Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          XKDRwYQEtFFKum2ZFZwekN+kJ38Zqb2Z35kNSGJxiM4=
Subject key identifier:   AC:03:5C:63:C9:2E:6C:B8:5F:0D:DC:ED:DA:5C:70:80:66:4F:8A:E4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2B1D48FEC83A7BB74737680A01CA1A1F48DBE62D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:18 +0000
ROA not before:           Thu 15 May 2025 10:41:18 +0000
ROA not after:            Thu 14 May 2026 10:46:18 +0000
asID:                     47583
IP address blocks:        195.35.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:1d:48:fe:c8:3a:7b:b7:47:37:68:0a:01:ca:1a:1f:48:db:e6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:18 2025 GMT
            Not After : May 14 10:46:18 2026 GMT
        Subject: CN=AC035C63C92E6CB85F0DDCEDDA5C7080664F8AE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:81:90:e7:fc:df:8b:88:48:f1:57:63:1c:2c:
                    35:e3:c5:55:8b:be:50:3b:84:b7:f8:bc:f5:7a:4e:
                    09:cc:4c:6a:ce:38:0f:61:12:43:d4:32:6e:26:5a:
                    54:fb:4e:15:e1:5d:76:e9:9c:84:95:7a:ff:7c:5a:
                    a5:c9:79:2d:eb:f7:66:0b:c5:3d:b7:f2:1a:0f:4d:
                    95:00:b4:18:16:16:97:5c:ac:c3:03:1b:c4:d1:af:
                    0e:86:33:f4:e4:ef:04:60:54:33:da:d8:61:94:a1:
                    00:86:e5:e6:c5:37:57:e9:8d:3c:09:62:f3:5e:a9:
                    51:27:4e:f3:ac:cd:30:89:9e:7b:fd:e6:24:4b:85:
                    0e:dc:da:f9:df:de:da:b6:37:e3:28:38:1a:e9:a7:
                    77:8a:62:1c:f2:bb:ea:50:7e:81:31:63:2e:cf:4f:
                    d0:6f:14:c9:af:8f:12:e2:61:e5:0b:6c:ca:b4:88:
                    25:7e:74:9e:a5:f8:06:d9:ca:e8:62:64:fa:8b:28:
                    4c:b7:bf:3f:dd:8f:a2:1b:4e:f4:d3:91:55:71:23:
                    d5:19:d4:a4:c1:28:3d:47:c4:24:e0:7a:6b:f5:ca:
                    ed:fc:cd:f3:48:c2:76:4c:f8:82:42:67:e8:ea:6b:
                    9d:a4:89:5c:f8:12:5a:66:b9:46:e5:89:ac:24:20:
                    09:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:03:5C:63:C9:2E:6C:B8:5F:0D:DC:ED:DA:5C:70:80:66:4F:8A:E4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:65:9f:8a:c4:e9:c0:52:3e:57:61:a1:27:ed:e5:1f:20:95:
         cb:cb:c5:78:63:e7:8a:7b:3f:50:d0:54:b9:ca:13:48:f1:71:
         f8:68:99:48:f5:76:da:e4:6e:fc:8b:18:0f:e9:e9:34:c9:b8:
         25:7e:76:ac:49:d1:e1:c1:80:ef:8e:76:be:2c:9d:33:57:fd:
         64:5f:52:8b:9e:26:57:fc:4e:ab:6e:aa:a1:f1:1d:ef:33:3a:
         3f:2a:68:94:3c:b2:d0:1a:6a:77:e5:f8:eb:bb:7d:9f:e8:e7:
         0e:88:b6:eb:e3:5b:36:75:fb:06:d2:bc:fa:a6:36:db:54:87:
         c7:ae:c2:00:e4:c0:f1:11:33:e9:1f:77:d9:62:39:ed:4a:57:
         b3:47:ec:49:da:ba:d5:a6:a9:57:c9:1d:04:e9:f0:80:27:d6:
         3e:d0:e3:95:0b:00:41:9f:a0:41:51:9c:f9:92:3a:fd:7a:02:
         66:59:93:42:ec:c3:5b:ef:fd:87:b8:df:ef:fe:b3:eb:6c:c6:
         ba:03:d0:c4:46:20:cc:c4:25:0e:03:f6:f1:4e:3d:63:23:73:
         4d:2e:7a:2b:ce:dc:63:de:f9:07:42:56:ce:01:e7:93:a9:ea:
         99:c7:e2:bc:6d:0d:5c:ae:a6:63:00:29:52:c5:16:0d:db:aa:
         28:8f:89:18
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKx1I/sg6e7dHN2gKAcoaH0jb5i0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMThaFw0yNjA1MTQxMDQ2MThaMDMxMTAvBgNV
BAMTKEFDMDM1QzYzQzkyRTZDQjg1RjBERENFRERBNUM3MDgwNjY0RjhBRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhgZDn/N+LiEjxV2McLDXjxVWL
vlA7hLf4vPV6TgnMTGrOOA9hEkPUMm4mWlT7ThXhXXbpnISVev98WqXJeS3r92YL
xT238hoPTZUAtBgWFpdcrMMDG8TRrw6GM/Tk7wRgVDPa2GGUoQCG5ebFN1fpjTwJ
YvNeqVEnTvOszTCJnnv95iRLhQ7c2vnf3tq2N+MoOBrpp3eKYhzyu+pQfoExYy7P
T9BvFMmvjxLiYeULbMq0iCV+dJ6l+AbZyuhiZPqLKEy3vz/dj6IbTvTTkVVxI9UZ
1KTBKD1HxCTgemv1yu38zfNIwnZM+IJCZ+jqa52kiVz4ElpmuUbliawkIAlhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrANcY8kubLhfDdzt2lxwgGZPiuQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
FDANBgkqhkiG9w0BAQsFAAOCAQEANWWfisTpwFI+V2GhJ+3lHyCVy8vFeGPnins/
UNBUucoTSPFx+GiZSPV22uRu/IsYD+npNMm4JX52rEnR4cGA7452viydM1f9ZF9S
i54mV/xOq26qofEd7zM6PypolDyy0Bpqd+X467t9n+jnDoi26+NbNnX7BtK8+qY2
21SHx67CAOTA8REz6R932WI57UpXs0fsSdq61aapV8kdBOnwgCfWPtDjlQsAQZ+g
QVGc+ZI6/XoCZlmTQuzDW+/9h7jf7/6z62zGugPQxEYgzMQlDgP28U49YyNzTS56
K87cY975B0JWzgHnk6nqmcfivG0NXK6mYwApUsUWDduqKI+JGA==
-----END CERTIFICATE-----