Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3130372e3136332e302f32342d3234203d3e2030.roa
File:                     3139342e3130372e3136332e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          unVPqmNPvulMzzJcB4+73HvwYPZzrV6WDmqboOwNzRo=
Subject key identifier:   A2:D9:3D:1B:05:C9:87:40:76:F8:E5:05:27:2B:ED:0B:BE:B4:61:B2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1397CEA7CA096F01802133B8375588E05C535E5E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3130372e3136332e302f32342d3234203d3e2030.roa
Signing time:             Fri 26 Jul 2024 07:42:52 +0000
ROA not before:           Fri 26 Jul 2024 07:37:52 +0000
ROA not after:            Fri 25 Jul 2025 07:42:52 +0000
asID:                     0
IP address blocks:        194.107.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:97:ce:a7:ca:09:6f:01:80:21:33:b8:37:55:88:e0:5c:53:5e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 26 07:37:52 2024 GMT
            Not After : Jul 25 07:42:52 2025 GMT
        Subject: CN=A2D93D1B05C9874076F8E505272BED0BBEB461B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5c:b0:b2:ee:d2:0d:50:a6:00:d9:18:ea:98:
                    5d:a1:52:bf:41:1e:c8:36:cc:93:dd:8b:ae:56:bb:
                    40:de:82:4c:1b:03:60:30:06:80:00:06:13:61:f2:
                    f1:90:80:1f:09:62:94:16:68:5e:78:a0:2d:e0:7b:
                    ed:a1:af:fe:c1:96:36:ff:1f:9f:64:08:b3:f8:ef:
                    98:5c:7b:74:03:ce:20:59:5e:91:f5:69:f3:a6:6f:
                    ab:e6:8b:a9:46:1d:7b:b7:65:e4:1a:cc:36:5e:23:
                    32:57:68:18:26:dd:de:f2:80:dd:13:d3:96:c9:5c:
                    76:de:93:2e:c9:09:ac:d5:b0:52:49:95:a0:ee:9d:
                    71:d8:5a:62:59:1e:5a:52:e7:c8:65:ce:71:32:aa:
                    ef:1b:db:6e:69:93:5f:f2:b7:38:8e:c1:7a:4b:69:
                    fe:5a:24:b6:00:c4:be:bb:71:cd:79:0c:1d:21:2b:
                    17:04:dc:95:f3:e1:31:da:2b:89:27:98:8c:37:2d:
                    3d:b8:c8:9d:d6:e4:1f:02:09:ab:57:4b:32:98:71:
                    61:fb:e9:28:d2:fd:20:11:bc:2f:79:86:e7:f4:f4:
                    74:b6:82:72:16:82:1c:7a:fc:6f:3f:4f:0b:e4:0a:
                    5b:68:34:d1:fa:cc:ae:13:16:39:12:c0:4b:c3:d6:
                    e8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D9:3D:1B:05:C9:87:40:76:F8:E5:05:27:2B:ED:0B:BE:B4:61:B2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3130372e3136332e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:5c:f4:2d:af:1e:7c:76:e4:16:28:27:34:53:6f:78:15:f0:
         43:4a:c7:1f:a2:5c:a6:6f:69:25:6c:95:a1:b9:3f:c3:ac:ab:
         37:14:e5:96:10:8a:c6:40:c4:84:32:f1:63:1c:61:77:92:ba:
         fa:ce:64:21:81:c3:90:ce:e5:e3:d1:e9:fe:d7:96:48:b2:e6:
         8d:57:cd:98:1a:19:98:dc:68:7f:e2:eb:97:61:fe:b3:ad:0e:
         76:19:05:17:47:d8:a9:ca:32:e4:a0:49:b6:95:73:e5:e1:5e:
         41:43:7d:6e:2d:4d:7d:5c:e6:a1:e2:b8:3e:67:85:9c:64:3f:
         18:4e:b6:ab:bd:1b:6c:2d:07:f6:a0:96:1f:c1:cd:b6:cd:d1:
         dd:7e:85:88:69:7f:12:e6:c8:e9:d3:00:a8:be:4a:34:db:4e:
         2d:3c:07:ca:12:45:c0:30:81:1f:4b:2b:13:ff:4d:42:35:1b:
         96:fe:85:50:b2:68:5e:cb:c9:58:7d:6d:e2:7c:3e:81:e3:1b:
         82:45:c7:e8:f1:c8:0b:95:af:81:ab:3e:04:50:69:43:e2:90:
         4d:75:7c:7a:58:6a:e3:c3:2c:5a:67:b2:00:89:6c:29:7c:59:
         cb:13:eb:9e:d3:07:09:49:66:b5:a9:44:81:e3:93:87:79:00:
         d6:a7:fc:ff
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUE5fOp8oJbwGAITO4N1WI4FxTXl4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MjYwNzM3NTJaFw0yNTA3MjUwNzQyNTJaMDMxMTAvBgNV
BAMTKEEyRDkzRDFCMDVDOTg3NDA3NkY4RTUwNTI3MkJFRDBCQkVCNDYxQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoXLCy7tINUKYA2RjqmF2hUr9B
Hsg2zJPdi65Wu0DegkwbA2AwBoAABhNh8vGQgB8JYpQWaF54oC3ge+2hr/7Bljb/
H59kCLP475hce3QDziBZXpH1afOmb6vmi6lGHXu3ZeQazDZeIzJXaBgm3d7ygN0T
05bJXHbeky7JCazVsFJJlaDunXHYWmJZHlpS58hlznEyqu8b225pk1/ytziOwXpL
af5aJLYAxL67cc15DB0hKxcE3JXz4THaK4knmIw3LT24yJ3W5B8CCatXSzKYcWH7
6SjS/SARvC95huf09HS2gnIWghx6/G8/TwvkCltoNNH6zK4TFjkSwEvD1ug5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUotk9GwXJh0B2+OUFJyvtC760YbIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTMwMzcyZTMx
MzYzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmujMA0G
CSqGSIb3DQEBCwUAA4IBAQBKXPQtrx58duQWKCc0U294FfBDSscfolymb2klbJWh
uT/DrKs3FOWWEIrGQMSEMvFjHGF3krr6zmQhgcOQzuXj0en+15ZIsuaNV82YGhmY
3Gh/4uuXYf6zrQ52GQUXR9ipyjLkoEm2lXPl4V5BQ31uLU19XOah4rg+Z4WcZD8Y
TrarvRtsLQf2oJYfwc22zdHdfoWIaX8S5sjp0wCovko0204tPAfKEkXAMIEfSysT
/01CNRuW/oVQsmhey8lYfW3ifD6B4xuCRcfo8cgLla+Bqz4EUGlD4pBNdXx6WGrj
wyxaZ7IAiWwpfFnLE+ue0wcJSWa1qUSB45OHeQDWp/z/
-----END CERTIFICATE-----