Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
File:                     3139342e3139352e39342e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          aexodWILdwJPg1dYChSJ+5sBZNJs+/O1reTQw3bNHIM=
Subject key identifier:   86:DB:D4:D4:61:99:8E:00:89:35:B5:BE:51:E4:6A:9B:B1:77:18:B5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2EE238761838747B70AC80B3121E68625287DD6F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
Signing time:             Tue 28 May 2024 12:03:48 +0000
ROA not before:           Tue 28 May 2024 11:58:48 +0000
ROA not after:            Tue 27 May 2025 12:03:48 +0000
asID:                     834
IP address blocks:        194.195.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:e2:38:76:18:38:74:7b:70:ac:80:b3:12:1e:68:62:52:87:dd:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 28 11:58:48 2024 GMT
            Not After : May 27 12:03:48 2025 GMT
        Subject: CN=86DBD4D461998E008935B5BE51E46A9BB17718B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:6e:06:02:03:f5:d5:42:06:1f:b3:ad:8b:f3:
                    b6:9c:47:d5:42:aa:f1:fc:8c:cd:1e:fa:62:a4:84:
                    2d:be:33:e1:18:21:bb:00:6b:b0:a3:1f:ea:a8:22:
                    64:36:4b:7f:06:c4:cc:ca:8a:cf:8d:ea:7e:8f:b0:
                    0e:0c:e4:e3:12:0d:6d:dd:47:1b:94:6f:7e:59:f0:
                    2a:af:bd:95:81:e4:d8:e4:24:5f:56:c7:5a:1c:89:
                    a5:35:50:48:2c:af:96:68:35:c6:17:5a:09:87:ca:
                    44:a9:84:1b:35:09:8f:b0:2d:32:c4:8c:ab:95:2d:
                    3d:89:de:a7:00:5f:fd:3e:ee:5e:fe:9c:04:34:37:
                    12:a2:34:59:20:28:79:02:d3:6d:b5:2c:22:04:54:
                    c1:aa:f2:82:6a:e5:ca:2c:b8:90:c5:7d:7d:31:fc:
                    06:d7:5c:29:2f:57:77:6a:db:cb:59:1a:2e:20:68:
                    7a:24:ca:ac:35:e1:dc:c7:be:58:a3:5f:f7:15:55:
                    9e:bb:e7:16:34:87:ac:50:13:35:d6:c7:ce:ab:f1:
                    91:a1:df:28:7c:4d:c4:9b:f4:21:7e:2d:6e:9a:29:
                    16:ff:d3:d6:ef:f3:23:3a:1a:42:dc:0c:b3:75:07:
                    c5:5a:28:26:13:cf:e2:0c:40:7d:1d:bb:c3:28:c5:
                    61:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DB:D4:D4:61:99:8E:00:89:35:B5:BE:51:E4:6A:9B:B1:77:18:B5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:3e:86:79:18:2d:1e:bc:7c:30:70:13:ee:81:e1:df:94:6d:
         d1:c2:be:21:02:7b:74:cf:d8:3f:d0:5e:fc:92:7b:01:43:35:
         70:03:47:79:26:cd:7c:a8:cb:a9:21:9b:77:85:d9:cd:03:4c:
         af:ab:ef:8e:d8:da:ee:49:d4:65:30:85:6c:f1:2e:85:58:61:
         6a:e4:15:da:2a:37:ad:36:89:cf:cc:7a:0e:74:a1:7f:2d:d5:
         31:28:56:5b:02:05:80:4d:d7:ba:57:8d:cc:fd:8f:42:70:20:
         3f:54:80:ca:7a:26:ba:4e:25:f4:dc:cb:0c:e2:e8:69:9a:c7:
         02:09:ca:d0:85:fd:06:b0:a4:42:9a:c2:b1:12:56:3b:22:77:
         70:9e:2c:87:9a:3c:0f:c7:40:fd:e1:62:25:50:e4:30:f7:7e:
         a3:e3:48:d1:a4:ca:dc:75:28:da:d1:0d:88:2f:a9:fb:fa:8c:
         e1:b5:dc:7e:ed:03:83:68:5b:ee:06:48:d4:b9:89:09:9c:b7:
         c2:b2:ce:7b:1e:54:32:60:32:d2:e5:c1:8b:ad:c0:56:ce:fd:
         4e:c3:7a:d4:a9:33:d8:87:ed:b4:3f:fa:58:c6:08:28:c9:44:
         4e:a7:bb:ef:c6:76:42:e6:16:a7:0e:b0:7b:ed:93:f7:c5:bd:
         2a:76:e9:38
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULuI4dhg4dHtwrICzEh5oYlKH3W8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MjgxMTU4NDhaFw0yNTA1MjcxMjAzNDhaMDMxMTAvBgNV
BAMTKDg2REJENEQ0NjE5OThFMDA4OTM1QjVCRTUxRTQ2QTlCQjE3NzE4QjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvbgYCA/XVQgYfs62L87acR9VC
qvH8jM0e+mKkhC2+M+EYIbsAa7CjH+qoImQ2S38GxMzKis+N6n6PsA4M5OMSDW3d
RxuUb35Z8CqvvZWB5NjkJF9Wx1ociaU1UEgsr5ZoNcYXWgmHykSphBs1CY+wLTLE
jKuVLT2J3qcAX/0+7l7+nAQ0NxKiNFkgKHkC0221LCIEVMGq8oJq5cosuJDFfX0x
/AbXXCkvV3dq28tZGi4gaHokyqw14dzHvlijX/cVVZ675xY0h6xQEzXWx86r8ZGh
3yh8TcSb9CF+LW6aKRb/09bv8yM6GkLcDLN1B8VaKCYTz+IMQH0du8MoxWF7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUhtvU1GGZjgCJNbW+UeRqm7F3GLUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTM5MzUyZTM5
MzQyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCw14w
DQYJKoZIhvcNAQELBQADggEBAGY+hnkYLR68fDBwE+6B4d+UbdHCviECe3TP2D/Q
XvySewFDNXADR3kmzXyoy6khm3eF2c0DTK+r747Y2u5J1GUwhWzxLoVYYWrkFdoq
N602ic/Meg50oX8t1TEoVlsCBYBN17pXjcz9j0JwID9UgMp6JrpOJfTcywzi6Gma
xwIJytCF/QawpEKawrESVjsid3CeLIeaPA/HQP3hYiVQ5DD3fqPjSNGkytx1KNrR
DYgvqfv6jOG13H7tA4NoW+4GSNS5iQmct8KyznseVDJgMtLlwYutwFbO/U7DetSp
M9iH7bQ/+ljGCCjJRE6nu+/GdkLmFqcOsHvtk/fFvSp26Tg=
-----END CERTIFICATE-----