Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa
File:                     3139332e34322e312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          ZSy7hxh+zqFeMzSfrrJSiRaN5qeyDU4D2zLKCnSO/lc=
Subject key identifier:   82:C0:55:3E:3B:2E:8B:59:1D:E5:A0:BF:B3:4B:39:86:17:71:A3:85
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       72C0F6B277508FC113F9B2D062D507B1DDA9E549
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 27 Jan 2025 09:45:22 +0000
ROA not before:           Mon 27 Jan 2025 09:40:22 +0000
ROA not after:            Mon 26 Jan 2026 09:45:22 +0000
asID:                     136787
IP address blocks:        193.42.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:c0:f6:b2:77:50:8f:c1:13:f9:b2:d0:62:d5:07:b1:dd:a9:e5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:22 2025 GMT
            Not After : Jan 26 09:45:22 2026 GMT
        Subject: CN=82C0553E3B2E8B591DE5A0BFB34B39861771A385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c5:7b:4e:de:d7:92:5c:fd:cc:e1:c1:eb:6b:
                    62:51:9a:39:33:41:e4:14:c1:73:b2:87:e7:e0:43:
                    2c:26:f4:6d:21:f4:24:50:fc:73:8e:a9:d1:70:b5:
                    36:fb:2a:51:24:e0:de:92:85:e0:25:c5:4b:75:ee:
                    5a:85:73:7c:e0:46:b0:1b:d8:c5:b1:ca:0f:35:2c:
                    73:d9:94:4e:2b:88:fa:81:79:ae:d9:62:ec:c4:44:
                    e3:b6:58:96:f6:09:55:2d:eb:be:6d:fd:79:df:a9:
                    5b:ae:33:29:f4:b0:e4:8a:ef:46:dc:53:b8:dd:bf:
                    d1:93:06:7a:db:c3:54:5c:80:be:16:13:39:7f:f6:
                    61:3d:5e:21:ea:73:b1:7f:85:6b:e7:1a:cf:dd:50:
                    34:8d:66:af:14:00:83:35:7c:8e:b5:b8:81:42:e6:
                    98:27:a7:a3:49:68:20:95:1e:c4:79:b9:47:51:44:
                    b7:24:ef:ab:06:0f:d1:58:2b:04:ec:6f:46:bb:6f:
                    e3:71:ee:d3:11:cf:2c:3a:92:c2:1f:6f:e3:c8:f0:
                    fe:82:41:fa:49:37:5a:86:de:c0:d1:76:2a:a8:72:
                    38:48:b8:d1:5e:0d:85:95:07:9a:1f:c5:4d:d6:33:
                    44:b5:05:fc:e0:3f:df:cb:50:33:81:5c:ca:49:22:
                    29:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C0:55:3E:3B:2E:8B:59:1D:E5:A0:BF:B3:4B:39:86:17:71:A3:85
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ae:cb:b4:03:8c:58:b9:8e:18:43:02:ef:5f:ed:c9:eb:0c:
         5c:54:57:aa:c0:0e:b3:2e:9c:ca:97:fe:27:d6:6c:a9:a4:c3:
         05:ba:e6:55:39:65:2d:7c:57:d4:23:15:08:8a:86:ca:30:3e:
         c4:43:63:dc:1a:b7:cd:07:bf:b6:62:92:bc:a3:ce:94:6b:35:
         e8:ed:6c:c3:a9:93:16:4c:5b:ba:78:92:1c:52:d7:1d:12:1e:
         27:36:29:93:68:49:a6:37:e5:34:4f:db:96:a8:11:4f:51:f6:
         3a:b7:f6:bb:25:9a:95:18:b2:05:aa:51:c9:c9:cd:44:21:9b:
         d2:80:61:b6:36:46:6a:c2:20:fd:e4:15:2e:68:08:76:36:70:
         e6:91:df:87:63:83:a2:f6:3e:cb:0b:cd:7d:45:c6:2a:3f:4a:
         3a:dd:80:34:26:fd:9e:7e:9e:b4:86:d0:76:b6:4c:f4:43:c0:
         5f:fc:19:1b:17:3b:e8:79:08:58:01:64:c3:71:9a:d2:df:61:
         db:d6:1a:95:a1:c0:88:1b:5a:04:0e:72:cf:2a:a6:5b:7d:f9:
         59:07:2f:63:0c:9b:77:b7:ae:24:25:a5:a1:f7:27:e2:a6:11:
         6d:9f:81:7c:43:56:b5:41:fd:c8:2a:50:7f:e2:9e:09:b8:bf:
         8a:ca:0c:a3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcsD2sndQj8ET+bLQYtUHsd2p5UkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMjJaFw0yNjAxMjYwOTQ1MjJaMDMxMTAvBgNV
BAMTKDgyQzA1NTNFM0IyRThCNTkxREU1QTBCRkIzNEIzOTg2MTc3MUEzODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7xXtO3teSXP3M4cHra2JRmjkz
QeQUwXOyh+fgQywm9G0h9CRQ/HOOqdFwtTb7KlEk4N6SheAlxUt17lqFc3zgRrAb
2MWxyg81LHPZlE4riPqBea7ZYuzEROO2WJb2CVUt675t/XnfqVuuMyn0sOSK70bc
U7jdv9GTBnrbw1RcgL4WEzl/9mE9XiHqc7F/hWvnGs/dUDSNZq8UAIM1fI61uIFC
5pgnp6NJaCCVHsR5uUdRRLck76sGD9FYKwTsb0a7b+Nx7tMRzyw6ksIfb+PI8P6C
QfpJN1qG3sDRdiqocjhIuNFeDYWVB5ofxU3WM0S1BfzgP9/LUDOBXMpJIinLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgsBVPjsui1kd5aC/s0s5hhdxo4UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzNDMyMmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEq
ATANBgkqhkiG9w0BAQsFAAOCAQEAPq7LtAOMWLmOGEMC71/tyesMXFRXqsAOsy6c
ypf+J9ZsqaTDBbrmVTllLXxX1CMVCIqGyjA+xENj3Bq3zQe/tmKSvKPOlGs16O1s
w6mTFkxbuniSHFLXHRIeJzYpk2hJpjflNE/blqgRT1H2Orf2uyWalRiyBapRycnN
RCGb0oBhtjZGasIg/eQVLmgIdjZw5pHfh2ODovY+ywvNfUXGKj9KOt2ANCb9nn6e
tIbQdrZM9EPAX/wZGxc76HkIWAFkw3Ga0t9h29YalaHAiBtaBA5yzyqmW335WQcv
Ywybd7euJCWlofcn4qYRbZ+BfENWtUH9yCpQf+KeCbi/isoMow==
-----END CERTIFICATE-----