Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e31362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          nWy8BD4JvYuTivK4d2DTBw+eeKVfuPT4VKlE/op47xU=
Subject key identifier:   A6:00:9E:20:A6:41:F4:E6:7B:6A:CF:01:F2:42:23:A8:C7:5F:04:F3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3F615D2004D44AABDE195D555F60BADA09E68C7D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:07 +0000
ROA not before:           Thu 13 Jun 2024 10:36:07 +0000
ROA not after:            Thu 12 Jun 2025 10:41:07 +0000
asID:                     47583
IP address blocks:        195.35.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:61:5d:20:04:d4:4a:ab:de:19:5d:55:5f:60:ba:da:09:e6:8c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:07 2024 GMT
            Not After : Jun 12 10:41:07 2025 GMT
        Subject: CN=A6009E20A641F4E67B6ACF01F24223A8C75F04F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:11:85:02:b0:7d:54:4f:ef:13:24:18:91:f5:
                    39:f6:77:73:da:3f:cb:b9:6b:e3:85:8c:9c:76:5d:
                    74:5a:3c:5d:51:aa:ca:03:83:97:5f:e4:1c:be:b9:
                    74:09:7a:21:90:2f:e2:e0:68:b5:47:de:79:ff:f5:
                    00:4b:d8:1e:7d:46:33:a5:51:f8:d8:cb:09:08:b4:
                    5c:7c:83:5b:62:e1:b0:f1:a9:65:2e:03:de:6a:35:
                    b9:ef:19:f1:2d:b4:d4:88:8e:56:e2:b5:4e:b8:6c:
                    ef:05:57:82:dd:da:fe:1f:95:e5:c8:b4:af:81:d4:
                    c3:cf:56:27:cb:8c:f9:97:57:f5:35:e5:4c:03:fd:
                    c6:d9:2f:e8:6b:b4:aa:60:3a:4e:6e:aa:72:99:c1:
                    ac:57:cd:17:82:7a:cc:ea:07:61:82:4e:94:2e:a3:
                    86:48:17:93:d8:09:51:0f:67:6b:4e:62:15:3d:33:
                    3c:78:ea:cd:5d:c8:88:c7:b0:f2:be:9d:24:c4:f7:
                    e9:00:72:6d:9a:9b:8d:01:a4:66:2f:f6:f3:57:48:
                    12:30:6f:c0:c3:b1:3b:fe:12:41:43:fb:c8:00:7e:
                    d1:01:76:81:c0:18:ff:57:7b:eb:bd:d7:21:f5:bf:
                    b8:77:51:c3:c2:de:57:3d:04:48:71:d5:dc:5c:0a:
                    10:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:00:9E:20:A6:41:F4:E6:7B:6A:CF:01:F2:42:23:A8:C7:5F:04:F3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:38:53:7f:33:f9:9c:1d:16:62:57:67:eb:b1:f2:ab:f9:4a:
         3e:4b:3c:04:85:f9:da:19:de:25:14:fc:47:99:35:83:9d:26:
         67:81:dd:2e:16:ba:7c:5c:b7:4c:e3:87:c3:4f:cf:72:4a:99:
         34:36:25:6d:be:3b:2c:eb:f9:a2:ff:4f:ab:df:68:9f:ec:9c:
         02:46:c1:d0:04:62:09:1a:94:19:27:99:57:cb:04:27:fb:22:
         d7:cf:fb:fe:8c:c6:8c:90:a6:6e:14:db:7f:b5:83:d0:09:dc:
         a8:66:4d:b0:6d:dd:6f:d7:a5:c2:60:c1:7f:3a:b0:77:f3:fe:
         54:cf:90:6e:db:86:cd:ee:93:b9:4c:82:3f:1e:8c:e3:dd:b1:
         c9:1f:3f:e1:6b:c3:a6:96:b1:f2:1f:cc:e0:10:9a:7a:15:cd:
         f7:0f:4b:f8:af:64:39:f6:cc:5c:b1:63:67:ad:9a:f0:5e:ea:
         cf:35:d9:8b:97:1d:38:8c:67:d4:41:a5:6a:a9:c0:4a:fe:e0:
         e9:55:36:2f:b8:74:5f:1a:09:ce:31:a3:4d:f6:f9:0b:6c:43:
         e5:d1:39:42:6a:af:d5:49:11:53:0a:84:9d:80:05:3c:cc:a2:
         ed:72:b1:d5:0c:c0:70:5d:0e:77:8b:e1:f5:40:a1:12:28:94:
         ba:9e:d3:c2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP2FdIATUSqveGV1VX2C62gnmjH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MDdaFw0yNTA2MTIxMDQxMDdaMDMxMTAvBgNV
BAMTKEE2MDA5RTIwQTY0MUY0RTY3QjZBQ0YwMUYyNDIyM0E4Qzc1RjA0RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EYUCsH1UT+8TJBiR9Tn2d3Pa
P8u5a+OFjJx2XXRaPF1RqsoDg5df5By+uXQJeiGQL+LgaLVH3nn/9QBL2B59RjOl
UfjYywkItFx8g1ti4bDxqWUuA95qNbnvGfEttNSIjlbitU64bO8FV4Ld2v4fleXI
tK+B1MPPVifLjPmXV/U15UwD/cbZL+hrtKpgOk5uqnKZwaxXzReCeszqB2GCTpQu
o4ZIF5PYCVEPZ2tOYhU9Mzx46s1dyIjHsPK+nSTE9+kAcm2am40BpGYv9vNXSBIw
b8DDsTv+EkFD+8gAftEBdoHAGP9Xe+u91yH1v7h3UcPC3lc9BEhx1dxcChBVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpgCeIKZB9OZ7as8B8kIjqMdfBPMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMTM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
EDANBgkqhkiG9w0BAQsFAAOCAQEAFThTfzP5nB0WYldn67Hyq/lKPks8BIX52hne
JRT8R5k1g50mZ4HdLha6fFy3TOOHw0/PckqZNDYlbb47LOv5ov9Pq99on+ycAkbB
0ARiCRqUGSeZV8sEJ/si18/7/ozGjJCmbhTbf7WD0AncqGZNsG3db9elwmDBfzqw
d/P+VM+QbtuGze6TuUyCPx6M492xyR8/4WvDppax8h/M4BCaehXN9w9L+K9kOfbM
XLFjZ62a8F7qzzXZi5cdOIxn1EGlaqnASv7g6VU2L7h0XxoJzjGjTfb5C2xD5dE5
Qmqv1UkRUwqEnYAFPMyi7XKx1QzAcF0Od4vh9UChEiiUup7Twg==
-----END CERTIFICATE-----