Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3233203d3e203437353833.roa
File:                     3139352e33352e34382e302f32332d3233203d3e203437353833.roa (raw, json)
Hash identifier:          jzd+AYfM2tHtrw8jAjTROiugaq/wFA53qCLlJ8qp23g=
Subject key identifier:   BC:C1:E5:13:1E:C4:DC:05:8D:52:F9:42:6C:5F:05:06:E5:19:BD:3C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2DFC7D1ED274BB774861CD7279F73D85B4EC80A0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3233203d3e203437353833.roa
Signing time:             Wed 27 Sep 2023 14:36:54 +0000
ROA not before:           Wed 27 Sep 2023 14:31:54 +0000
ROA not after:            Wed 25 Sep 2024 14:36:54 +0000
asID:                     47583
IP address blocks:        195.35.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:fc:7d:1e:d2:74:bb:77:48:61:cd:72:79:f7:3d:85:b4:ec:80:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 14:31:54 2023 GMT
            Not After : Sep 25 14:36:54 2024 GMT
        Subject: CN=BCC1E5131EC4DC058D52F9426C5F0506E519BD3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:18:b5:d1:f7:f7:19:77:c5:2e:f5:a2:b1:7e:
                    a2:eb:0d:4e:7f:f9:03:2e:0e:4d:bb:2c:9c:49:a5:
                    5e:bc:89:0a:95:42:09:75:25:5c:ad:93:1e:1d:79:
                    4d:32:1a:b2:0d:db:7a:66:a2:d9:8e:a9:86:9c:7d:
                    fc:89:37:17:21:ae:ce:f3:3c:2f:d6:73:9f:5f:d1:
                    87:ae:4b:33:9a:c2:bd:a7:b5:ce:83:7d:d4:74:ae:
                    30:ee:ed:31:c6:4a:c7:e2:31:f3:86:27:1a:72:45:
                    95:9c:b3:cc:a7:84:b8:89:28:f0:2f:e6:6f:27:d8:
                    c2:34:f5:3e:9a:94:e2:69:c3:2a:55:25:ce:97:89:
                    3d:d7:78:b9:c1:17:41:44:fa:23:69:fa:5f:a1:e3:
                    24:c3:05:58:06:ea:12:95:b6:c6:91:e2:0c:b5:fc:
                    ae:e9:20:cb:ba:7e:84:61:b9:4d:f6:fc:91:43:7d:
                    ea:40:38:cf:f2:3c:12:bc:0b:96:68:c8:40:7d:aa:
                    e6:0d:d0:23:72:fd:e8:ea:74:89:6a:eb:21:41:89:
                    5d:52:32:93:0c:9c:24:c4:47:c0:8e:e2:9d:59:12:
                    2b:f4:62:3a:32:10:86:09:02:b5:51:40:83:f0:ca:
                    a9:77:a9:5f:9a:6e:b7:26:c7:20:6a:d0:b1:0f:12:
                    f0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C1:E5:13:1E:C4:DC:05:8D:52:F9:42:6C:5F:05:06:E5:19:BD:3C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3233203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:a1:80:f9:fe:ac:54:82:16:c4:e1:cf:9e:52:38:2e:a1:a8:
         de:17:b6:3f:b7:62:57:23:b2:5b:ee:61:c5:af:d5:9a:d8:32:
         92:bd:5c:37:7c:b2:3f:e4:74:c1:f5:8f:69:bb:98:c8:6b:0d:
         ef:65:16:79:fa:68:83:ec:78:c1:9a:cb:3a:ac:62:9f:ce:fd:
         89:e1:8f:41:81:ac:a7:bc:a7:a1:e4:9d:d5:6f:c3:b1:5e:82:
         05:36:d6:0d:5b:7f:8c:b4:cc:c7:c1:ae:6c:91:70:91:37:75:
         0f:76:8d:e9:72:9e:ec:81:45:04:e6:d8:47:7a:69:8c:e1:85:
         99:79:84:2f:dd:7c:48:9b:d8:1d:f0:26:de:39:69:cc:84:ce:
         b0:ec:04:89:ae:ea:f9:30:65:6f:4c:18:d1:8b:2d:37:01:e0:
         d4:d8:4d:5e:3c:d7:fd:1d:81:28:c7:cf:0f:72:38:80:ba:86:
         bd:0f:b3:b2:09:bd:16:b9:0e:2e:21:d6:12:f5:d7:30:89:41:
         b2:70:2b:9f:b8:4a:52:2c:db:bb:7d:e9:14:1a:9b:2d:1d:c2:
         38:55:bd:c9:5b:b1:d9:fc:82:7c:24:5a:d7:85:c5:3f:d6:fc:
         ac:1d:23:98:fa:3a:e9:62:0e:b0:56:b9:c8:e4:af:e5:ef:d3:
         9a:7a:ce:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULfx9HtJ0u3dIYc1yefc9hbTsgKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxNDMxNTRaFw0yNDA5MjUxNDM2NTRaMDMxMTAvBgNV
BAMTKEJDQzFFNTEzMUVDNERDMDU4RDUyRjk0MjZDNUYwNTA2RTUxOUJEM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzGLXR9/cZd8Uu9aKxfqLrDU5/
+QMuDk27LJxJpV68iQqVQgl1JVytkx4deU0yGrIN23pmotmOqYacffyJNxchrs7z
PC/Wc59f0YeuSzOawr2ntc6DfdR0rjDu7THGSsfiMfOGJxpyRZWcs8ynhLiJKPAv
5m8n2MI09T6alOJpwypVJc6XiT3XeLnBF0FE+iNp+l+h4yTDBVgG6hKVtsaR4gy1
/K7pIMu6foRhuU32/JFDfepAOM/yPBK8C5ZoyEB9quYN0CNy/ejqdIlq6yFBiV1S
MpMMnCTER8CO4p1ZEiv0YjoyEIYJArVRQIPwyql3qV+abrcmxyBq0LEPEvA5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvMHlEx7E3AWNUvlCbF8FBuUZvTwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
MDANBgkqhkiG9w0BAQsFAAOCAQEAaaGA+f6sVIIWxOHPnlI4LqGo3he2P7diVyOy
W+5hxa/Vmtgykr1cN3yyP+R0wfWPabuYyGsN72UWefpog+x4wZrLOqxin879ieGP
QYGsp7ynoeSd1W/DsV6CBTbWDVt/jLTMx8GubJFwkTd1D3aN6XKe7IFFBObYR3pp
jOGFmXmEL918SJvYHfAm3jlpzITOsOwEia7q+TBlb0wY0YstNwHg1NhNXjzX/R2B
KMfPD3I4gLqGvQ+zsgm9FrkOLiHWEvXXMIlBsnArn7hKUizbu33pFBqbLR3COFW9
yVux2fyCfCRa14XFP9b8rB0jmPo66WIOsFa5yOSv5e/TmnrO/w==
-----END CERTIFICATE-----