Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa
File:                     3139332e392e33342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          S1gW/GAAwUh97OHugElh58WIuHV4D3YlqgZemJn2jnM=
Subject key identifier:   3F:CE:F1:95:97:C3:75:BB:80:C0:86:69:8C:FA:A0:07:BD:4E:74:03
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6794CC53FAE9212EAD566B5D38F4C97ABE506DA8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 27 Dec 2024 19:44:36 +0000
ROA not before:           Fri 27 Dec 2024 19:39:36 +0000
ROA not after:            Fri 26 Dec 2025 19:44:36 +0000
asID:                     136787
IP address blocks:        193.9.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:94:cc:53:fa:e9:21:2e:ad:56:6b:5d:38:f4:c9:7a:be:50:6d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 27 19:39:36 2024 GMT
            Not After : Dec 26 19:44:36 2025 GMT
        Subject: CN=3FCEF19597C375BB80C086698CFAA007BD4E7403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:99:08:54:6a:4e:2a:99:d9:3c:cd:95:76:75:
                    48:f6:b7:1e:62:8d:8b:6d:7f:09:5c:41:38:7a:27:
                    a2:dc:ec:4f:7f:cf:3f:47:8e:30:91:79:d4:65:8b:
                    91:1a:2d:3c:67:38:d8:32:a8:67:44:eb:3c:a2:6b:
                    79:d7:73:4a:59:2c:81:46:b7:d6:56:d8:c5:15:4d:
                    f6:43:11:aa:00:e0:61:3a:a4:82:36:8a:56:8f:c9:
                    d5:16:92:1e:32:61:d3:2d:e1:43:59:04:3c:27:a2:
                    84:9e:db:aa:e5:9e:61:24:4d:33:3e:74:76:2a:50:
                    42:9f:b9:56:23:9c:99:a1:a7:a7:b5:76:78:f1:88:
                    4f:4e:cd:4b:fb:de:4c:2b:d4:5d:a0:0e:f5:e5:c0:
                    21:4a:9e:3a:fe:f7:0d:9d:a5:3e:dd:56:9c:51:1b:
                    cb:34:06:9e:50:52:ba:6d:38:68:24:d7:09:cb:8f:
                    ee:2b:d2:d2:25:e4:9c:e1:af:47:ed:35:93:b3:52:
                    24:92:af:fa:41:80:4a:93:d4:3d:d0:f8:32:2b:f9:
                    48:37:c1:7c:8b:37:db:e9:ff:92:a5:12:a9:14:8e:
                    b5:9d:a1:b0:a2:4b:e9:8a:ef:aa:23:4a:d9:08:6c:
                    6e:24:9c:9e:74:36:ed:2a:57:3b:1c:0e:3b:86:97:
                    b9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CE:F1:95:97:C3:75:BB:80:C0:86:69:8C:FA:A0:07:BD:4E:74:03
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:81:c8:a2:59:23:fb:3d:5f:b6:3f:32:ae:d7:52:10:c0:fa:
         ce:9c:9f:6e:8a:cc:ae:eb:b9:a9:b9:03:db:2f:54:4c:bb:d1:
         f7:da:7d:b9:4d:33:ea:bf:c3:fc:27:ea:4f:3b:42:f6:54:c3:
         2c:e4:1d:f8:aa:02:5f:b8:c5:da:1f:c4:33:61:ca:ff:02:86:
         3f:f2:37:42:b4:9f:80:eb:46:8a:d4:96:95:24:7c:b0:3a:a8:
         d4:dc:34:d8:12:14:7e:51:92:99:6c:ac:f8:3a:76:8b:6d:4e:
         6a:cb:88:d4:c8:08:4c:cd:01:32:bc:e7:33:30:07:53:b1:d2:
         a9:1b:c3:c6:56:8d:26:a4:d9:c0:8f:64:d1:c7:88:9d:42:c9:
         00:ee:17:93:81:31:6e:9d:da:42:7d:db:eb:ca:0f:35:74:c5:
         c7:0f:f1:63:03:07:7a:f4:b4:72:7f:81:2a:92:91:95:9b:61:
         23:a2:6e:35:e8:6e:f1:fe:ee:a4:9e:d4:69:35:c1:00:7d:9c:
         ab:34:db:0e:ba:dc:5b:8f:3d:f4:dd:e2:29:7a:aa:ad:eb:69:
         f3:de:49:52:3a:5f:78:40:f6:ce:2b:87:17:3d:af:d0:39:5d:
         b9:c1:c3:6e:66:95:0c:5e:b5:96:51:c7:7c:99:98:ef:53:45:
         97:2b:2d:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ5TMU/rpIS6tVmtdOPTJer5QbagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEyMjcxOTM5MzZaFw0yNTEyMjYxOTQ0MzZaMDMxMTAvBgNV
BAMTKDNGQ0VGMTk1OTdDMzc1QkI4MEMwODY2OThDRkFBMDA3QkQ0RTc0MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkmQhUak4qmdk8zZV2dUj2tx5i
jYttfwlcQTh6J6Lc7E9/zz9HjjCRedRli5EaLTxnONgyqGdE6zyia3nXc0pZLIFG
t9ZW2MUVTfZDEaoA4GE6pII2ilaPydUWkh4yYdMt4UNZBDwnooSe26rlnmEkTTM+
dHYqUEKfuVYjnJmhp6e1dnjxiE9OzUv73kwr1F2gDvXlwCFKnjr+9w2dpT7dVpxR
G8s0Bp5QUrptOGgk1wnLj+4r0tIl5Jzhr0ftNZOzUiSSr/pBgEqT1D3Q+DIr+Ug3
wXyLN9vp/5KlEqkUjrWdobCiS+mK76ojStkIbG4knJ50Nu0qVzscDjuGl7kjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP87xlZfDdbuAwIZpjPqgB71OdAMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzOTJlMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEJ
IjANBgkqhkiG9w0BAQsFAAOCAQEAf4HIolkj+z1ftj8yrtdSEMD6zpyfborMruu5
qbkD2y9UTLvR99p9uU0z6r/D/CfqTztC9lTDLOQd+KoCX7jF2h/EM2HK/wKGP/I3
QrSfgOtGitSWlSR8sDqo1Nw02BIUflGSmWys+Dp2i21OasuI1MgITM0BMrznMzAH
U7HSqRvDxlaNJqTZwI9k0ceInULJAO4Xk4Exbp3aQn3b68oPNXTFxw/xYwMHevS0
cn+BKpKRlZthI6JuNehu8f7upJ7UaTXBAH2cqzTbDrrcW4899N3iKXqqretp895J
UjpfeED2ziuHFz2v0DlducHDbmaVDF61llHHfJmY71NFlystRA==
-----END CERTIFICATE-----