Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e31362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          MzNvRm5b5ikapyZ9O3sBCbtDj/YkhCLIGO7NmYRnOEU=
Subject key identifier:   A6:24:C0:F6:AF:B0:F0:09:3A:67:4A:17:B9:C2:13:D8:89:4E:DE:0E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6217225C46693CCA70715CACC085D3FDDEEBBB93
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:17 +0000
ROA not before:           Thu 15 May 2025 10:41:17 +0000
ROA not after:            Thu 14 May 2026 10:46:17 +0000
asID:                     47583
IP address blocks:        195.35.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 17:19:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:17:22:5c:46:69:3c:ca:70:71:5c:ac:c0:85:d3:fd:de:eb:bb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:17 2025 GMT
            Not After : May 14 10:46:17 2026 GMT
        Subject: CN=A624C0F6AFB0F0093A674A17B9C213D8894EDE0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:47:6b:4d:30:3a:cd:8a:3c:3e:5b:6e:c6:50:
                    6b:1c:40:64:dc:22:19:4b:cf:36:b8:7b:b0:45:96:
                    f6:7d:d0:20:d7:f8:1e:8a:a9:a6:d1:47:10:44:1a:
                    d1:3e:5b:08:63:59:88:59:3e:b5:6e:24:8b:84:3a:
                    e3:a8:d7:0b:46:a8:6b:65:74:b7:98:6c:bc:8b:85:
                    97:99:18:1a:18:b1:b6:f8:93:ff:db:e5:eb:33:4a:
                    9f:a6:0f:ce:c0:e1:ac:c0:a6:68:e0:60:5d:53:77:
                    f9:22:97:4e:4c:50:bc:f3:4d:52:04:14:39:4a:9c:
                    6c:2f:8e:9b:a8:8a:3e:45:c3:6c:03:75:d8:8e:91:
                    e3:12:19:9f:4e:d5:dd:35:10:ac:5a:b0:a5:d8:65:
                    3b:92:c3:7f:11:26:aa:bf:9b:b6:f4:9f:57:48:56:
                    9a:43:36:29:ea:1a:4f:8e:10:29:2a:75:32:1d:27:
                    74:3a:79:7f:5e:e1:db:20:3a:8d:d1:56:86:52:74:
                    20:fb:5f:d6:97:09:c9:79:fa:08:7a:dd:eb:11:e9:
                    3f:72:e1:dc:81:59:ee:de:35:ff:e1:1a:9c:1e:41:
                    40:ba:d1:9f:9a:92:ba:ef:fd:5c:96:44:53:dd:f9:
                    c3:a1:cd:f4:0c:f2:0d:ab:8c:93:b2:a0:14:dd:ea:
                    c0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:24:C0:F6:AF:B0:F0:09:3A:67:4A:17:B9:C2:13:D8:89:4E:DE:0E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e31362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:4e:12:68:82:f1:e6:02:ab:9d:b8:22:fd:b9:cd:44:62:03:
         15:71:14:7e:b0:f3:2c:e7:eb:ce:ef:28:04:2e:42:50:14:c0:
         09:f9:05:8d:57:28:58:eb:94:3f:a7:4d:6d:2a:70:a6:ac:bb:
         e0:3a:7d:9d:b0:56:bb:9d:0d:20:38:59:d1:cf:42:0b:45:34:
         7b:5a:d2:3f:ad:0c:cd:aa:d7:9c:29:54:c4:23:53:51:23:e8:
         6f:5e:5a:9a:43:82:fc:a8:9a:1c:87:ab:14:2b:ea:17:4f:60:
         0a:0c:48:85:52:65:7b:e2:ff:d3:b5:80:b4:da:19:09:d9:24:
         d6:84:97:f7:2d:a7:b8:63:4f:13:e6:e4:b3:60:1e:31:28:39:
         90:e9:5e:c1:36:70:fc:b7:43:98:f3:84:5f:8a:92:ff:41:f1:
         3b:8b:a3:91:73:c0:4a:86:18:d9:7a:07:ee:d6:94:ba:cd:58:
         c1:3a:12:b9:dc:41:e2:59:37:be:00:7f:2c:d1:8a:b2:7d:5e:
         3e:8b:03:42:f1:1c:e1:1e:fe:2d:33:89:a8:fc:a9:e1:de:e4:
         9f:32:91:38:9f:64:a2:5b:da:9f:f2:38:24:71:00:49:60:cc:
         11:08:b6:5c:a7:c2:c8:53:c1:bf:89:68:90:86:e8:74:7a:b5:
         3c:96:7d:a2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYhciXEZpPMpwcVyswIXT/d7ru5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTdaFw0yNjA1MTQxMDQ2MTdaMDMxMTAvBgNV
BAMTKEE2MjRDMEY2QUZCMEYwMDkzQTY3NEExN0I5QzIxM0Q4ODk0RURFMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrR2tNMDrNijw+W27GUGscQGTc
IhlLzza4e7BFlvZ90CDX+B6KqabRRxBEGtE+WwhjWYhZPrVuJIuEOuOo1wtGqGtl
dLeYbLyLhZeZGBoYsbb4k//b5eszSp+mD87A4azApmjgYF1Td/kil05MULzzTVIE
FDlKnGwvjpuoij5Fw2wDddiOkeMSGZ9O1d01EKxasKXYZTuSw38RJqq/m7b0n1dI
VppDNinqGk+OECkqdTIdJ3Q6eX9e4dsgOo3RVoZSdCD7X9aXCcl5+gh63esR6T9y
4dyBWe7eNf/hGpweQUC60Z+akrrv/VyWRFPd+cOhzfQM8g2rjJOyoBTd6sAfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpiTA9q+w8Ak6Z0oXucIT2IlO3g4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMTM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
EDANBgkqhkiG9w0BAQsFAAOCAQEAXk4SaILx5gKrnbgi/bnNRGIDFXEUfrDzLOfr
zu8oBC5CUBTACfkFjVcoWOuUP6dNbSpwpqy74Dp9nbBWu50NIDhZ0c9CC0U0e1rS
P60MzarXnClUxCNTUSPob15amkOC/KiaHIerFCvqF09gCgxIhVJle+L/07WAtNoZ
Cdkk1oSX9y2nuGNPE+bks2AeMSg5kOlewTZw/LdDmPOEX4qS/0HxO4ujkXPASoYY
2XoH7taUus1YwToSudxB4lk3vgB/LNGKsn1ePosDQvEc4R7+LTOJqPyp4d7knzKR
OJ9kolvan/I4JHEASWDMEQi2XKfCyFPBv4lokIbodHq1PJZ9og==
-----END CERTIFICATE-----