Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          fEWaduXiQAF0cUVq5hG77UOYMrNXAr4ZEhNaxGLi++Q=
Subject key identifier:   FE:15:30:C7:84:87:08:BE:E4:BA:11:C3:3F:3E:15:08:12:66:F4:0C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       55C49D85B4A1BCD38AA569084B85D5FE0E249B25
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:11 +0000
ROA not before:           Thu 13 Jun 2024 10:36:11 +0000
ROA not after:            Thu 12 Jun 2025 10:41:11 +0000
asID:                     47583
IP address blocks:        195.35.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c4:9d:85:b4:a1:bc:d3:8a:a5:69:08:4b:85:d5:fe:0e:24:9b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:11 2024 GMT
            Not After : Jun 12 10:41:11 2025 GMT
        Subject: CN=FE1530C7848708BEE4BA11C33F3E15081266F40C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:86:65:0e:28:28:29:02:67:a9:a4:b2:46:59:
                    fc:61:d5:53:8e:15:cf:9d:21:ab:44:59:54:e4:d7:
                    fd:38:ad:cc:43:da:aa:e7:dd:e4:14:b5:1b:37:c6:
                    36:f5:82:ed:fd:2f:d4:0a:1a:d2:6d:7e:b9:70:76:
                    2a:5b:9a:33:c1:6c:f3:e2:4b:3a:19:a2:b7:7c:eb:
                    ec:c6:e5:48:4a:c7:2c:0f:9f:16:1d:7b:8a:e5:02:
                    b1:d3:ca:db:27:fb:21:94:0d:e1:f8:ec:50:d2:d6:
                    50:a1:be:b3:af:20:0a:0f:b2:ca:dd:6e:d7:41:30:
                    3e:86:4d:a6:0d:bc:de:af:7f:07:82:08:d8:54:59:
                    cd:b2:04:b6:e8:28:f6:0a:91:3e:1e:50:46:e6:9e:
                    6e:47:5e:21:d2:68:7a:b3:15:c3:3a:27:41:3b:80:
                    41:30:d2:f6:9d:b1:25:16:64:48:56:93:4e:44:1c:
                    39:cf:b1:54:0a:a5:21:7b:cc:7d:f4:c2:a0:b6:17:
                    dd:61:af:bd:db:8e:02:0e:b6:8f:56:7a:31:6d:39:
                    bd:e2:4a:4f:6f:70:82:fa:d0:4f:65:fd:cf:e4:cc:
                    ca:4c:84:09:8f:9f:67:e5:ea:10:d8:3a:a4:9c:83:
                    5b:a1:47:2d:f6:eb:bd:56:63:62:ff:1e:81:8a:60:
                    9f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:15:30:C7:84:87:08:BE:E4:BA:11:C3:3F:3E:15:08:12:66:F4:0C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:be:cf:81:d5:f2:c7:51:aa:9a:80:87:95:8f:4f:b5:4e:67:
         a2:b0:c5:9e:34:06:5a:cf:0f:3d:12:96:93:44:59:58:5b:d1:
         01:c4:1d:78:06:ee:b0:a1:73:5d:b6:78:ef:82:e6:fd:85:92:
         9f:3c:d7:3c:d4:d2:9c:0e:c6:81:e2:07:4b:0f:80:e3:f7:3c:
         cb:a4:c7:8a:43:e9:67:0b:73:96:c3:9f:3e:3f:3b:e4:23:c4:
         1b:79:00:40:60:ae:b0:d8:59:d8:a8:4b:c9:ee:f9:b5:dc:5a:
         ec:21:b9:d9:55:57:71:41:7c:45:98:8b:bc:57:8c:40:6e:a4:
         ab:8d:b8:e9:db:be:61:2a:b5:80:93:aa:fe:34:4d:5d:f6:20:
         a2:7a:f8:27:38:1e:42:45:8f:7c:6a:a7:6b:59:6e:02:bd:44:
         57:ca:31:06:69:78:34:89:3e:37:c2:53:af:cd:a5:d0:1b:d3:
         2f:69:69:24:0e:cb:51:27:4b:d4:0c:9e:ff:53:f8:bd:f9:a0:
         24:77:e4:c5:7c:bc:b5:f2:75:95:46:a4:94:87:35:86:93:7b:
         73:f1:17:7b:32:01:f7:b2:2e:d7:a1:25:34:2d:bb:03:76:77:
         51:b4:66:29:d5:18:4f:2d:b4:90:63:0c:e4:fa:8a:67:e3:96:
         68:83:1e:dc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVcSdhbShvNOKpWkIS4XV/g4kmyUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MTFaFw0yNTA2MTIxMDQxMTFaMDMxMTAvBgNV
BAMTKEZFMTUzMEM3ODQ4NzA4QkVFNEJBMTFDMzNGM0UxNTA4MTI2NkY0MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5hmUOKCgpAmeppLJGWfxh1VOO
Fc+dIatEWVTk1/04rcxD2qrn3eQUtRs3xjb1gu39L9QKGtJtfrlwdipbmjPBbPPi
SzoZord86+zG5UhKxywPnxYde4rlArHTytsn+yGUDeH47FDS1lChvrOvIAoPssrd
btdBMD6GTaYNvN6vfweCCNhUWc2yBLboKPYKkT4eUEbmnm5HXiHSaHqzFcM6J0E7
gEEw0vadsSUWZEhWk05EHDnPsVQKpSF7zH30wqC2F91hr73bjgIOto9WejFtOb3i
Sk9vcIL60E9l/c/kzMpMhAmPn2fl6hDYOqScg1uhRy32671WY2L/HoGKYJ89AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/hUwx4SHCL7kuhHDPz4VCBJm9AwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALDIwQw
DQYJKoZIhvcNAQELBQADggEBAKC+z4HV8sdRqpqAh5WPT7VOZ6KwxZ40BlrPDz0S
lpNEWVhb0QHEHXgG7rChc122eO+C5v2Fkp881zzU0pwOxoHiB0sPgOP3PMukx4pD
6WcLc5bDnz4/O+QjxBt5AEBgrrDYWdioS8nu+bXcWuwhudlVV3FBfEWYi7xXjEBu
pKuNuOnbvmEqtYCTqv40TV32IKJ6+Cc4HkJFj3xqp2tZbgK9RFfKMQZpeDSJPjfC
U6/NpdAb0y9paSQOy1EnS9QMnv9T+L35oCR35MV8vLXydZVGpJSHNYaTe3PxF3sy
AfeyLtehJTQtuwN2d1G0ZinVGE8ttJBjDOT6imfjlmiDHtw=
-----END CERTIFICATE-----