Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa
File:                     3139352e33352e33322e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          b1ng09r9l+fTL0OurceuM/SRZP8BlwG+mYZWelsIDvM=
Subject key identifier:   88:97:98:61:9E:34:AE:DE:16:2B:F3:27:00:14:86:D6:9A:A9:18:0A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2CFE25C163F1D6CA5291AE308B9B40F79036F6DF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa
Signing time:             Mon 18 Sep 2023 14:29:34 +0000
ROA not before:           Mon 18 Sep 2023 14:24:34 +0000
ROA not after:            Mon 16 Sep 2024 14:29:34 +0000
asID:                     47583
IP address blocks:        195.35.32.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:fe:25:c1:63:f1:d6:ca:52:91:ae:30:8b:9b:40:f7:90:36:f6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 18 14:24:34 2023 GMT
            Not After : Sep 16 14:29:34 2024 GMT
        Subject: CN=889798619E34AEDE162BF327001486D69AA9180A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c1:e1:6c:23:b9:fc:34:0a:14:93:ef:f5:b5:
                    70:70:d6:f5:bf:46:72:0a:45:8b:8b:54:22:14:47:
                    8c:ad:ce:e3:ac:55:7c:c4:31:4e:6f:16:6c:01:8a:
                    75:47:ec:66:20:e9:95:54:74:59:0d:31:7e:e6:42:
                    fd:98:3c:d7:b0:71:0c:03:47:66:3d:54:d2:96:3a:
                    ec:db:15:d0:08:36:df:58:d2:b1:0a:a6:71:ef:a9:
                    3d:4e:31:a7:62:14:bb:d7:7f:7e:17:63:c7:b6:c6:
                    1f:cf:e1:34:70:d1:18:08:8a:7f:6e:7c:cf:ec:b4:
                    cc:0c:c9:8d:94:15:14:d5:30:96:bb:e2:0c:24:35:
                    24:23:da:ff:52:fd:de:30:28:f4:02:06:09:c3:fe:
                    c4:7a:50:01:d9:8f:2f:ba:1e:4e:89:38:40:16:c5:
                    64:fa:7c:e8:83:43:34:83:9e:27:0e:df:9e:84:b7:
                    ab:3f:e5:f2:17:23:b2:d1:a4:74:12:34:00:86:28:
                    c9:d8:62:dd:40:c2:f0:28:a8:68:11:17:5a:11:08:
                    f5:9b:ed:6c:58:18:4a:68:73:ec:bb:7f:88:69:a4:
                    8d:fe:e9:6c:16:92:bd:f5:d2:b8:88:93:9a:26:d6:
                    4c:64:bf:d4:16:b9:06:92:94:6e:db:64:d4:16:7a:
                    68:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:97:98:61:9E:34:AE:DE:16:2B:F3:27:00:14:86:D6:9A:A9:18:0A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:e5:d9:4e:03:32:44:01:24:65:1a:30:c3:be:97:ac:63:ae:
         c8:24:af:b6:23:ea:9b:5a:66:fc:2e:5e:17:b6:d8:11:b6:33:
         80:4e:42:e1:96:f1:bf:b7:0b:bf:33:e6:28:56:da:10:22:ba:
         61:55:9a:01:07:5b:fc:db:ba:c6:0a:6b:1a:4e:4d:85:93:b9:
         53:ca:3f:85:6d:d9:cd:5c:c1:3a:ac:36:ed:16:36:b6:29:ef:
         42:7f:2b:9a:93:18:84:83:6a:61:15:50:0c:15:85:58:ff:d5:
         27:b6:17:f4:94:6d:c7:44:8c:98:47:50:e6:d8:68:d2:5b:63:
         a5:e8:b5:ad:c3:c8:37:0f:59:73:f0:da:e7:37:eb:2b:b7:32:
         fe:0f:7b:c1:bf:42:20:c5:23:74:fd:46:1a:ec:1c:78:d8:f9:
         15:21:0e:47:22:d8:5e:45:d7:27:29:8c:d9:48:6a:59:53:e3:
         70:f0:d0:22:b2:f4:16:2a:85:a4:e8:d6:8e:ba:2f:5f:cf:1c:
         5b:ce:5b:10:ae:1b:c2:0a:80:f8:00:a1:08:f8:08:16:49:5e:
         31:df:b6:c2:f0:05:eb:e3:2f:15:8a:c5:77:e1:3a:e2:f8:44:
         63:1e:97:57:fb:82:14:c6:03:3c:25:7b:49:3b:23:84:8a:93:
         ba:39:19:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULP4lwWPx1spSka4wi5tA95A29t8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTgxNDI0MzRaFw0yNDA5MTYxNDI5MzRaMDMxMTAvBgNV
BAMTKDg4OTc5ODYxOUUzNEFFREUxNjJCRjMyNzAwMTQ4NkQ2OUFBOTE4MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9weFsI7n8NAoUk+/1tXBw1vW/
RnIKRYuLVCIUR4ytzuOsVXzEMU5vFmwBinVH7GYg6ZVUdFkNMX7mQv2YPNewcQwD
R2Y9VNKWOuzbFdAINt9Y0rEKpnHvqT1OMadiFLvXf34XY8e2xh/P4TRw0RgIin9u
fM/stMwMyY2UFRTVMJa74gwkNSQj2v9S/d4wKPQCBgnD/sR6UAHZjy+6Hk6JOEAW
xWT6fOiDQzSDnicO356Et6s/5fIXI7LRpHQSNACGKMnYYt1AwvAoqGgRF1oRCPWb
7WxYGEpoc+y7f4hppI3+6WwWkr310riIk5om1kxkv9QWuQaSlG7bZNQWemi7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiJeYYZ40rt4WK/MnABSG1pqpGAowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMzMy
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8Mj
IDANBgkqhkiG9w0BAQsFAAOCAQEANeXZTgMyRAEkZRoww76XrGOuyCSvtiPqm1pm
/C5eF7bYEbYzgE5C4Zbxv7cLvzPmKFbaECK6YVWaAQdb/Nu6xgprGk5NhZO5U8o/
hW3ZzVzBOqw27RY2tinvQn8rmpMYhINqYRVQDBWFWP/VJ7YX9JRtx0SMmEdQ5tho
0ltjpei1rcPINw9Zc/Da5zfrK7cy/g97wb9CIMUjdP1GGuwceNj5FSEORyLYXkXX
JymM2UhqWVPjcPDQIrL0FiqFpOjWjrovX88cW85bEK4bwgqA+AChCPgIFkleMd+2
wvAF6+MvFYrFd+E64vhEYx6XV/uCFMYDPCV7STsjhIqTujkZMA==
-----END CERTIFICATE-----