Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa
File:                     3139352e33352e33322e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          5WRd0JwQDkOwgnZup/vujIHRpTrcFjxmNQ9djAnTpNU=
Subject key identifier:   B2:49:7A:2E:1E:3C:02:1D:DB:49:98:6C:32:F1:5E:1A:3D:84:09:FC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       41CA23E5C498418A18842EACD8B0A75076FEDA1F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa
Signing time:             Mon 19 Aug 2024 15:04:41 +0000
ROA not before:           Mon 19 Aug 2024 14:59:41 +0000
ROA not after:            Mon 18 Aug 2025 15:04:41 +0000
asID:                     47583
IP address blocks:        195.35.32.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ca:23:e5:c4:98:41:8a:18:84:2e:ac:d8:b0:a7:50:76:fe:da:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 19 14:59:41 2024 GMT
            Not After : Aug 18 15:04:41 2025 GMT
        Subject: CN=B2497A2E1E3C021DDB49986C32F15E1A3D8409FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:74:01:c4:c9:b3:91:a1:94:bc:c8:ff:3d:
                    9d:8c:65:c6:6c:fc:3b:22:d7:b9:c1:91:93:de:5b:
                    9e:d6:78:40:18:11:69:fa:49:62:a1:80:fa:4a:4e:
                    3f:ec:93:3c:fa:fc:8b:1c:7b:7f:15:5e:76:a7:f6:
                    b1:65:45:e4:69:b4:8a:d6:ee:66:ea:10:e6:15:42:
                    d6:66:38:be:9b:73:af:e2:4a:ef:05:0b:aa:a3:2a:
                    28:34:72:11:ed:d3:5e:94:66:5d:2a:fd:94:eb:fe:
                    e3:57:34:fc:7f:c1:71:da:fb:63:1a:af:d0:1a:c5:
                    da:76:ee:a6:da:24:cf:26:c1:40:2e:96:d4:55:de:
                    cd:dd:05:d7:d1:35:5f:dc:8a:13:9d:45:a3:fb:ae:
                    78:d2:c4:42:60:a4:ab:17:8e:02:ba:9f:27:00:fc:
                    dc:dc:1e:14:ba:14:c0:f5:bb:45:9f:f2:ff:b3:10:
                    b0:f4:73:cb:fe:da:34:97:6a:ad:db:8c:a6:a5:9e:
                    53:ea:8a:46:79:27:47:dd:ce:e4:f1:da:21:01:4a:
                    82:53:d6:c7:b0:f6:20:f8:e7:f5:53:a6:30:6f:fd:
                    56:4a:bd:3c:87:9f:51:94:9d:a5:ca:40:29:25:40:
                    24:78:1d:4e:60:c0:6a:e8:1b:5f:99:19:37:04:a2:
                    0e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:49:7A:2E:1E:3C:02:1D:DB:49:98:6C:32:F1:5E:1A:3D:84:09:FC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e33322e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:5e:53:d8:fe:ba:6d:1c:82:d0:ec:00:ef:89:0f:33:97:1d:
         d0:42:08:65:20:06:bb:a4:8f:8e:c8:38:a8:0b:3b:31:73:3e:
         1e:e9:85:68:bb:f6:e3:43:ff:9c:24:c1:97:12:3a:57:4f:17:
         9c:cc:55:a9:de:ac:20:de:ab:c8:3b:d5:88:66:27:cc:01:30:
         23:30:95:b2:4c:cc:1d:31:8d:93:e4:e1:08:21:9a:38:51:7f:
         fe:ec:6f:82:8d:03:2d:b7:02:ec:88:d4:c1:06:31:5f:15:54:
         8d:a8:7e:16:cc:28:47:cd:e2:e7:a8:7c:0f:d1:65:e9:36:e2:
         9f:7d:03:73:4b:8b:fa:f5:bf:83:01:bb:e9:0d:50:87:81:45:
         97:cf:d4:ec:df:0d:3a:2f:a3:c2:4b:04:9c:d5:ff:f9:9c:9d:
         b7:3f:18:b2:87:86:db:20:ff:e6:b7:29:84:d0:13:7b:e3:35:
         4e:86:2a:7a:a9:6b:99:70:ce:19:85:15:71:20:f3:ab:30:8c:
         a1:3e:be:cb:f9:e0:e2:48:18:02:60:c8:7e:b1:d4:db:68:59:
         f0:5a:2f:d7:c6:31:f4:e9:56:3e:e8:0a:52:47:d3:3a:e8:45:
         1c:6a:52:c3:7d:e6:22:fc:74:26:d8:3c:74:b6:4a:a1:81:a7:
         96:47:5b:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQcoj5cSYQYoYhC6s2LCnUHb+2h8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTkxNDU5NDFaFw0yNTA4MTgxNTA0NDFaMDMxMTAvBgNV
BAMTKEIyNDk3QTJFMUUzQzAyMUREQjQ5OTg2QzMyRjE1RTFBM0Q4NDA5RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD/3QBxMmzkaGUvMj/PZ2MZcZs
/Dsi17nBkZPeW57WeEAYEWn6SWKhgPpKTj/skzz6/Isce38VXnan9rFlReRptIrW
7mbqEOYVQtZmOL6bc6/iSu8FC6qjKig0chHt016UZl0q/ZTr/uNXNPx/wXHa+2Ma
r9Aaxdp27qbaJM8mwUAultRV3s3dBdfRNV/cihOdRaP7rnjSxEJgpKsXjgK6nycA
/NzcHhS6FMD1u0Wf8v+zELD0c8v+2jSXaq3bjKalnlPqikZ5J0fdzuTx2iEBSoJT
1sew9iD45/VTpjBv/VZKvTyHn1GUnaXKQCklQCR4HU5gwGroG1+ZGTcEog5nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUskl6Lh48Ah3bSZhsMvFeGj2ECfwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMzMy
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8Mj
IDANBgkqhkiG9w0BAQsFAAOCAQEAX15T2P66bRyC0OwA74kPM5cd0EIIZSAGu6SP
jsg4qAs7MXM+HumFaLv240P/nCTBlxI6V08XnMxVqd6sIN6ryDvViGYnzAEwIzCV
skzMHTGNk+ThCCGaOFF//uxvgo0DLbcC7IjUwQYxXxVUjah+FswoR83i56h8D9Fl
6Tbin30Dc0uL+vW/gwG76Q1Qh4FFl8/U7N8NOi+jwksEnNX/+Zydtz8YsoeG2yD/
5rcphNATe+M1ToYqeqlrmXDOGYUVcSDzqzCMoT6+y/ng4kgYAmDIfrHU22hZ8Fov
18Yx9OlWPugKUkfTOuhFHGpSw33mIvx0Jtg8dLZKoYGnlkdbPA==
-----END CERTIFICATE-----