Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa
File:                     3139352e3230302e382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          7AAxqEVK06bD/k2LPLdIL+4uIRPeITnddBOGwyB1USg=
Subject key identifier:   B5:6C:68:6F:C5:F7:F5:55:35:2D:22:68:86:1A:38:92:DC:B9:2E:B6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       654A7F2FEC8801E6AF7112C4548AF643DD95324B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:04 +0000
ROA not before:           Thu 13 Jun 2024 10:36:04 +0000
ROA not after:            Thu 12 Jun 2025 10:41:04 +0000
asID:                     47583
IP address blocks:        195.200.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:4a:7f:2f:ec:88:01:e6:af:71:12:c4:54:8a:f6:43:dd:95:32:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:04 2024 GMT
            Not After : Jun 12 10:41:04 2025 GMT
        Subject: CN=B56C686FC5F7F555352D2268861A3892DCB92EB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:2f:74:6f:e2:5d:2d:82:18:e4:b2:ac:3f:
                    b4:8d:f9:a7:b2:80:11:50:1d:12:18:2c:b0:33:2a:
                    47:31:a3:e0:4a:5b:da:cc:02:85:36:36:b4:7b:02:
                    61:ee:f1:ba:a3:aa:10:75:94:fc:76:e2:65:c4:a4:
                    a8:a9:ed:7e:41:ba:a9:aa:fc:40:55:32:b7:4e:8b:
                    21:96:f8:f0:0e:77:40:c1:2f:52:5d:9c:b1:cd:91:
                    0b:2c:7b:cb:7d:b9:4e:f5:a5:ff:0c:71:75:01:3c:
                    1e:fa:20:77:75:8e:89:b5:a7:01:6d:2b:bf:18:94:
                    35:ff:28:b8:a8:25:b2:04:d0:f0:ce:68:c7:be:dc:
                    41:32:8c:d8:6b:d7:5a:c4:71:86:f9:91:e2:39:b0:
                    c1:f5:27:36:35:2f:06:05:c5:27:74:f8:6e:8b:b8:
                    20:b5:1c:96:b0:f2:64:6d:13:64:71:d0:c6:13:81:
                    7e:4b:71:9f:f0:92:7c:63:78:37:4d:32:c4:32:39:
                    02:ee:27:b7:36:c9:05:69:a5:ef:9e:8d:d2:ac:f9:
                    e4:67:bc:e3:0e:4e:14:c1:1a:68:b2:8d:5d:e4:11:
                    82:ab:86:21:8c:8e:e2:ed:a2:c4:ed:12:2d:bc:f9:
                    b6:54:d4:a1:5e:66:f5:95:81:c1:4c:ee:59:54:29:
                    71:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6C:68:6F:C5:F7:F5:55:35:2D:22:68:86:1A:38:92:DC:B9:2E:B6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e3230302e382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:cb:2e:10:e3:84:6a:19:24:49:de:47:e8:17:e3:c3:d5:71:
         d7:23:03:43:34:cc:37:04:d0:99:09:0d:24:f2:6e:e8:51:aa:
         19:2d:5e:9b:0d:25:07:f2:33:36:0f:52:43:83:78:1e:85:87:
         31:bd:b9:16:62:7c:a1:ff:ef:ad:60:07:40:c7:7f:01:53:c1:
         8c:5d:d5:d3:0b:2a:89:e1:0c:eb:94:62:42:84:98:4a:b1:df:
         fb:36:2a:b5:dc:b7:a5:13:55:44:ca:ff:40:c5:b4:23:6c:70:
         4b:2f:96:6b:ea:dd:aa:3d:10:02:21:84:11:f7:cd:39:99:97:
         c4:04:78:a2:4c:a9:49:2f:56:54:23:89:d9:18:79:68:46:13:
         06:95:51:3f:b2:d5:22:83:be:89:b7:6e:15:1e:2f:99:b0:5d:
         51:ea:cb:93:6d:c6:a6:e4:34:9b:81:eb:d2:bd:a2:c7:a9:3f:
         55:46:f5:88:92:88:47:8b:2b:a4:2a:1d:b9:a3:8a:1f:52:fa:
         0d:ad:fa:db:6f:80:88:14:d7:9a:2a:05:2f:eb:03:c3:52:a8:
         a1:a6:86:b0:8d:e6:25:15:f6:90:81:9e:d7:de:a6:5b:f1:9f:
         ea:e6:61:eb:aa:23:d8:05:b7:b5:60:b1:40:47:0e:dd:0c:a9:
         e1:13:6c:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZUp/L+yIAeavcRLEVIr2Q92VMkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MDRaFw0yNTA2MTIxMDQxMDRaMDMxMTAvBgNV
BAMTKEI1NkM2ODZGQzVGN0Y1NTUzNTJEMjI2ODg2MUEzODkyRENCOTJFQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf1i90b+JdLYIY5LKsP7SN+aey
gBFQHRIYLLAzKkcxo+BKW9rMAoU2NrR7AmHu8bqjqhB1lPx24mXEpKip7X5Buqmq
/EBVMrdOiyGW+PAOd0DBL1JdnLHNkQsse8t9uU71pf8McXUBPB76IHd1jom1pwFt
K78YlDX/KLioJbIE0PDOaMe+3EEyjNhr11rEcYb5keI5sMH1JzY1LwYFxSd0+G6L
uCC1HJaw8mRtE2Rx0MYTgX5LcZ/wknxjeDdNMsQyOQLuJ7c2yQVppe+ejdKs+eRn
vOMOThTBGmiyjV3kEYKrhiGMjuLtosTtEi28+bZU1KFeZvWVgcFM7llUKXEVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtWxob8X39VU1LSJohho4kty5LrYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMjMwMzAyZTM4
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsPI
CDANBgkqhkiG9w0BAQsFAAOCAQEAlcsuEOOEahkkSd5H6Bfjw9Vx1yMDQzTMNwTQ
mQkNJPJu6FGqGS1emw0lB/IzNg9SQ4N4HoWHMb25FmJ8of/vrWAHQMd/AVPBjF3V
0wsqieEM65RiQoSYSrHf+zYqtdy3pRNVRMr/QMW0I2xwSy+Wa+rdqj0QAiGEEffN
OZmXxAR4okypSS9WVCOJ2Rh5aEYTBpVRP7LVIoO+ibduFR4vmbBdUerLk23GpuQ0
m4Hr0r2ix6k/VUb1iJKIR4srpCoduaOKH1L6Da3622+AiBTXmioFL+sDw1KooaaG
sI3mJRX2kIGe196mW/Gf6uZh66oj2AW3tWCxQEcO3Qyp4RNsmw==
-----END CERTIFICATE-----