Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          zCHTkt3EMp+VuYAqLe6aUfcbrIykSzdjmTUuF2Ca5B8=
Subject key identifier:   D2:6E:C2:1F:BB:2E:61:0D:7A:04:C6:C6:DD:C9:08:4F:86:C1:96:F0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1476259D0659DEFD9F58A56473D1A418ACDCC903
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:13 +0000
ROA not before:           Thu 13 Jun 2024 10:36:13 +0000
ROA not after:            Thu 12 Jun 2025 10:41:13 +0000
asID:                     47583
IP address blocks:        195.35.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:76:25:9d:06:59:de:fd:9f:58:a5:64:73:d1:a4:18:ac:dc:c9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:13 2024 GMT
            Not After : Jun 12 10:41:13 2025 GMT
        Subject: CN=D26EC21FBB2E610D7A04C6C6DDC9084F86C196F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:63:73:c5:ec:c4:c1:dd:2c:2b:d8:9f:a7:
                    ee:86:ca:75:9a:58:73:cb:5f:13:4c:7c:1c:92:4e:
                    7d:16:b3:37:c5:12:3e:bd:4f:0f:b6:e2:f5:02:c6:
                    a0:b7:f2:76:b3:2a:a0:0a:13:d7:0a:de:3d:a8:2a:
                    3e:00:2e:ad:41:48:7a:aa:7a:35:88:dd:97:e3:8e:
                    e5:ff:65:93:32:76:be:72:2a:99:b6:b4:a3:96:a7:
                    ad:53:8a:a1:81:09:b7:cf:b7:a5:54:c1:1e:c5:1f:
                    f0:20:2c:11:03:5a:81:3d:61:02:71:7a:f1:19:ec:
                    5b:05:71:61:8f:1b:3d:24:ab:6e:1b:a8:0f:be:e6:
                    02:b8:be:df:b4:22:96:54:59:19:ae:4e:89:cc:44:
                    11:a7:46:7e:33:5b:5f:83:a7:eb:4d:f3:4d:23:00:
                    7d:e4:90:b5:ca:fa:36:f3:44:a8:17:f7:a0:35:14:
                    1f:64:1e:aa:c0:fa:fc:d0:6e:1a:e3:de:85:2f:7e:
                    ef:7b:d2:1d:93:d2:88:43:2e:cf:d4:7f:1a:72:59:
                    db:fe:95:15:d3:59:60:e7:29:c5:69:7e:3b:53:1b:
                    ea:82:45:bb:e2:47:8e:7a:09:dd:75:3f:9e:16:f9:
                    ac:b4:2c:42:05:7c:ab:a0:b5:5c:94:0d:57:c5:5c:
                    36:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6E:C2:1F:BB:2E:61:0D:7A:04:C6:C6:DD:C9:08:4F:86:C1:96:F0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:84:fd:08:c2:16:fb:e1:f3:c5:90:7f:be:8d:c3:b8:00:8c:
         ea:ef:cd:90:f5:fb:1a:1b:aa:78:65:62:9c:eb:de:06:37:78:
         38:18:ea:f2:6f:ca:04:f4:1e:b1:a7:a5:50:2e:42:3a:50:8c:
         00:36:ba:5b:e8:6c:07:c6:7c:1d:ea:b2:1d:dd:1d:45:50:ed:
         0e:95:22:46:5d:b0:dc:95:77:c9:6e:bb:cf:a8:ea:e0:ca:35:
         e1:6e:de:1b:bd:43:70:69:94:41:e5:25:fd:ae:4f:e8:82:c6:
         7f:4c:7b:06:64:18:87:7f:d0:41:55:ce:cc:20:8c:96:b5:ce:
         9c:bd:d9:d4:87:19:73:19:22:f7:ef:be:d4:b9:a3:b5:58:97:
         ab:f6:21:74:b8:12:9f:41:91:74:10:32:8c:c3:10:aa:50:07:
         03:d8:23:9d:e8:af:96:a7:5f:1c:a0:cf:ed:5f:76:89:6a:61:
         05:d5:a7:ec:ce:4e:e6:1b:2c:43:6f:0c:1e:c6:47:db:3b:7a:
         ce:00:df:5f:c8:6e:98:a8:b4:ef:6b:45:39:08:3d:d7:d9:85:
         9b:04:f3:8d:d1:1b:d1:f9:d2:79:2a:da:c8:06:86:4f:ee:29:
         93:97:57:2e:14:b4:43:58:08:de:92:9c:b1:f2:38:1a:7e:e8:
         d8:57:88:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFHYlnQZZ3v2fWKVkc9GkGKzcyQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MTNaFw0yNTA2MTIxMDQxMTNaMDMxMTAvBgNV
BAMTKEQyNkVDMjFGQkIyRTYxMEQ3QTA0QzZDNkREQzkwODRGODZDMTk2RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5WmNzxezEwd0sK9ifp+6GynWa
WHPLXxNMfBySTn0WszfFEj69Tw+24vUCxqC38nazKqAKE9cK3j2oKj4ALq1BSHqq
ejWI3ZfjjuX/ZZMydr5yKpm2tKOWp61TiqGBCbfPt6VUwR7FH/AgLBEDWoE9YQJx
evEZ7FsFcWGPGz0kq24bqA++5gK4vt+0IpZUWRmuTonMRBGnRn4zW1+Dp+tN800j
AH3kkLXK+jbzRKgX96A1FB9kHqrA+vzQbhrj3oUvfu970h2T0ohDLs/UfxpyWdv+
lRXTWWDnKcVpfjtTG+qCRbviR456Cd11P54W+ay0LEIFfKugtVyUDVfFXDbvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0m7CH7suYQ16BMbG3ckIT4bBlvAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
LDANBgkqhkiG9w0BAQsFAAOCAQEAgoT9CMIW++HzxZB/vo3DuACM6u/NkPX7Ghuq
eGVinOveBjd4OBjq8m/KBPQesaelUC5COlCMADa6W+hsB8Z8HeqyHd0dRVDtDpUi
Rl2w3JV3yW67z6jq4Mo14W7eG71DcGmUQeUl/a5P6ILGf0x7BmQYh3/QQVXOzCCM
lrXOnL3Z1IcZcxki9+++1LmjtViXq/YhdLgSn0GRdBAyjMMQqlAHA9gjneivlqdf
HKDP7V92iWphBdWn7M5O5hssQ28MHsZH2zt6zgDfX8humKi072tFOQg919mFmwTz
jdEb0fnSeSrayAaGT+4pk5dXLhS0Q1gI3pKcsfI4Gn7o2FeIsg==
-----END CERTIFICATE-----