXOj9K6k
XmSGBfO26mWgeqCGvw9blKH8fBCL7HvjbdAPK3csKs+Vn9h//FzlE/hfogGpRiNk
tIAVB55ulioEd/0SCmbptYG6nEFW0v+nXCpP28GahtBlJP/tY/xOE9mCCp5ZPNCJ
Wham98BpyRMSmOo8uqgoSwnvH+elJwr9ZvcdOBq2rHCJ4oav637XHwQbRgsE8yAC
o39B63noN29OVARk/GNdy74OiG6tD99nZt1tQNglOnQ1h5cai11vEgUBLQJ7tr30
4t1M7hF+74gTw98zwWNFgaW1T+WXgKQbq/b9HTiGwu4lHuRYxKNsf3ojgUzZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsjcxP6OEudTl1EVrgsz3mhheoMMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM5MmUzNDM4MmUzNTMz
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ8w
NTANBgkqhkiG9w0BAQsFAAOCAQEAJQSDLKqwjsHJBFzIQofDOYH5lmm8AHEvaXcN
9YrkjChktOTMKfcUuxu8xchJzOnC2HxNwxq3NIW+Lc1QAAndEUAHQxC0ql4sdJK4
Fp7v2jbBcxKD8+mDDIS20iNPRr1r8WcJ4z5Dwo4hrYfUv/gva+8OHpW6QyMVnJ26
A6AZNLUDjNS4ExMIwDY4//g7yqWx1pRzYT2+qPiqVO/7kcHVCtpcLQsVMuItxZMn
F5b+b/1uue/SjnbEzuuFuaT5Xaj7055gYJJvjOiWWiCk8m03FhTuYiruWy63fDWz
aK9H0ROZrbtEBPxDI3srcd/OI+yThdqHJ1sHJVqGkwX3J5OZ7w==
-----END CERTIFICATE-----