Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          ayA7JAKPN8w11mbOB/v3gYanoX+8tdk0tl20AFwxyr4=
Subject key identifier:   88:CD:82:E7:0E:87:CB:34:D4:3B:00:20:32:97:03:68:E4:DE:BB:1D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       28445B83A62A3D11FE2C8D4EB766FEC105A5C2DF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:12 +0000
ROA not before:           Thu 13 Jun 2024 10:36:12 +0000
ROA not after:            Thu 12 Jun 2025 10:41:12 +0000
asID:                     47583
IP address blocks:        195.35.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:44:5b:83:a6:2a:3d:11:fe:2c:8d:4e:b7:66:fe:c1:05:a5:c2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:12 2024 GMT
            Not After : Jun 12 10:41:12 2025 GMT
        Subject: CN=88CD82E70E87CB34D43B002032970368E4DEBB1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:59:04:b5:67:5d:f4:95:05:3a:d6:d7:62:
                    8e:bd:28:66:21:91:a2:75:53:af:3d:53:6d:23:0d:
                    6c:47:e1:70:ca:b2:72:93:99:65:75:97:18:0e:bd:
                    04:2a:aa:8b:be:2f:53:8c:b4:7c:e5:e8:e2:65:4f:
                    20:65:ea:1a:60:b9:98:84:44:0c:68:7c:8d:f7:1c:
                    60:8c:73:6e:05:53:2d:77:17:90:3e:5c:a9:db:09:
                    c3:cc:33:e9:d6:1a:76:70:17:94:97:b8:30:bd:82:
                    92:37:bb:1f:c3:64:46:4c:59:db:e6:04:18:37:30:
                    eb:87:48:3f:98:3a:7b:cb:b8:1f:e2:a2:a8:c3:e5:
                    aa:96:b3:41:c9:74:03:a4:8b:e8:e7:32:aa:7f:a1:
                    3c:f0:a0:16:48:e1:98:e0:91:2e:da:32:66:54:46:
                    34:3a:0f:3d:1e:a3:72:9b:af:90:74:1b:ad:76:06:
                    22:91:7e:fe:dd:4c:5b:7a:4e:53:17:e6:22:5e:79:
                    7c:cf:de:41:c8:1d:da:af:13:06:4c:24:fc:db:b3:
                    ac:ba:20:18:14:d1:ce:3f:99:3a:8a:2e:79:54:56:
                    69:77:f2:d0:f1:5b:34:a6:cb:ae:fd:11:7a:ab:9c:
                    9b:92:d2:59:29:c7:4e:40:04:9b:a9:d4:f8:10:da:
                    95:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:CD:82:E7:0E:87:CB:34:D4:3B:00:20:32:97:03:68:E4:DE:BB:1D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:29:84:49:a0:68:af:85:18:9d:39:a0:24:77:59:24:80:b6:
         87:08:64:dd:6f:93:5c:d8:c6:8b:17:34:d5:6d:63:4c:24:37:
         92:2a:ec:6e:cb:e7:d7:b8:a0:5b:fe:85:86:f7:09:5b:dc:16:
         f3:34:fd:31:4e:c4:c9:40:31:35:74:2a:84:06:8c:ef:68:ef:
         d5:66:29:5b:5e:67:75:2d:40:03:d1:7f:99:cf:96:d2:16:e6:
         b6:3f:d2:fa:35:2d:2e:62:4d:94:43:b5:bb:75:f3:f5:22:1b:
         a4:4a:b7:0d:dc:09:c5:ed:65:8e:f8:f2:97:69:80:2e:a9:4a:
         87:d9:c7:40:8b:5a:83:25:43:94:0b:27:ef:22:92:f5:f0:d4:
         fc:ee:8c:75:6f:12:33:57:e9:15:ac:c5:95:ee:d3:d5:80:a6:
         27:50:3c:d9:d6:29:c7:f1:a6:c5:af:5f:80:ef:9b:00:5e:17:
         dd:d6:03:a5:d6:69:a0:72:6d:73:de:7b:6a:6a:52:d5:fe:91:
         74:b2:6a:5a:4f:07:23:bd:70:98:d5:bc:8e:a2:4b:2c:1f:27:
         49:8c:2e:b8:2b:16:c3:cc:3a:f5:db:2f:d6:81:d4:d6:67:81:
         db:7a:f7:c1:42:9d:21:08:db:83:9c:87:18:81:8c:e4:42:db:
         3d:3a:b3:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKERbg6YqPRH+LI1Ot2b+wQWlwt8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MTJaFw0yNTA2MTIxMDQxMTJaMDMxMTAvBgNV
BAMTKDg4Q0Q4MkU3MEU4N0NCMzRENDNCMDAyMDMyOTcwMzY4RTRERUJCMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVJFkEtWdd9JUFOtbXYo69KGYh
kaJ1U689U20jDWxH4XDKsnKTmWV1lxgOvQQqqou+L1OMtHzl6OJlTyBl6hpguZiE
RAxofI33HGCMc24FUy13F5A+XKnbCcPMM+nWGnZwF5SXuDC9gpI3ux/DZEZMWdvm
BBg3MOuHSD+YOnvLuB/ioqjD5aqWs0HJdAOki+jnMqp/oTzwoBZI4ZjgkS7aMmZU
RjQ6Dz0eo3Kbr5B0G612BiKRfv7dTFt6TlMX5iJeeXzP3kHIHdqvEwZMJPzbs6y6
IBgU0c4/mTqKLnlUVml38tDxWzSmy679EXqrnJuS0lkpx05ABJup1PgQ2pVtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiM2C5w6HyzTUOwAgMpcDaOTeux0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
KDANBgkqhkiG9w0BAQsFAAOCAQEALimESaBor4UYnTmgJHdZJIC2hwhk3W+TXNjG
ixc01W1jTCQ3kirsbsvn17igW/6FhvcJW9wW8zT9MU7EyUAxNXQqhAaM72jv1WYp
W15ndS1AA9F/mc+W0hbmtj/S+jUtLmJNlEO1u3Xz9SIbpEq3DdwJxe1ljvjyl2mA
LqlKh9nHQItagyVDlAsn7yKS9fDU/O6MdW8SM1fpFazFle7T1YCmJ1A82dYpx/Gm
xa9fgO+bAF4X3dYDpdZpoHJtc957ampS1f6RdLJqWk8HI71wmNW8jqJLLB8nSYwu
uCsWw8w69dsv1oHU1meB23r3wUKdIQjbg5yHGIGM5ELbPTqzqQ==
-----END CERTIFICATE-----