Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          fK+de4B4J7uodFFTrNjaEYjlGcLAcsiKzTeMg616/ZU=
Subject key identifier:   55:FD:C1:CF:B5:2A:02:50:E9:75:CE:41:9A:BC:41:E8:46:5F:4B:55
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7D53840A8B829D9839C9999D3B1FD4182CE4A37B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:08 +0000
ROA not before:           Thu 13 Jun 2024 10:36:08 +0000
ROA not after:            Thu 12 Jun 2025 10:41:08 +0000
asID:                     47583
IP address blocks:        195.35.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:53:84:0a:8b:82:9d:98:39:c9:99:9d:3b:1f:d4:18:2c:e4:a3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:08 2024 GMT
            Not After : Jun 12 10:41:08 2025 GMT
        Subject: CN=55FDC1CFB52A0250E975CE419ABC41E8465F4B55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:8d:21:af:7f:c0:ed:33:cd:dc:23:75:c3:
                    ce:c6:2e:4c:d2:ee:f4:a5:79:26:3b:b9:3f:ab:30:
                    68:09:93:df:81:27:d5:5d:aa:df:58:37:ce:4f:bc:
                    80:dc:d3:c5:95:67:07:8f:09:ce:9a:85:b4:14:3a:
                    37:d2:f1:8c:ed:56:d0:d8:2c:04:2b:51:a5:da:68:
                    e0:97:97:35:c5:4b:36:56:ec:70:27:2c:03:23:28:
                    d1:b4:26:b8:dc:45:45:0f:e6:b8:96:62:03:e4:56:
                    be:1e:57:d1:46:84:4c:cd:f7:2a:14:85:ec:85:1b:
                    d3:73:39:77:a6:a9:b3:e9:f9:c3:99:3f:1c:5c:23:
                    a0:b6:ec:00:73:f9:17:89:49:3c:d1:39:58:07:8b:
                    03:f2:f1:a0:b7:cb:d8:a8:4e:a3:cb:8a:80:49:73:
                    86:b7:a5:2c:1e:56:dc:4c:f8:52:3e:12:93:f0:b2:
                    1a:89:62:b8:08:09:df:41:86:dd:bb:9f:a7:02:69:
                    1d:52:ee:2e:3e:c0:66:00:35:33:8a:0f:53:80:3f:
                    18:59:40:f3:0e:2e:15:7f:e0:1a:44:7e:6c:5b:87:
                    d7:8f:ca:38:eb:be:e8:e0:62:9e:c9:92:1f:c5:3d:
                    66:0c:34:83:62:67:55:a2:ec:51:40:3a:c1:72:63:
                    37:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FD:C1:CF:B5:2A:02:50:E9:75:CE:41:9A:BC:41:E8:46:5F:4B:55
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:c8:4e:11:4e:89:77:5f:65:38:2b:21:53:8a:76:a3:cf:80:
         9d:2e:02:e0:f0:df:3e:0d:1f:39:ca:02:2b:ca:80:75:82:a9:
         68:f7:49:e7:f4:92:ff:a7:6c:83:4e:06:eb:ab:26:2b:75:4d:
         a8:70:34:1a:da:11:35:bc:2a:68:0d:2d:90:cc:04:4b:77:f3:
         77:d8:ed:51:55:0e:a1:ea:d7:ea:ea:98:11:89:c8:1c:65:b5:
         6b:20:ff:1d:97:92:e3:b5:96:6b:4d:f0:46:ab:43:8d:28:76:
         a9:72:21:0e:a8:19:18:d7:b7:39:60:e6:08:bd:77:25:86:12:
         4c:d9:99:29:a6:26:b2:f0:46:a8:82:12:b3:61:cd:f5:9d:c4:
         18:7b:c0:26:65:90:57:c2:4d:9d:1d:1b:b9:d9:6d:32:2c:6a:
         0e:e5:a0:b8:40:3d:0d:2f:88:d6:2a:c6:ec:b9:0e:5a:d0:b5:
         b5:c6:87:02:44:a5:35:96:67:27:00:52:f1:3e:91:8c:6f:b9:
         cd:73:9a:27:67:71:b6:74:d3:01:b3:ef:7e:b7:d7:57:60:8e:
         85:c1:51:d1:5a:18:35:07:6c:18:15:45:43:eb:d9:2d:eb:3b:
         c4:a2:7e:72:66:c0:32:da:56:ae:d5:a4:b5:2f:f0:5a:fe:eb:
         ec:6c:17:8f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfVOECouCnZg5yZmdOx/UGCzko3swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MDhaFw0yNTA2MTIxMDQxMDhaMDMxMTAvBgNV
BAMTKDU1RkRDMUNGQjUyQTAyNTBFOTc1Q0U0MTlBQkM0MUU4NDY1RjRCNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7lY0hr3/A7TPN3CN1w87GLkzS
7vSleSY7uT+rMGgJk9+BJ9Vdqt9YN85PvIDc08WVZwePCc6ahbQUOjfS8YztVtDY
LAQrUaXaaOCXlzXFSzZW7HAnLAMjKNG0JrjcRUUP5riWYgPkVr4eV9FGhEzN9yoU
heyFG9NzOXemqbPp+cOZPxxcI6C27ABz+ReJSTzROVgHiwPy8aC3y9ioTqPLioBJ
c4a3pSweVtxM+FI+EpPwshqJYrgICd9Bht27n6cCaR1S7i4+wGYANTOKD1OAPxhZ
QPMOLhV/4BpEfmxbh9ePyjjrvujgYp7Jkh/FPWYMNINiZ1Wi7FFAOsFyYzdfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVf3Bz7UqAlDpdc5BmrxB6EZfS1UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
FDANBgkqhkiG9w0BAQsFAAOCAQEADshOEU6Jd19lOCshU4p2o8+AnS4C4PDfPg0f
OcoCK8qAdYKpaPdJ5/SS/6dsg04G66smK3VNqHA0GtoRNbwqaA0tkMwES3fzd9jt
UVUOoerX6uqYEYnIHGW1ayD/HZeS47WWa03wRqtDjSh2qXIhDqgZGNe3OWDmCL13
JYYSTNmZKaYmsvBGqIISs2HN9Z3EGHvAJmWQV8JNnR0budltMixqDuWguEA9DS+I
1irG7LkOWtC1tcaHAkSlNZZnJwBS8T6RjG+5zXOaJ2dxtnTTAbPvfrfXV2COhcFR
0VoYNQdsGBVFQ+vZLes7xKJ+cmbAMtpWrtWktS/wWv7r7GwXjw==
-----END CERTIFICATE-----