Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          cfGehBrP/2lSvxRTJ7MHA+qlkRcrUDzxTVV3ZsG5qYc=
Subject key identifier:   5A:7B:25:53:A1:2E:80:0C:FE:CF:58:95:D7:E4:C3:4A:F8:AB:79:86
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4AA08DD76A32924A102F6D3BD383E8D8406882D3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:17 +0000
ROA not before:           Thu 15 May 2025 10:41:17 +0000
ROA not after:            Thu 14 May 2026 10:46:17 +0000
asID:                     47583
IP address blocks:        195.35.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:a0:8d:d7:6a:32:92:4a:10:2f:6d:3b:d3:83:e8:d8:40:68:82:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:17 2025 GMT
            Not After : May 14 10:46:17 2026 GMT
        Subject: CN=5A7B2553A12E800CFECF5895D7E4C34AF8AB7986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:70:ff:10:13:96:bf:cf:23:e4:6e:45:9b:2c:
                    f2:de:fa:81:0e:39:d0:70:0f:ff:7e:dc:08:47:19:
                    95:83:6d:d8:c9:4e:55:05:70:69:16:11:28:22:c5:
                    24:78:69:04:82:c6:06:b6:83:8c:6c:8f:37:22:2c:
                    87:57:01:68:ba:b0:e6:52:d1:07:34:86:d1:a9:04:
                    28:d3:40:fc:9b:44:78:f6:71:4c:2b:87:22:91:68:
                    d8:fb:70:8e:34:9e:1d:2a:46:e5:4b:51:5e:41:1f:
                    fb:68:da:69:3f:33:2b:21:14:c0:5b:f2:33:76:d8:
                    7b:2b:12:fc:46:e7:91:c9:b8:39:04:b8:98:5e:6e:
                    4d:79:fe:96:1d:97:3e:44:9f:51:e8:ae:3a:a3:7d:
                    ca:6f:7d:75:45:b5:7d:06:fa:3b:8f:e6:08:04:a3:
                    a1:cb:9e:89:39:56:0b:58:10:c0:7b:fd:e9:6a:a1:
                    05:c6:5b:42:2c:a7:ed:2e:ba:73:2a:4e:35:35:2c:
                    e5:90:2d:a4:4f:3f:80:4d:b2:dc:84:cd:75:56:5f:
                    4e:32:4b:5a:a8:ab:15:ee:aa:92:b1:11:76:e2:df:
                    c1:4a:45:d2:54:8b:4f:21:f7:9d:29:15:63:b0:03:
                    73:24:ff:13:1a:a9:f2:60:ae:74:be:88:4b:f1:71:
                    89:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:7B:25:53:A1:2E:80:0C:FE:CF:58:95:D7:E4:C3:4A:F8:AB:79:86
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:ab:3f:99:6d:a7:a0:b3:79:40:cd:10:57:db:52:dc:c4:19:
         37:77:8f:24:4d:19:8d:7a:38:90:cf:6c:a0:ef:8f:67:1a:ca:
         6d:53:62:c2:84:4f:59:ff:6c:ad:bf:f4:73:e3:ff:bb:ae:ed:
         5f:0f:01:0c:72:4d:28:c9:16:7b:a3:d1:a6:76:df:6c:75:85:
         e2:e3:df:c2:fa:a5:e4:49:66:71:66:a1:00:1c:a7:71:e4:5c:
         60:95:bd:90:46:b8:e0:06:b8:d1:be:33:0a:9e:c6:9b:a3:eb:
         42:20:bb:d7:c4:6e:0e:2d:df:42:52:4f:b1:b5:e0:68:da:fc:
         6b:09:6a:bf:95:fa:19:3b:ec:a4:92:5f:fb:fc:4a:96:4a:dd:
         ac:20:31:a6:55:7b:cb:7e:8b:59:1e:0e:10:e6:9b:07:b7:32:
         da:bb:a4:f9:e3:26:0d:50:c3:81:15:cc:08:a8:46:e0:ef:29:
         99:4d:65:e9:ce:f5:85:6a:16:3f:ee:16:e9:0c:7c:3f:22:7f:
         8c:5e:68:49:3d:8a:35:0b:be:7b:17:b7:52:b2:36:69:6f:6e:
         91:29:a3:93:d6:83:47:cb:4d:39:c2:64:e7:bb:0b:b5:9f:9d:
         b6:84:89:ba:f3:ef:d3:bd:6a:38:c3:4f:9e:d2:47:9d:3d:d3:
         23:68:64:f5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSqCN12oykkoQL20704Po2EBogtMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTdaFw0yNjA1MTQxMDQ2MTdaMDMxMTAvBgNV
BAMTKDVBN0IyNTUzQTEyRTgwMENGRUNGNTg5NUQ3RTRDMzRBRjhBQjc5ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkcP8QE5a/zyPkbkWbLPLe+oEO
OdBwD/9+3AhHGZWDbdjJTlUFcGkWESgixSR4aQSCxga2g4xsjzciLIdXAWi6sOZS
0Qc0htGpBCjTQPybRHj2cUwrhyKRaNj7cI40nh0qRuVLUV5BH/to2mk/MyshFMBb
8jN22HsrEvxG55HJuDkEuJhebk15/pYdlz5En1HorjqjfcpvfXVFtX0G+juP5ggE
o6HLnok5VgtYEMB7/elqoQXGW0Isp+0uunMqTjU1LOWQLaRPP4BNstyEzXVWX04y
S1qoqxXuqpKxEXbi38FKRdJUi08h950pFWOwA3Mk/xMaqfJgrnS+iEvxcYmlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWnslU6EugAz+z1iV1+TDSvireYYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALDIwQw
DQYJKoZIhvcNAQELBQADggEBAGurP5ltp6CzeUDNEFfbUtzEGTd3jyRNGY16OJDP
bKDvj2caym1TYsKET1n/bK2/9HPj/7uu7V8PAQxyTSjJFnuj0aZ232x1heLj38L6
peRJZnFmoQAcp3HkXGCVvZBGuOAGuNG+Mwqexpuj60Igu9fEbg4t30JST7G14Gja
/GsJar+V+hk77KSSX/v8SpZK3awgMaZVe8t+i1keDhDmmwe3Mtq7pPnjJg1Qw4EV
zAioRuDvKZlNZenO9YVqFj/uFukMfD8if4xeaEk9ijULvnsXt1KyNmlvbpEpo5PW
g0fLTTnCZOe7C7WfnbaEibrz79O9ajjDT57SR5090yNoZPU=
-----END CERTIFICATE-----