Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          sfdZquedm+UbBoV7JDElnyLrBrFF28xu5PcO4Gnf4ig=
Subject key identifier:   F2:AF:86:5D:41:6C:DD:43:42:C3:9B:54:08:72:30:EA:EA:04:A0:20
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       245AC547EF52310D9BCBF1A73667EA02621F7750
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        195.35.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:5a:c5:47:ef:52:31:0d:9b:cb:f1:a7:36:67:ea:02:62:1f:77:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=F2AF865D416CDD4342C39B54087230EAEA04A020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6c:ac:40:b0:d1:cc:c9:a0:9f:98:ba:bc:55:
                    e1:c9:e7:ea:97:1b:c2:36:26:1c:84:7f:4a:47:27:
                    9c:d9:e5:77:b0:58:ff:7a:9f:b6:50:52:b6:fd:be:
                    9b:d0:9f:c5:60:57:a7:e4:07:77:62:53:b3:ca:04:
                    3c:86:23:c4:e2:14:d0:1b:db:2e:ef:7f:61:b4:0d:
                    c5:5e:39:4c:4a:12:68:23:1a:34:13:c9:9b:af:42:
                    c1:6a:a0:5b:99:8c:5c:ad:45:dc:4e:0a:99:04:ee:
                    45:b6:c8:f4:db:96:da:b9:a2:07:15:23:4e:97:0a:
                    39:47:02:16:e2:cd:a6:21:67:13:64:25:dd:e6:e1:
                    2f:91:cb:2c:70:26:8c:5c:30:d1:2a:8c:8f:eb:66:
                    46:e2:9b:f3:f8:c5:64:12:87:16:43:e3:0c:76:a5:
                    03:85:b3:bb:05:29:6b:1c:be:8f:ec:f9:dd:ff:b4:
                    b8:b4:1f:fa:75:88:89:1e:22:34:b3:a7:2c:e3:59:
                    fd:7e:98:e6:06:c3:eb:05:49:c2:26:c6:53:b6:13:
                    c6:59:70:6c:be:84:4e:5b:74:b6:f9:2a:25:96:f3:
                    b2:12:d8:5b:1b:91:8e:b1:15:e4:24:7e:33:ee:cd:
                    2f:f0:58:48:99:89:6d:a8:08:36:e3:18:d3:b9:8d:
                    91:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:AF:86:5D:41:6C:DD:43:42:C3:9B:54:08:72:30:EA:EA:04:A0:20
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:65:b4:29:fa:07:59:9f:f5:8d:e0:67:65:56:8b:49:69:2d:
         94:60:29:e3:15:60:af:93:47:4c:e3:10:22:fe:07:5d:43:b2:
         34:23:27:1f:dd:64:b2:ff:d8:f1:80:c9:e8:5f:ae:19:0c:8b:
         b3:fe:4e:69:4f:6e:5f:7e:98:79:d4:60:4a:45:72:01:41:cf:
         ae:35:31:33:8e:47:ea:d3:2c:69:31:fd:73:d6:33:db:c0:d0:
         20:a4:97:9a:90:c3:95:40:e8:a6:cb:cb:2d:94:97:ca:81:57:
         1a:86:9b:c5:a9:5e:2a:b9:e9:ef:40:7e:fc:2c:3c:fd:88:37:
         de:ed:cf:31:c5:b5:8e:86:06:85:f5:6b:fb:12:f9:1a:eb:ea:
         3d:70:b1:51:ee:ca:8c:0f:c5:48:7c:be:36:44:33:0e:31:9f:
         f7:fa:be:8a:16:1b:4b:75:cc:f7:6c:09:c1:8c:9f:2c:f8:17:
         3f:f1:8b:d5:28:e9:ed:43:9f:c3:52:75:1d:af:fe:fa:94:27:
         6a:b2:34:a6:58:1a:ec:5b:c7:eb:0a:11:19:5c:84:46:62:41:
         8e:a3:dc:9c:32:26:79:ab:54:3f:99:5c:82:ff:34:2a:c5:82:
         ac:f6:45:98:dd:7f:07:d6:fb:e3:07:cd:6d:d6:a2:4e:18:3f:
         3d:41:90:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJFrFR+9SMQ2by/GnNmfqAmIfd1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKEYyQUY4NjVENDE2Q0RENDM0MkMzOUI1NDA4NzIzMEVBRUEwNEEwMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDabKxAsNHMyaCfmLq8VeHJ5+qX
G8I2JhyEf0pHJ5zZ5XewWP96n7ZQUrb9vpvQn8VgV6fkB3diU7PKBDyGI8TiFNAb
2y7vf2G0DcVeOUxKEmgjGjQTyZuvQsFqoFuZjFytRdxOCpkE7kW2yPTbltq5ogcV
I06XCjlHAhbizaYhZxNkJd3m4S+RyyxwJoxcMNEqjI/rZkbim/P4xWQShxZD4wx2
pQOFs7sFKWscvo/s+d3/tLi0H/p1iIkeIjSzpyzjWf1+mOYGw+sFScImxlO2E8ZZ
cGy+hE5bdLb5KiWW87IS2FsbkY6xFeQkfjPuzS/wWEiZiW2oCDbjGNO5jZEfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8q+GXUFs3UNCw5tUCHIw6uoEoCAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
LDANBgkqhkiG9w0BAQsFAAOCAQEAV2W0KfoHWZ/1jeBnZVaLSWktlGAp4xVgr5NH
TOMQIv4HXUOyNCMnH91ksv/Y8YDJ6F+uGQyLs/5OaU9uX36YedRgSkVyAUHPrjUx
M45H6tMsaTH9c9Yz28DQIKSXmpDDlUDopsvLLZSXyoFXGoabxaleKrnp70B+/Cw8
/Yg33u3PMcW1joYGhfVr+xL5GuvqPXCxUe7KjA/FSHy+NkQzDjGf9/q+ihYbS3XM
92wJwYyfLPgXP/GL1Sjp7UOfw1J1Ha/++pQnarI0plga7FvH6woRGVyERmJBjqPc
nDImeatUP5lcgv80KsWCrPZFmN1/B9b74wfNbdaiThg/PUGQNQ==
-----END CERTIFICATE-----