Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
File:                     3139342e3139352e39342e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          8OONknkpIkRtkE3XZLryHQi4fILvIl/hSG+p3NE6ZDU=
Subject key identifier:   98:A5:30:37:31:22:F1:76:1C:D1:D8:11:D2:FA:22:98:84:5C:3C:FE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C0418843A5D84AB3BEA4906AC9D0235F084146B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
Signing time:             Tue 27 Jun 2023 11:22:50 +0000
ROA not before:           Tue 27 Jun 2023 11:17:50 +0000
ROA not after:            Tue 25 Jun 2024 11:22:50 +0000
asID:                     834
IP address blocks:        194.195.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:04:18:84:3a:5d:84:ab:3b:ea:49:06:ac:9d:02:35:f0:84:14:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 27 11:17:50 2023 GMT
            Not After : Jun 25 11:22:50 2024 GMT
        Subject: CN=98A530373122F1761CD1D811D2FA2298845C3CFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:85:ea:29:f4:5c:a7:3c:db:85:bf:0a:3d:7c:
                    59:3b:44:64:33:63:7c:2b:d3:98:b6:41:1e:d4:d8:
                    6b:63:e9:2f:a2:3f:5b:a3:e8:b1:fb:5f:6b:25:12:
                    53:d9:bf:c1:47:11:a0:73:f4:dc:a3:fe:42:3d:84:
                    05:f1:fb:c4:7b:02:7c:c8:23:6b:c4:92:41:77:39:
                    e8:5c:00:dd:44:2e:b0:2f:dc:f1:2f:5b:00:3d:b6:
                    7a:fb:88:81:ed:34:a4:cb:4a:5b:b8:3f:1e:36:cb:
                    2c:65:99:0a:b0:ae:4c:c7:a9:48:49:5a:74:4e:2f:
                    31:31:51:7c:af:b0:6b:c1:b5:ea:23:e4:0b:81:fc:
                    c9:60:82:12:7b:e9:54:28:ca:ac:ae:64:e8:c5:ac:
                    ef:cc:c7:c8:0e:c1:e0:69:59:43:7d:ac:76:7e:7e:
                    13:43:bf:0b:24:62:1e:e7:e6:f3:97:bd:d5:0d:2f:
                    41:31:39:23:2f:8a:9a:6f:f4:c7:a1:09:a2:ae:79:
                    7a:da:8e:97:66:b9:3d:8d:19:13:0e:75:32:96:a8:
                    f1:5e:8a:68:da:2d:5d:cd:b3:6a:0f:7d:21:a6:14:
                    3b:01:64:e2:ac:80:10:77:94:e8:9c:98:4f:8e:bf:
                    85:a0:ac:d3:59:71:7c:23:2e:9d:24:df:b5:33:f7:
                    46:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A5:30:37:31:22:F1:76:1C:D1:D8:11:D2:FA:22:98:84:5C:3C:FE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:59:b3:b0:a9:cf:26:a9:9d:08:60:c9:16:ef:e5:a5:c7:0a:
         83:e5:72:e5:5f:71:32:50:69:f5:52:0e:e0:b2:f4:27:e9:11:
         cf:c4:45:72:80:d3:fd:68:a6:da:7e:22:38:be:69:54:3f:15:
         d4:8b:ab:1f:fc:95:df:b6:37:76:0b:2c:c0:3b:a3:b0:5e:52:
         7d:75:2d:ee:0b:19:5f:75:fe:9f:5f:3a:41:a7:fe:40:ed:d8:
         83:1f:26:cc:f8:27:9a:aa:d5:65:c4:61:69:1e:4e:6a:a7:f7:
         44:7c:c9:bd:31:76:d1:ac:b9:e7:47:7e:b2:5a:09:14:41:be:
         24:aa:61:d2:ad:14:dc:af:dd:bd:11:f0:40:e8:7f:ed:82:4e:
         ee:10:ee:41:8e:a6:b9:d0:1e:db:60:51:cc:bd:d4:b1:00:b7:
         2c:ce:70:01:e7:ed:5d:5f:9f:4c:ff:76:44:ef:f7:49:0c:27:
         21:06:c6:c8:b8:9b:39:34:d1:bb:f7:bf:e5:38:b4:96:94:84:
         ee:b6:3d:7e:9e:74:c8:bc:ca:26:e6:08:9e:34:f5:33:65:12:
         95:4b:90:30:84:2a:d4:7b:06:d9:fe:2d:3b:9a:74:2d:92:a8:
         7f:d2:86:ba:40:0c:1a:a5:81:b1:dc:42:ec:d2:a2:a9:f9:8b:
         c4:ea:e7:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbAQYhDpdhKs76kkGrJ0CNfCEFGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA2MjcxMTE3NTBaFw0yNDA2MjUxMTIyNTBaMDMxMTAvBgNV
BAMTKDk4QTUzMDM3MzEyMkYxNzYxQ0QxRDgxMUQyRkEyMjk4ODQ1QzNDRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpheop9FynPNuFvwo9fFk7RGQz
Y3wr05i2QR7U2Gtj6S+iP1uj6LH7X2slElPZv8FHEaBz9Nyj/kI9hAXx+8R7AnzI
I2vEkkF3OehcAN1ELrAv3PEvWwA9tnr7iIHtNKTLSlu4Px42yyxlmQqwrkzHqUhJ
WnROLzExUXyvsGvBteoj5AuB/MlgghJ76VQoyqyuZOjFrO/Mx8gOweBpWUN9rHZ+
fhNDvwskYh7n5vOXvdUNL0ExOSMvippv9MehCaKueXrajpdmuT2NGRMOdTKWqPFe
imjaLV3Ns2oPfSGmFDsBZOKsgBB3lOicmE+Ov4WgrNNZcXwjLp0k37Uz90ZJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmKUwNzEi8XYc0dgR0voimIRcPP4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTM5MzUyZTM5
MzQyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCw14w
DQYJKoZIhvcNAQELBQADggEBAHJZs7CpzyapnQhgyRbv5aXHCoPlcuVfcTJQafVS
DuCy9CfpEc/ERXKA0/1optp+Iji+aVQ/FdSLqx/8ld+2N3YLLMA7o7BeUn11Le4L
GV91/p9fOkGn/kDt2IMfJsz4J5qq1WXEYWkeTmqn90R8yb0xdtGsuedHfrJaCRRB
viSqYdKtFNyv3b0R8EDof+2CTu4Q7kGOprnQHttgUcy91LEAtyzOcAHn7V1fn0z/
dkTv90kMJyEGxsi4mzk00bv3v+U4tJaUhO62PX6edMi8yibmCJ409TNlEpVLkDCE
KtR7Btn+LTuadC2SqH/ShrpADBqlgbHcQuzSoqn5i8Tq58k=
-----END CERTIFICATE-----