Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3232203d3e203437353833.roa
File:                     3139352e33352e32342e302f32322d3232203d3e203437353833.roa (raw, json)
Hash identifier:          ckFhhlst3/oWzThygcia7o40flbcZOxOG9i2YtH2szE=
Subject key identifier:   DA:35:A4:39:09:8D:9D:CD:24:DC:AD:C4:35:BD:83:8A:31:C5:65:4A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       10675DC5A6A9D5A4CC07F5AFCAFC032E9CC0A957
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3232203d3e203437353833.roa
Signing time:             Mon 06 Nov 2023 17:37:28 +0000
ROA not before:           Mon 06 Nov 2023 17:32:28 +0000
ROA not after:            Mon 04 Nov 2024 17:37:28 +0000
asID:                     47583
IP address blocks:        195.35.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:67:5d:c5:a6:a9:d5:a4:cc:07:f5:af:ca:fc:03:2e:9c:c0:a9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  6 17:32:28 2023 GMT
            Not After : Nov  4 17:37:28 2024 GMT
        Subject: CN=DA35A439098D9DCD24DCADC435BD838A31C5654A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:69:c6:c2:96:07:ef:af:fc:61:4b:d5:06:
                    96:8f:35:12:a2:e8:b2:55:a2:e9:5f:b9:23:60:f8:
                    84:7d:9c:ad:f9:4d:04:51:27:08:b9:1a:c3:9a:95:
                    6c:6d:4e:38:c5:c4:4f:26:3b:7d:4a:b6:37:50:0f:
                    ea:d4:c9:44:f8:a1:09:39:40:e6:18:ed:a6:96:e4:
                    43:f4:1c:7e:4e:ee:40:63:a3:4d:b2:75:a7:8c:5d:
                    eb:e8:d1:4e:9a:99:f1:00:38:50:be:8f:02:e8:31:
                    fb:66:f5:e2:30:86:4f:33:1c:ff:e8:c1:0f:93:30:
                    e6:e6:97:94:20:c5:90:e3:d4:5b:f7:0b:01:df:9a:
                    4a:40:c9:1b:2e:74:d7:9b:0e:eb:60:12:28:59:64:
                    61:aa:d1:5a:5e:db:1e:9e:93:b5:1b:e3:4c:0e:25:
                    db:42:18:8d:ea:9f:15:0d:16:46:e9:5b:84:72:ff:
                    90:9d:ab:31:a6:e5:e1:73:c9:4c:db:66:3d:02:66:
                    ee:e5:22:2c:2d:e0:75:76:a5:9a:23:c6:8d:fa:2b:
                    ea:7d:a4:f7:cb:59:a4:13:cf:ec:5c:eb:17:4b:66:
                    b0:0c:02:14:93:ba:5a:87:b9:02:23:52:d2:55:75:
                    c0:51:c4:89:2c:9d:29:9e:74:18:75:72:14:ae:0e:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:35:A4:39:09:8D:9D:CD:24:DC:AD:C4:35:BD:83:8A:31:C5:65:4A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3232203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:06:86:4e:3e:88:a2:e6:bb:5d:11:85:51:bf:2e:62:ce:ab:
         42:8b:08:a6:14:54:c5:1a:6a:a2:54:4a:5c:aa:7e:c3:b0:be:
         2f:e7:19:81:7b:c9:de:a1:cc:6d:97:79:2e:c0:1a:14:15:cd:
         bb:67:69:ff:19:93:cc:08:b3:43:16:fd:fb:d2:cf:b4:fb:5f:
         26:8c:3e:e0:c6:91:2a:a7:22:67:e6:54:64:10:ac:1f:d3:24:
         b0:ed:81:7f:da:d6:72:d0:c1:14:7a:8b:6a:ed:99:ec:fd:e6:
         2e:f8:80:65:b9:81:41:92:dc:4f:11:12:16:94:85:05:51:48:
         19:95:91:20:34:bb:c7:12:78:2f:c3:06:c7:c1:b9:22:49:fd:
         05:86:b0:8a:0b:02:07:49:e9:ce:34:86:31:ae:bb:46:ff:06:
         1e:eb:4d:aa:0a:91:f9:5c:bc:33:97:0e:12:60:19:dd:d5:6e:
         cd:ad:d4:7a:f6:3e:e0:e1:9a:cc:f7:e4:5b:81:50:dc:3e:72:
         97:d2:39:e8:09:76:e1:50:80:6e:53:d8:f3:01:63:2d:b6:a9:
         b7:3e:e6:4b:7b:a4:9e:1c:c5:87:d8:e2:ad:60:bf:d7:f6:fe:
         c4:4b:41:79:c7:35:a3:d8:c8:f6:1b:32:a7:31:22:05:f0:da:
         60:82:ba:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEGddxaap1aTMB/WvyvwDLpzAqVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzExMDYxNzMyMjhaFw0yNDExMDQxNzM3MjhaMDMxMTAvBgNV
BAMTKERBMzVBNDM5MDk4RDlEQ0QyNERDQURDNDM1QkQ4MzhBMzFDNTY1NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIfmnGwpYH76/8YUvVBpaPNRKi
6LJVoulfuSNg+IR9nK35TQRRJwi5GsOalWxtTjjFxE8mO31KtjdQD+rUyUT4oQk5
QOYY7aaW5EP0HH5O7kBjo02ydaeMXevo0U6amfEAOFC+jwLoMftm9eIwhk8zHP/o
wQ+TMObml5QgxZDj1Fv3CwHfmkpAyRsudNebDutgEihZZGGq0Vpe2x6ek7Ub40wO
JdtCGI3qnxUNFkbpW4Ry/5CdqzGm5eFzyUzbZj0CZu7lIiwt4HV2pZojxo36K+p9
pPfLWaQTz+xc6xdLZrAMAhSTulqHuQIjUtJVdcBRxIksnSmedBh1chSuDikTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2jWkOQmNnc0k3K3ENb2DijHFZUowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjM0
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
GDANBgkqhkiG9w0BAQsFAAOCAQEAYAaGTj6Ioua7XRGFUb8uYs6rQosIphRUxRpq
olRKXKp+w7C+L+cZgXvJ3qHMbZd5LsAaFBXNu2dp/xmTzAizQxb9+9LPtPtfJow+
4MaRKqciZ+ZUZBCsH9MksO2Bf9rWctDBFHqLau2Z7P3mLviAZbmBQZLcTxESFpSF
BVFIGZWRIDS7xxJ4L8MGx8G5Ikn9BYawigsCB0npzjSGMa67Rv8GHutNqgqR+Vy8
M5cOEmAZ3dVuza3UevY+4OGazPfkW4FQ3D5yl9I56Al24VCAblPY8wFjLbaptz7m
S3uknhzFh9jirWC/1/b+xEtBecc1o9jI9hsypzEiBfDaYIK68w==
-----END CERTIFICATE-----