Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
File:                     3139332e34332e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          F6MFfeB9xoqdqvAfyZakdovRcgrY193P99CPHbpkzow=
Subject key identifier:   56:A4:D1:4C:A4:92:05:F8:57:E1:4F:86:F4:7E:DA:21:67:61:75:6A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       35D3D830E743014446FB0A55C35B7FF000DF3AB4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 09 Sep 2024 04:04:46 +0000
ROA not before:           Mon 09 Sep 2024 03:59:46 +0000
ROA not after:            Mon 08 Sep 2025 04:04:46 +0000
asID:                     834
IP address blocks:        193.43.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:d3:d8:30:e7:43:01:44:46:fb:0a:55:c3:5b:7f:f0:00:df:3a:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep  9 03:59:46 2024 GMT
            Not After : Sep  8 04:04:46 2025 GMT
        Subject: CN=56A4D14CA49205F857E14F86F47EDA216761756A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:14:72:60:6f:e2:73:30:d5:0f:a6:20:d6:
                    42:c5:97:34:c5:7a:ee:60:7b:85:c5:7a:6c:69:5d:
                    01:44:da:d8:99:56:a3:21:e0:7d:1a:9d:75:b5:98:
                    1c:53:24:75:e9:c5:32:17:e3:33:fe:61:f2:d3:fb:
                    4c:e8:33:b2:b4:30:04:fe:77:e8:7b:37:28:0b:f4:
                    0a:20:c2:9a:77:cb:cf:54:28:68:5e:59:37:f9:4c:
                    de:20:9e:c5:80:1a:a7:a2:b9:eb:74:66:60:c0:91:
                    c1:1a:16:08:ab:a0:60:3d:62:8b:11:d1:aa:46:6c:
                    db:6f:10:56:df:40:49:d5:c9:00:9d:94:57:e3:4a:
                    a5:90:21:26:65:0b:be:3c:38:f2:3d:c8:02:2f:86:
                    c6:b6:49:c9:b1:32:ec:95:ec:f9:81:62:c4:be:db:
                    26:6f:94:8e:bd:aa:1a:3c:ca:e8:32:f8:22:c7:19:
                    78:4f:c1:28:4e:e7:78:da:ff:be:20:7b:53:09:04:
                    ce:26:1a:4f:39:ab:07:e7:92:a8:d1:c7:fb:09:fa:
                    3d:9b:bf:cb:29:72:ae:a7:e2:f0:4b:6b:0d:ab:49:
                    2e:00:c7:47:be:94:9e:4c:08:0e:0b:da:7a:e8:de:
                    d7:36:73:11:20:d2:01:3f:8d:a0:af:5f:2c:cd:3c:
                    58:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A4:D1:4C:A4:92:05:F8:57:E1:4F:86:F4:7E:DA:21:67:61:75:6A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e34332e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8a:dd:93:31:b9:33:2f:5e:46:f7:15:b5:6c:26:a5:78:a5:
         45:62:f8:41:ff:9c:f0:07:78:48:50:81:59:ea:ce:a6:22:5a:
         35:75:12:45:30:fd:53:8b:b2:f7:73:fd:f0:07:73:c4:3c:fd:
         b4:fe:e3:37:39:d2:9f:d6:cb:96:13:14:1a:60:4f:cc:d3:d8:
         6e:74:dd:84:bb:76:e4:ef:f3:39:d8:46:f4:75:82:96:bd:fa:
         dc:f4:5f:90:bb:4c:a6:f4:03:e2:b7:3d:a3:dd:85:5b:96:1b:
         bf:3e:42:3a:f6:bb:76:b7:0e:e3:fd:8a:d5:46:02:45:a7:54:
         cc:aa:0e:68:39:63:94:1c:c4:46:01:1a:ba:23:3f:84:7a:bf:
         46:12:38:26:a3:74:04:2c:70:ec:7e:67:dc:f2:a1:42:d2:a9:
         e4:2f:6f:5a:cd:d2:84:01:a9:5c:6a:bf:b4:1d:5c:dc:87:8b:
         fc:62:59:87:b6:4d:79:0c:57:15:ff:58:0f:20:f9:53:88:cb:
         b5:02:1a:81:b5:3d:cb:f9:e2:2b:bd:76:98:20:3f:9d:50:de:
         32:c6:37:5b:e0:7e:f8:8b:90:7f:1a:de:1d:54:ed:74:49:d1:
         26:3f:8a:e4:99:47:92:60:a6:9b:56:dc:74:b4:42:94:72:db:
         46:c4:c0:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNdPYMOdDAURG+wpVw1t/8ADfOrQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MDkwMzU5NDZaFw0yNTA5MDgwNDA0NDZaMDMxMTAvBgNV
BAMTKDU2QTREMTRDQTQ5MjA1Rjg1N0UxNEY4NkY0N0VEQTIxNjc2MTc1NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9PBRyYG/iczDVD6Yg1kLFlzTF
eu5ge4XFemxpXQFE2tiZVqMh4H0anXW1mBxTJHXpxTIX4zP+YfLT+0zoM7K0MAT+
d+h7NygL9Aogwpp3y89UKGheWTf5TN4gnsWAGqeiuet0ZmDAkcEaFgiroGA9YosR
0apGbNtvEFbfQEnVyQCdlFfjSqWQISZlC748OPI9yAIvhsa2ScmxMuyV7PmBYsS+
2yZvlI69qho8yugy+CLHGXhPwShO53ja/74ge1MJBM4mGk85qwfnkqjRx/sJ+j2b
v8spcq6n4vBLaw2rSS4Ax0e+lJ5MCA4L2nro3tc2cxEg0gE/jaCvXyzNPFhNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVqTRTKSSBfhX4U+G9H7aIWdhdWowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzNDMzMmUzMTMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBK3cw
DQYJKoZIhvcNAQELBQADggEBAIaK3ZMxuTMvXkb3FbVsJqV4pUVi+EH/nPAHeEhQ
gVnqzqYiWjV1EkUw/VOLsvdz/fAHc8Q8/bT+4zc50p/Wy5YTFBpgT8zT2G503YS7
duTv8znYRvR1gpa9+tz0X5C7TKb0A+K3PaPdhVuWG78+Qjr2u3a3DuP9itVGAkWn
VMyqDmg5Y5QcxEYBGrojP4R6v0YSOCajdAQscOx+Z9zyoULSqeQvb1rN0oQBqVxq
v7QdXNyHi/xiWYe2TXkMVxX/WA8g+VOIy7UCGoG1Pcv54iu9dpggP51Q3jLGN1vg
fviLkH8a3h1U7XRJ0SY/iuSZR5JgpptW3HS0QpRy20bEwLU=
-----END CERTIFICATE-----