Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          DMPfb/A30dD9lnDt9LVrLmEnq3ZRjFQ5VyGC5VJqF4g=
Subject key identifier:   2B:0A:6F:59:50:CE:53:69:EB:AB:03:CD:D2:DC:D3:1B:67:47:FE:38
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4309498DAB8343BACEF5AA8932AE27A81D089D56
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:17 +0000
ROA not before:           Thu 15 May 2025 10:41:17 +0000
ROA not after:            Thu 14 May 2026 10:46:17 +0000
asID:                     47583
IP address blocks:        195.35.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:09:49:8d:ab:83:43:ba:ce:f5:aa:89:32:ae:27:a8:1d:08:9d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:17 2025 GMT
            Not After : May 14 10:46:17 2026 GMT
        Subject: CN=2B0A6F5950CE5369EBAB03CDD2DCD31B6747FE38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b0:ac:71:a6:c7:b0:04:ce:b6:47:a2:19:f4:
                    cc:0a:1f:09:90:04:15:67:7e:24:8c:67:77:01:a6:
                    37:20:0d:ec:61:db:e1:28:7f:b0:41:f2:24:58:f4:
                    39:53:cd:2a:1c:17:2f:1d:24:aa:f5:98:fd:7e:8f:
                    8a:2f:87:85:5a:1d:f1:e1:00:9a:9c:ad:2d:ca:f1:
                    2b:11:a5:dc:86:b2:ba:82:42:5f:c2:6b:43:8f:1d:
                    17:1f:9e:b9:b7:75:29:ed:e2:d4:e7:de:b2:27:a9:
                    bc:a0:7c:4e:f4:56:6a:54:05:dc:fd:7d:07:b4:e1:
                    f4:27:45:ab:e7:47:fa:60:5b:0e:bb:4b:ba:89:51:
                    3d:40:39:bb:bc:79:ea:10:27:83:bc:0d:e1:af:13:
                    5d:8b:05:d5:44:a2:6b:06:36:c0:fb:55:63:86:ee:
                    b6:8f:f5:34:39:a4:c3:c6:7b:7e:0f:eb:d9:09:df:
                    c2:8e:cf:27:0d:b1:1a:9b:48:66:ae:11:21:f3:4a:
                    40:6c:ab:c7:67:a1:4c:d5:54:6e:91:3d:d8:04:f8:
                    41:b5:bb:32:b7:90:51:2f:3e:e0:8f:bc:e0:b6:e0:
                    ce:20:bb:d9:80:76:58:d6:e8:39:c8:0f:8b:75:f5:
                    bb:ee:2b:3b:6b:cf:9c:16:82:4e:70:ee:c2:9c:b0:
                    72:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0A:6F:59:50:CE:53:69:EB:AB:03:CD:D2:DC:D3:1B:67:47:FE:38
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:64:19:c9:7e:87:1c:05:02:34:31:27:59:c7:09:26:a1:c5:
         ed:1b:fb:a1:85:b3:b6:03:f1:10:f0:d0:be:f2:84:3f:4c:94:
         b2:68:27:7c:a0:e9:0a:af:aa:c3:78:6f:69:bd:69:34:fb:fa:
         5a:ac:4d:87:0e:af:d9:31:04:1a:69:c4:71:16:cb:d4:59:bb:
         35:f6:a6:b8:ca:98:ee:f6:e7:7d:40:62:8d:3b:4e:18:dc:5c:
         8a:23:88:5a:be:35:4e:b3:86:51:3a:cf:a4:58:df:b3:b8:40:
         57:17:10:31:0e:82:56:69:ba:fc:75:6e:f6:50:f2:46:9f:96:
         e9:65:49:59:19:a2:85:e2:ed:66:93:2b:b0:ff:cc:1c:f6:0e:
         b5:e7:21:29:05:6b:3b:3b:d2:9d:98:77:53:46:6b:89:95:bf:
         99:2d:d9:a1:39:e0:c1:1f:03:3f:86:23:02:15:68:dc:4f:be:
         41:d8:f1:60:f4:58:d9:60:2c:25:39:81:9a:50:aa:9b:2e:35:
         97:17:5d:ac:86:a5:e0:af:5c:ce:8e:b8:bd:88:8f:d8:85:91:
         01:6d:60:8f:1a:0e:c9:2b:1f:82:eb:34:f4:e1:0f:f5:56:bf:
         ac:ef:e3:24:36:53:b7:28:1a:69:df:bf:47:c9:65:43:ab:bf:
         d1:f3:e1:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQwlJjauDQ7rO9aqJMq4nqB0InVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTdaFw0yNjA1MTQxMDQ2MTdaMDMxMTAvBgNV
BAMTKDJCMEE2RjU5NTBDRTUzNjlFQkFCMDNDREQyRENEMzFCNjc0N0ZFMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbsKxxpsewBM62R6IZ9MwKHwmQ
BBVnfiSMZ3cBpjcgDexh2+Eof7BB8iRY9DlTzSocFy8dJKr1mP1+j4ovh4VaHfHh
AJqcrS3K8SsRpdyGsrqCQl/Ca0OPHRcfnrm3dSnt4tTn3rInqbygfE70VmpUBdz9
fQe04fQnRavnR/pgWw67S7qJUT1AObu8eeoQJ4O8DeGvE12LBdVEomsGNsD7VWOG
7raP9TQ5pMPGe34P69kJ38KOzycNsRqbSGauESHzSkBsq8dnoUzVVG6RPdgE+EG1
uzK3kFEvPuCPvOC24M4gu9mAdljW6DnID4t19bvuKztrz5wWgk5w7sKcsHKbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKwpvWVDOU2nrqwPN0tzTG2dH/jgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
GDANBgkqhkiG9w0BAQsFAAOCAQEAbGQZyX6HHAUCNDEnWccJJqHF7Rv7oYWztgPx
EPDQvvKEP0yUsmgnfKDpCq+qw3hvab1pNPv6WqxNhw6v2TEEGmnEcRbL1Fm7Nfam
uMqY7vbnfUBijTtOGNxciiOIWr41TrOGUTrPpFjfs7hAVxcQMQ6CVmm6/HVu9lDy
Rp+W6WVJWRmiheLtZpMrsP/MHPYOtechKQVrOzvSnZh3U0ZriZW/mS3ZoTngwR8D
P4YjAhVo3E++QdjxYPRY2WAsJTmBmlCqmy41lxddrIal4K9czo64vYiP2IWRAW1g
jxoOySsfgus09OEP9Va/rO/jJDZTtygaad+/R8llQ6u/0fPh3g==
-----END CERTIFICATE-----