Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa
File:                     3139352e3230302e382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          m7BhXfytgkVXzuNwZ+2VI9BzC+loKjpiVH1KmfhDRco=
Subject key identifier:   6C:00:B6:03:C2:19:FD:9F:FA:24:40:C2:37:8B:25:D5:69:70:6A:43
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7C6FCEB17F52797E4348280D8E54232AB70C7407
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:20 +0000
ROA not before:           Thu 15 May 2025 10:41:20 +0000
ROA not after:            Thu 14 May 2026 10:46:20 +0000
asID:                     47583
IP address blocks:        195.200.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:6f:ce:b1:7f:52:79:7e:43:48:28:0d:8e:54:23:2a:b7:0c:74:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:20 2025 GMT
            Not After : May 14 10:46:20 2026 GMT
        Subject: CN=6C00B603C219FD9FFA2440C2378B25D569706A43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:70:18:db:a8:9b:5f:9b:a4:d6:34:6e:ca:73:
                    33:8e:e0:a9:2c:60:71:ac:b3:b4:e8:b6:43:a8:fe:
                    1f:f5:38:d0:92:a2:c7:da:ec:8d:57:b7:3d:63:59:
                    4a:ea:ff:3e:9d:ad:a5:9d:82:ef:24:a4:00:2a:4c:
                    5d:15:b7:f6:a1:43:0f:35:a8:1e:b9:80:d0:ad:dc:
                    e3:02:ec:a3:7e:07:70:95:a3:df:e8:e5:8b:51:78:
                    0f:32:3e:50:4d:b2:8d:c9:57:81:fe:1f:42:de:ba:
                    9a:88:9d:56:f3:99:2c:22:2d:47:94:c1:ba:f8:c0:
                    28:4f:c6:b0:85:43:76:7a:50:cf:a6:45:e1:7a:91:
                    01:ee:d8:29:51:97:6b:3c:25:13:22:6a:63:c6:52:
                    cb:75:65:f8:80:7f:14:ef:22:62:d7:9e:ce:77:70:
                    1e:1a:88:71:d3:98:4c:43:b4:56:ca:7d:f8:b8:4f:
                    13:da:0c:d4:bf:aa:71:ae:69:56:54:0f:7e:08:4a:
                    8a:d7:4e:55:2e:05:87:67:5d:2d:37:eb:65:93:d9:
                    97:2a:1f:20:a3:b1:39:e4:2e:86:51:ca:f4:e4:7d:
                    fe:a5:25:a5:46:71:ea:e4:d8:f7:e5:03:0a:92:68:
                    8a:33:26:46:c3:6a:83:41:f0:1d:53:7f:4e:42:68:
                    84:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:00:B6:03:C2:19:FD:9F:FA:24:40:C2:37:8B:25:D5:69:70:6A:43
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:f7:de:9b:9b:e2:ee:2c:c0:7d:02:74:81:33:52:5c:08:7b:
         96:4f:38:23:be:09:cd:05:42:d1:fa:51:0b:3f:27:4f:92:cf:
         e8:9c:bb:16:f9:00:c9:b1:d1:2a:b0:d2:e5:83:c4:9d:af:8c:
         1e:2c:9f:a0:0e:bb:40:f9:4b:86:75:40:b6:de:fc:15:23:21:
         92:7c:3f:8a:2d:ef:d3:7e:d1:dd:73:27:18:f3:cd:92:70:56:
         24:b9:9a:7f:a6:82:3b:52:cd:00:c9:22:7c:14:f9:67:f7:88:
         1d:2e:6f:e1:a2:ba:f7:14:55:e5:4a:6b:46:1a:8b:95:8d:0a:
         80:8d:81:02:9f:8d:ed:82:03:95:5a:49:5e:65:d9:3c:81:76:
         d6:37:d5:a7:e3:b0:65:d8:97:06:f5:e8:66:19:46:59:62:02:
         e9:d2:6c:42:e2:2e:53:a1:ae:0a:de:f8:3b:29:6b:61:24:68:
         10:0a:b7:2d:29:4b:e2:8b:a1:e6:ec:b0:93:e0:08:b7:40:8e:
         93:77:6a:51:50:60:3b:ff:e0:9a:a1:9a:6c:ac:46:65:ac:71:
         79:92:33:f2:eb:16:5a:61:1e:87:a5:4b:34:45:81:e1:bb:01:
         49:04:d2:2b:8c:d5:ec:c0:cb:b6:d1:29:49:a4:9b:9c:2d:6b:
         0c:c7:8c:e1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfG/OsX9SeX5DSCgNjlQjKrcMdAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMjBaFw0yNjA1MTQxMDQ2MjBaMDMxMTAvBgNV
BAMTKDZDMDBCNjAzQzIxOUZEOUZGQTI0NDBDMjM3OEIyNUQ1Njk3MDZBNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEcBjbqJtfm6TWNG7KczOO4Kks
YHGss7TotkOo/h/1ONCSosfa7I1Xtz1jWUrq/z6draWdgu8kpAAqTF0Vt/ahQw81
qB65gNCt3OMC7KN+B3CVo9/o5YtReA8yPlBNso3JV4H+H0LeupqInVbzmSwiLUeU
wbr4wChPxrCFQ3Z6UM+mReF6kQHu2ClRl2s8JRMiamPGUst1ZfiAfxTvImLXns53
cB4aiHHTmExDtFbKffi4TxPaDNS/qnGuaVZUD34ISorXTlUuBYdnXS0362WT2Zcq
HyCjsTnkLoZRyvTkff6lJaVGcerk2PflAwqSaIozJkbDaoNB8B1Tf05CaISPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbAC2A8IZ/Z/6JEDCN4sl1WlwakMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMjMwMzAyZTM4
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsPI
CDANBgkqhkiG9w0BAQsFAAOCAQEAQPfem5vi7izAfQJ0gTNSXAh7lk84I74JzQVC
0fpRCz8nT5LP6Jy7FvkAybHRKrDS5YPEna+MHiyfoA67QPlLhnVAtt78FSMhknw/
ii3v037R3XMnGPPNknBWJLmaf6aCO1LNAMkifBT5Z/eIHS5v4aK69xRV5UprRhqL
lY0KgI2BAp+N7YIDlVpJXmXZPIF21jfVp+OwZdiXBvXoZhlGWWIC6dJsQuIuU6Gu
Ct74OylrYSRoEAq3LSlL4ouh5uywk+AIt0COk3dqUVBgO//gmqGabKxGZaxxeZIz
8usWWmEeh6VLNEWB4bsBSQTSK4zV7MDLttEpSaSbnC1rDMeM4Q==
-----END CERTIFICATE-----