Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
File:                     3139332e34332e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AgVS2PfEIx6R8uvyaCz2mFbyNbuShWxaFAGRWDgpOYM=
Subject key identifier:   A3:21:2A:B3:97:07:D0:D8:C8:03:8F:6D:BA:05:17:1D:C9:93:0F:E0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0E29199A70A4ED00244365CC1F3CE457074B2DAC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 09 Oct 2023 03:45:27 +0000
ROA not before:           Mon 09 Oct 2023 03:40:27 +0000
ROA not after:            Mon 07 Oct 2024 03:45:27 +0000
asID:                     834
IP address blocks:        193.43.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:29:19:9a:70:a4:ed:00:24:43:65:cc:1f:3c:e4:57:07:4b:2d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct  9 03:40:27 2023 GMT
            Not After : Oct  7 03:45:27 2024 GMT
        Subject: CN=A3212AB39707D0D8C8038F6DBA05171DC9930FE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ee:59:e7:4f:07:36:2d:5c:72:8d:02:c2:52:
                    08:c1:ff:2a:14:c3:60:69:49:cb:d9:8d:e2:97:7a:
                    cf:9e:16:eb:1d:fa:f8:ee:95:c5:c2:b7:89:00:2a:
                    fe:b4:ff:5a:52:35:96:5f:d5:1f:70:bd:26:c6:b2:
                    31:d9:60:f5:2c:f4:02:ae:94:27:77:00:19:f3:25:
                    7f:34:0f:5e:96:f4:11:16:84:c4:99:4f:b6:b4:16:
                    7b:b9:bc:2e:31:59:bb:42:03:8d:58:e4:47:66:66:
                    b3:91:71:f9:a8:e6:18:59:ba:23:54:55:4a:98:0d:
                    73:14:07:b1:e4:e2:63:74:78:8d:44:47:f1:23:3c:
                    7e:b5:ae:20:55:9d:99:94:d4:46:ef:7b:77:33:6b:
                    b1:b8:82:13:aa:88:94:a1:a3:70:d6:4f:48:0d:3a:
                    b3:16:71:b0:67:a5:3f:7c:0a:e8:35:07:43:2c:fc:
                    21:e1:e2:9a:b8:96:4c:65:4d:2f:45:56:7c:4b:5e:
                    d6:99:5c:ca:7f:fc:d3:20:e5:b8:a7:11:cc:5b:97:
                    4b:c0:cf:b9:6a:ed:6f:f1:4f:b6:c5:9a:af:d5:1e:
                    0f:b5:99:06:09:09:d7:62:96:a6:4b:55:f1:80:d9:
                    36:d5:cb:11:85:9e:25:14:a6:ad:14:7b:cc:83:0e:
                    6a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:21:2A:B3:97:07:D0:D8:C8:03:8F:6D:BA:05:17:1D:C9:93:0F:E0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:6e:d1:bd:25:6e:0e:c7:e7:56:29:17:3c:9f:ba:4b:14:df:
         b1:b5:26:48:f6:53:c9:6e:97:fd:48:6d:9a:4c:c6:58:a4:8a:
         fb:3d:a0:c9:48:8e:a4:db:88:76:e8:f1:17:38:2b:33:4d:69:
         43:b3:65:a0:28:f1:b4:a5:9d:be:92:da:ce:3f:95:09:a3:a5:
         92:8d:ff:8d:3b:80:f4:64:12:a2:d8:0a:8a:16:7a:f9:bd:77:
         55:e2:3a:a4:b4:98:9f:d2:8b:8f:5d:6e:dd:84:f9:c6:e2:d3:
         3f:ef:72:b1:33:33:57:63:d9:0e:66:87:5f:5c:6e:a0:d6:c9:
         51:f2:ad:40:1f:c9:1d:98:f5:f8:ae:76:15:15:0d:04:be:6e:
         a0:bb:bd:f3:dd:8b:67:15:29:ba:f7:f5:8d:64:93:6a:ba:ea:
         1a:72:6a:5e:80:c1:2e:5d:c5:05:84:0a:eb:27:11:85:cd:30:
         4f:9e:20:25:8c:2e:88:3f:68:b5:a8:10:36:0b:00:8d:dd:cd:
         96:65:e3:25:05:57:c0:a9:18:94:14:38:2c:f3:50:54:cd:f7:
         67:91:c8:5c:9b:16:c9:8a:4e:b2:ea:7d:3f:de:81:9f:ac:b8:
         27:1b:bc:b7:4a:bc:66:87:49:ef:e6:8e:4c:9f:88:22:5f:95:
         59:40:b5:e5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDikZmnCk7QAkQ2XMHzzkVwdLLawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMDkwMzQwMjdaFw0yNDEwMDcwMzQ1MjdaMDMxMTAvBgNV
BAMTKEEzMjEyQUIzOTcwN0QwRDhDODAzOEY2REJBMDUxNzFEQzk5MzBGRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv7lnnTwc2LVxyjQLCUgjB/yoU
w2BpScvZjeKXes+eFusd+vjulcXCt4kAKv60/1pSNZZf1R9wvSbGsjHZYPUs9AKu
lCd3ABnzJX80D16W9BEWhMSZT7a0Fnu5vC4xWbtCA41Y5EdmZrORcfmo5hhZuiNU
VUqYDXMUB7Hk4mN0eI1ER/EjPH61riBVnZmU1Ebve3cza7G4ghOqiJSho3DWT0gN
OrMWcbBnpT98Cug1B0Ms/CHh4pq4lkxlTS9FVnxLXtaZXMp//NMg5binEcxbl0vA
z7lq7W/xT7bFmq/VHg+1mQYJCddilqZLVfGA2TbVyxGFniUUpq0Ue8yDDmrDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoyEqs5cH0NjIA49tugUXHcmTD+AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzNDMzMmUzMTMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBK3cw
DQYJKoZIhvcNAQELBQADggEBAGZu0b0lbg7H51YpFzyfuksU37G1Jkj2U8lul/1I
bZpMxlikivs9oMlIjqTbiHbo8Rc4KzNNaUOzZaAo8bSlnb6S2s4/lQmjpZKN/407
gPRkEqLYCooWevm9d1XiOqS0mJ/Si49dbt2E+cbi0z/vcrEzM1dj2Q5mh19cbqDW
yVHyrUAfyR2Y9fiudhUVDQS+bqC7vfPdi2cVKbr39Y1kk2q66hpyal6AwS5dxQWE
CusnEYXNME+eICWMLog/aLWoEDYLAI3dzZZl4yUFV8CpGJQUOCzzUFTN92eRyFyb
FsmKTrLqfT/egZ+suCcbvLdKvGaHSe/mjkyfiCJflVlAteU=
-----END CERTIFICATE-----