Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa
File:                     3139332e34322e312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          GAd6Scfj8aBOrsETM9MU/7ZF8/Y5+jAy/XjmmMfv4Tc=
Subject key identifier:   EB:72:6C:A5:0A:58:10:E7:94:E0:37:C3:EA:66:4B:4D:0B:DD:6E:A6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       695B03FF77AB6B82EB7CA0A985C038A42FDFA947
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:12 +0000
ROA not before:           Mon 26 Feb 2024 08:48:12 +0000
ROA not after:            Mon 24 Feb 2025 08:53:12 +0000
asID:                     136787
IP address blocks:        193.42.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:5b:03:ff:77:ab:6b:82:eb:7c:a0:a9:85:c0:38:a4:2f:df:a9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:12 2024 GMT
            Not After : Feb 24 08:53:12 2025 GMT
        Subject: CN=EB726CA50A5810E794E037C3EA664B4D0BDD6EA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d9:1a:6b:46:31:58:74:51:cf:42:0d:50:3f:
                    8a:06:a6:14:6b:42:d8:aa:98:c0:e0:cd:82:93:42:
                    dd:a0:b1:a1:4b:50:d0:d2:d1:84:91:58:e0:4d:7a:
                    66:d4:a1:1a:1d:f0:6b:77:6e:54:f5:2c:cb:e1:1a:
                    bf:ba:df:b2:3c:79:eb:3b:b6:9a:45:17:75:b3:ef:
                    cb:9f:69:2c:35:cc:32:36:6c:f2:2a:fc:9c:11:d4:
                    2f:c3:35:24:d4:32:9a:e2:5b:f0:99:bb:f6:93:01:
                    98:e0:7d:12:2a:8a:c0:22:8b:92:4f:32:b0:ff:7c:
                    ea:89:1d:c0:ea:d9:60:58:58:cd:86:7a:cb:b5:ae:
                    d7:57:cd:ab:16:03:d4:3b:a7:29:8b:61:bb:95:4d:
                    35:6e:fc:1a:cb:2d:87:90:cd:4c:16:4e:2f:f6:fc:
                    42:64:70:b3:0a:29:46:5f:45:71:20:ee:5e:2c:1d:
                    5d:75:e8:b6:9e:a1:95:34:54:4a:54:37:65:cf:54:
                    81:24:1c:7e:d8:a7:b3:1d:55:94:a8:e4:cd:d6:37:
                    e7:ef:35:ec:71:4c:ef:11:a6:af:e0:1f:63:61:68:
                    cb:60:4d:fd:7d:7f:0e:80:be:80:07:29:d8:36:3c:
                    41:81:e7:0f:57:02:6a:2c:e9:71:96:3f:c4:56:b1:
                    1e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:72:6C:A5:0A:58:10:E7:94:E0:37:C3:EA:66:4B:4D:0B:DD:6E:A6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34322e312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:d6:89:08:cf:1a:d6:2c:25:7d:0d:80:03:c9:b1:1b:6d:9f:
         99:00:af:0c:64:07:32:d9:64:aa:2e:2c:93:38:9a:b5:b4:41:
         96:74:2e:9f:36:7e:bc:b5:b2:07:2b:78:e1:b4:cc:30:0f:cf:
         64:e3:cf:b4:62:f9:05:b6:e1:7e:fe:17:30:50:fb:5c:37:93:
         e4:b6:18:b2:aa:44:6c:7e:0d:2b:68:ed:a8:de:1f:25:e1:5a:
         f9:aa:2a:0b:db:71:84:74:62:72:1d:9e:a3:d6:5b:f3:99:74:
         84:be:34:c9:18:00:1f:5a:bf:19:3a:70:5f:05:42:b1:4d:18:
         67:da:db:c1:78:db:87:11:5e:fe:c0:ca:57:21:04:c2:12:95:
         a8:d9:8c:67:ec:e5:37:b6:90:c3:35:fd:e2:37:f9:e2:ae:69:
         46:6d:97:81:5c:0b:46:9e:bd:06:16:a9:12:d4:d7:de:66:02:
         c6:fc:f2:cf:b5:05:6b:8d:15:f0:f4:1d:d5:69:41:92:65:3c:
         dc:a5:bc:d1:41:df:fc:c7:c0:b8:1f:c3:a6:16:64:1f:00:0a:
         f3:21:1e:ab:74:fc:78:bf:79:f8:69:f4:bd:0d:87:32:aa:4b:
         7b:91:8e:29:7b:b1:59:e2:04:76:0a:3e:4c:79:66:90:07:df:
         47:a4:59:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaVsD/3era4LrfKCphcA4pC/fqUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTJaFw0yNTAyMjQwODUzMTJaMDMxMTAvBgNV
BAMTKEVCNzI2Q0E1MEE1ODEwRTc5NEUwMzdDM0VBNjY0QjREMEJERDZFQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc2RprRjFYdFHPQg1QP4oGphRr
QtiqmMDgzYKTQt2gsaFLUNDS0YSRWOBNembUoRod8Gt3blT1LMvhGr+637I8ees7
tppFF3Wz78ufaSw1zDI2bPIq/JwR1C/DNSTUMpriW/CZu/aTAZjgfRIqisAii5JP
MrD/fOqJHcDq2WBYWM2Gesu1rtdXzasWA9Q7pymLYbuVTTVu/BrLLYeQzUwWTi/2
/EJkcLMKKUZfRXEg7l4sHV116LaeoZU0VEpUN2XPVIEkHH7Yp7MdVZSo5M3WN+fv
NexxTO8Rpq/gH2NhaMtgTf19fw6AvoAHKdg2PEGB5w9XAmos6XGWP8RWsR4JAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU63JspQpYEOeU4DfD6mZLTQvdbqYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzNDMyMmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEq
ATANBgkqhkiG9w0BAQsFAAOCAQEAX9aJCM8a1iwlfQ2AA8mxG22fmQCvDGQHMtlk
qi4skziatbRBlnQunzZ+vLWyByt44bTMMA/PZOPPtGL5Bbbhfv4XMFD7XDeT5LYY
sqpEbH4NK2jtqN4fJeFa+aoqC9txhHRich2eo9Zb85l0hL40yRgAH1q/GTpwXwVC
sU0YZ9rbwXjbhxFe/sDKVyEEwhKVqNmMZ+zlN7aQwzX94jf54q5pRm2XgVwLRp69
BhapEtTX3mYCxvzyz7UFa40V8PQd1WlBkmU83KW80UHf/MfAuB/DphZkHwAK8yEe
q3T8eL95+Gn0vQ2HMqpLe5GOKXuxWeIEdgo+THlmkAffR6RZEg==
-----END CERTIFICATE-----