Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          wCvrbsU2GrU9EfftV4mNjELsRcYXjwW00ZCUZAHOnXA=
Subject key identifier:   98:5B:3A:3D:E8:16:58:B8:94:3C:3F:54:61:F5:4D:B6:C7:1B:FB:25
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       46ED453CEE33FDAD767289EA9940F6FF6506C5FC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:10 +0000
ROA not before:           Thu 13 Jun 2024 10:36:10 +0000
ROA not after:            Thu 12 Jun 2025 10:41:10 +0000
asID:                     47583
IP address blocks:        195.35.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:ed:45:3c:ee:33:fd:ad:76:72:89:ea:99:40:f6:ff:65:06:c5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:10 2024 GMT
            Not After : Jun 12 10:41:10 2025 GMT
        Subject: CN=985B3A3DE81658B8943C3F5461F54DB6C71BFB25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6b:09:f1:41:60:a2:58:4c:53:03:08:8f:e5:
                    29:ec:e1:69:2d:0a:f1:cc:09:6a:6d:30:2c:06:1a:
                    0d:02:b2:a6:dd:f3:1f:c1:d4:b2:86:d8:e9:9e:0a:
                    da:94:a5:14:8f:24:5c:b9:33:9f:28:68:5c:8c:14:
                    f9:6f:c7:67:d7:96:b3:a3:86:10:da:d4:e8:d9:dd:
                    18:bc:f9:6f:fe:43:bc:c0:45:1a:ab:0f:b1:25:5f:
                    f6:0f:d7:44:6e:18:e4:0c:8b:fe:54:2d:87:85:b9:
                    b6:05:b1:00:02:7c:ca:94:a3:36:a2:af:22:00:23:
                    70:a5:42:85:26:21:94:73:5f:4b:0d:3d:d0:39:89:
                    a8:64:25:34:59:23:15:8c:d7:63:a3:35:99:14:8e:
                    d3:c9:88:48:0d:46:f2:88:21:b4:52:03:9e:e3:4d:
                    49:c6:e4:ec:49:1c:85:b9:fd:26:13:a5:3b:d4:f0:
                    6d:ff:50:86:61:2e:80:66:00:b7:51:60:af:49:5c:
                    7d:bf:77:c8:35:03:57:f3:7b:73:44:fa:23:9a:d4:
                    fe:dc:d1:e0:9d:28:32:0b:b9:18:2b:fd:21:03:93:
                    58:78:c8:c8:e5:d6:34:b4:fb:27:da:fc:1f:80:f8:
                    a3:fb:17:ee:2b:ae:fc:b6:da:d0:7d:c0:c3:d5:17:
                    05:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5B:3A:3D:E8:16:58:B8:94:3C:3F:54:61:F5:4D:B6:C7:1B:FB:25
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:46:fb:0b:c2:80:d3:76:a2:0e:d7:da:1c:f6:47:b4:21:b1:
         b5:00:ee:68:b8:12:70:38:8f:46:91:78:73:9d:91:88:26:ef:
         2b:3a:31:1f:7a:36:c5:a6:da:31:92:34:d7:c9:13:51:47:2a:
         64:52:91:8f:2b:c4:ea:64:9c:c5:ea:9b:e7:d5:57:70:71:0f:
         02:c4:83:04:f8:02:a8:22:0a:20:bb:16:cd:cb:c0:35:75:38:
         82:d8:62:df:72:4b:5c:92:c8:ef:a9:a5:74:44:26:9b:a2:60:
         86:c0:00:bb:a1:9e:2a:3b:fc:02:23:3e:20:b0:6e:8a:5a:ec:
         8f:b0:a2:07:34:dc:c2:37:bd:c2:4c:ba:49:d7:9d:07:e7:53:
         79:a7:54:44:9d:f7:d8:de:f2:a4:b7:c3:fe:6a:ab:76:e2:ec:
         12:7e:54:c3:33:99:40:56:47:0c:ca:b1:e5:56:d1:b3:3c:a6:
         44:6b:f4:29:01:70:e4:47:28:01:1b:2a:d0:e1:d6:f9:9e:55:
         b1:71:f3:cd:c0:34:a8:c3:be:71:77:7c:0a:ab:fe:db:a8:81:
         2f:a2:d2:01:70:0d:60:20:6b:f7:54:62:61:ff:e4:1b:08:9f:
         ba:60:55:ac:2c:ac:0b:32:f3:b7:72:94:a9:ad:34:8c:3d:e0:
         5d:3b:53:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURu1FPO4z/a12conqmUD2/2UGxfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MTBaFw0yNTA2MTIxMDQxMTBaMDMxMTAvBgNV
BAMTKDk4NUIzQTNERTgxNjU4Qjg5NDNDM0Y1NDYxRjU0REI2QzcxQkZCMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPawnxQWCiWExTAwiP5Sns4Wkt
CvHMCWptMCwGGg0Csqbd8x/B1LKG2OmeCtqUpRSPJFy5M58oaFyMFPlvx2fXlrOj
hhDa1OjZ3Ri8+W/+Q7zARRqrD7ElX/YP10RuGOQMi/5ULYeFubYFsQACfMqUozai
ryIAI3ClQoUmIZRzX0sNPdA5iahkJTRZIxWM12OjNZkUjtPJiEgNRvKIIbRSA57j
TUnG5OxJHIW5/SYTpTvU8G3/UIZhLoBmALdRYK9JXH2/d8g1A1fze3NE+iOa1P7c
0eCdKDILuRgr/SEDk1h4yMjl1jS0+yfa/B+A+KP7F+4rrvy22tB9wMPVFwVvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmFs6PegWWLiUPD9UYfVNtscb+yUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
GDANBgkqhkiG9w0BAQsFAAOCAQEAPkb7C8KA03aiDtfaHPZHtCGxtQDuaLgScDiP
RpF4c52RiCbvKzoxH3o2xabaMZI018kTUUcqZFKRjyvE6mScxeqb59VXcHEPAsSD
BPgCqCIKILsWzcvANXU4gthi33JLXJLI76mldEQmm6JghsAAu6GeKjv8AiM+ILBu
ilrsj7CiBzTcwje9wky6SdedB+dTeadURJ332N7ypLfD/mqrduLsEn5UwzOZQFZH
DMqx5VbRszymRGv0KQFw5EcoARsq0OHW+Z5VsXHzzcA0qMO+cXd8Cqv+26iBL6LS
AXANYCBr91RiYf/kGwifumBVrCysCzLzt3KUqa00jD3gXTtTbQ==
-----END CERTIFICATE-----