Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33322e302f32342d3234203d3e20313336373837.roa
File:                     3139332e392e33322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          w1H6tFmpOkDeDJvfQhqQjOQPwyKMzpAJ1CGArmF+d5o=
Subject key identifier:   4B:77:7B:A6:2E:14:1F:5C:CD:E1:0F:17:10:26:78:9B:94:EC:A6:62
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       02BD87142AA996F4FC3F1FF6104D86A7C490AF82
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33322e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 26 Jan 2024 19:02:23 +0000
ROA not before:           Fri 26 Jan 2024 18:57:23 +0000
ROA not after:            Fri 24 Jan 2025 19:02:23 +0000
asID:                     136787
IP address blocks:        193.9.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:bd:87:14:2a:a9:96:f4:fc:3f:1f:f6:10:4d:86:a7:c4:90:af:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 18:57:23 2024 GMT
            Not After : Jan 24 19:02:23 2025 GMT
        Subject: CN=4B777BA62E141F5CCDE10F171026789B94ECA662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:09:2f:e4:86:50:41:cd:5b:4d:63:d3:ff:7b:
                    77:09:40:a1:9e:90:8b:a7:9f:0e:3e:d6:7d:fe:2e:
                    45:38:e3:6d:5c:b5:7d:86:53:56:79:33:6f:a3:1a:
                    e0:4f:6a:e9:d0:60:25:3c:21:ef:dd:97:33:75:af:
                    a4:bf:fa:c8:de:dd:00:60:ff:4f:30:fc:60:37:16:
                    ec:1d:fd:23:ba:59:77:2e:f6:a7:e0:65:62:c7:e8:
                    a9:cb:c1:db:19:eb:65:98:10:d8:aa:59:15:dc:e1:
                    c9:22:eb:7c:56:c5:fe:5d:68:0b:f1:06:14:ed:27:
                    39:f1:31:b0:5c:73:5c:f5:99:c1:d2:2b:92:2a:44:
                    06:14:f3:64:40:7d:fb:0a:24:1e:9d:9e:a4:38:f1:
                    a4:99:b1:41:b7:49:8e:4d:bc:cf:d9:0c:81:4e:a1:
                    a1:4f:8a:0f:69:84:75:6e:09:96:68:2a:a3:15:d4:
                    4d:4a:80:65:ff:70:d4:26:da:af:3b:0c:d2:b1:b2:
                    97:a5:63:8b:19:3b:3c:2d:d1:01:bc:1e:a8:dd:ff:
                    e3:be:b4:9f:fd:e6:b4:82:06:89:f7:0a:42:8d:58:
                    f3:29:96:5b:f4:59:92:79:d6:6e:f0:61:2e:c4:9b:
                    c4:03:a9:12:72:d2:c1:77:a7:91:e7:24:64:d7:90:
                    6d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:77:7B:A6:2E:14:1F:5C:CD:E1:0F:17:10:26:78:9B:94:EC:A6:62
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:3f:34:f9:e1:6d:5c:c3:f1:17:d4:38:e9:a3:76:91:c7:24:
         b2:37:b7:d0:33:53:d2:19:3d:07:21:65:30:99:66:c8:79:be:
         f9:e1:31:50:d6:17:99:e7:ea:2c:fa:d0:54:de:cf:53:00:51:
         e4:8f:61:ca:20:12:10:6f:6a:73:3f:8e:c4:3d:66:36:4a:cc:
         51:1d:b1:30:1c:4d:94:a1:e4:ee:44:b9:14:d4:05:c6:1b:5e:
         6a:d9:87:41:0c:00:4b:d8:28:5c:dc:d6:c2:55:5a:15:57:60:
         f1:08:27:85:92:3d:31:bc:db:da:ba:95:0c:ca:e5:99:c7:37:
         de:63:2d:7e:c2:c6:83:13:ac:b4:c6:2c:13:c6:c2:ac:8f:c6:
         9a:43:15:5a:08:24:97:84:e3:a8:88:cc:87:0a:93:9d:36:9e:
         66:88:ab:30:9f:f3:eb:03:47:de:37:c1:4b:61:36:a9:b8:e4:
         07:0d:da:6b:ef:34:b4:e3:51:9d:b4:19:97:e5:23:57:7d:60:
         f7:cc:a7:f7:79:cf:c6:c3:d3:dd:2d:48:f1:b2:72:2c:22:35:
         77:39:ff:20:f3:fd:d9:ba:56:f3:93:5e:04:df:0f:81:ba:17:
         5d:b3:21:99:fa:e3:d7:39:6c:bf:8c:a4:fc:07:e1:02:39:c6:
         24:ed:a0:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAr2HFCqplvT8Px/2EE2Gp8SQr4IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMjYxODU3MjNaFw0yNTAxMjQxOTAyMjNaMDMxMTAvBgNV
BAMTKDRCNzc3QkE2MkUxNDFGNUNDREUxMEYxNzEwMjY3ODlCOTRFQ0E2NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtCS/khlBBzVtNY9P/e3cJQKGe
kIunnw4+1n3+LkU4421ctX2GU1Z5M2+jGuBPaunQYCU8Ie/dlzN1r6S/+sje3QBg
/08w/GA3Fuwd/SO6WXcu9qfgZWLH6KnLwdsZ62WYENiqWRXc4cki63xWxf5daAvx
BhTtJznxMbBcc1z1mcHSK5IqRAYU82RAffsKJB6dnqQ48aSZsUG3SY5NvM/ZDIFO
oaFPig9phHVuCZZoKqMV1E1KgGX/cNQm2q87DNKxspelY4sZOzwt0QG8Hqjd/+O+
tJ/95rSCBon3CkKNWPMpllv0WZJ51m7wYS7Em8QDqRJy0sF3p5HnJGTXkG15AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUS3d7pi4UH1zN4Q8XECZ4m5TspmIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzOTJlMzMzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEJ
IDANBgkqhkiG9w0BAQsFAAOCAQEAnz80+eFtXMPxF9Q46aN2kccksje30DNT0hk9
ByFlMJlmyHm++eExUNYXmefqLPrQVN7PUwBR5I9hyiASEG9qcz+OxD1mNkrMUR2x
MBxNlKHk7kS5FNQFxhteatmHQQwAS9goXNzWwlVaFVdg8QgnhZI9Mbzb2rqVDMrl
mcc33mMtfsLGgxOstMYsE8bCrI/GmkMVWggkl4TjqIjMhwqTnTaeZoirMJ/z6wNH
3jfBS2E2qbjkBw3aa+80tONRnbQZl+UjV31g98yn93nPxsPT3S1I8bJyLCI1dzn/
IPP92bpW85NeBN8PgboXXbMhmfrj1zlsv4yk/AfhAjnGJO2gLA==
-----END CERTIFICATE-----