Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e34382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          ZpwOHpEc12T8GPYR1QsSFCD0cMQrbgbmN4YSV+ltKg8=
Subject key identifier:   20:E6:4E:96:4A:97:66:0C:C7:AA:1E:AF:43:85:FE:E4:50:69:65:47
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3411AC4DACAD31BE9B707842A172FA9AB60622C7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:34 +0000
ROA not before:           Thu 13 Jun 2024 10:36:34 +0000
ROA not after:            Thu 12 Jun 2025 10:41:34 +0000
asID:                     47583
IP address blocks:        195.35.48.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:11:ac:4d:ac:ad:31:be:9b:70:78:42:a1:72:fa:9a:b6:06:22:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:34 2024 GMT
            Not After : Jun 12 10:41:34 2025 GMT
        Subject: CN=20E64E964A97660CC7AA1EAF4385FEE450696547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:50:35:a2:4f:30:5c:af:84:35:cb:99:81:49:
                    b7:20:2f:ad:69:16:8d:87:27:4e:71:dc:33:45:8c:
                    6c:d6:fb:b6:fc:97:13:c3:66:81:08:b7:fc:25:32:
                    f0:11:8d:d8:ae:a8:6d:90:f4:3f:e2:a1:e1:e6:ae:
                    35:a9:bc:82:de:b2:20:b0:13:80:bb:3e:4c:ba:f5:
                    aa:7c:51:d3:a0:95:be:6e:33:9c:55:a4:c3:ba:70:
                    c5:34:0a:9d:ba:60:3e:76:d1:71:6e:9a:9f:0b:25:
                    db:51:a0:54:73:6e:24:12:a0:b9:79:cc:0a:a3:a7:
                    0a:d2:df:00:31:dd:36:24:8c:8f:19:07:55:78:4a:
                    fb:cf:87:d8:20:b9:63:04:27:34:3e:49:86:aa:d0:
                    5e:1b:d8:11:d7:7c:80:30:24:cd:e9:99:b0:a8:ec:
                    5c:01:ea:df:1f:2b:48:b2:bf:10:ae:00:4e:16:0f:
                    4d:db:2a:12:38:0e:02:a3:e4:20:3f:2e:28:82:30:
                    e7:d8:92:5c:01:7f:d3:ff:fc:d1:5a:3f:ea:5a:d5:
                    ce:62:6e:d7:89:12:0f:11:29:cb:82:9b:10:9b:f8:
                    34:c1:2f:19:3d:dc:de:42:be:1a:b6:1a:d5:b4:cf:
                    d4:a6:51:15:b7:c7:63:99:c9:1f:c3:f4:24:5b:2f:
                    db:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E6:4E:96:4A:97:66:0C:C7:AA:1E:AF:43:85:FE:E4:50:69:65:47
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:3c:96:ff:1a:d6:4c:a1:ac:ef:b4:da:07:78:35:3e:93:91:
         0b:a1:7b:e4:9d:48:85:44:78:73:5c:a2:2f:c0:38:5b:88:27:
         f6:fe:63:3e:bd:fa:dc:35:2f:1e:ba:10:e5:28:4a:ea:75:b6:
         a4:b6:0b:5d:f5:72:f1:99:5e:e2:fb:b8:8d:a7:da:ae:24:27:
         18:c5:20:84:ec:3c:5a:9b:d6:5c:85:9e:38:0d:dc:4d:0d:32:
         02:d3:eb:09:60:c5:03:b0:f8:66:47:b4:34:65:8e:c6:75:d8:
         48:d0:05:9f:c5:ed:3c:67:af:08:40:db:a3:3c:5f:ea:f7:39:
         af:59:3e:dd:9f:c2:a9:b3:80:e4:42:ee:00:45:28:20:89:49:
         88:02:22:59:f0:05:e9:f3:b5:71:e3:10:f8:e3:52:36:ad:8f:
         73:12:46:7e:f6:f4:91:43:da:88:01:67:f4:7b:82:bc:d4:67:
         22:f2:31:db:9e:8d:78:6e:e0:b6:0a:ae:b2:c2:72:93:31:1b:
         d7:d5:a9:9b:6a:02:e6:05:1c:09:20:74:e8:4a:44:b6:bb:0c:
         5f:5e:9b:74:5c:39:ff:2c:d1:90:c2:bc:32:b1:bf:dc:e3:87:
         79:8b:53:82:ea:e2:69:5c:49:fd:1b:80:89:bc:67:cb:c8:b2:
         3b:9e:9e:1f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNBGsTaytMb6bcHhCoXL6mrYGIscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MzRaFw0yNTA2MTIxMDQxMzRaMDMxMTAvBgNV
BAMTKDIwRTY0RTk2NEE5NzY2MENDN0FBMUVBRjQzODVGRUU0NTA2OTY1NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8UDWiTzBcr4Q1y5mBSbcgL61p
Fo2HJ05x3DNFjGzW+7b8lxPDZoEIt/wlMvARjdiuqG2Q9D/ioeHmrjWpvILesiCw
E4C7Pky69ap8UdOglb5uM5xVpMO6cMU0Cp26YD520XFump8LJdtRoFRzbiQSoLl5
zAqjpwrS3wAx3TYkjI8ZB1V4SvvPh9gguWMEJzQ+SYaq0F4b2BHXfIAwJM3pmbCo
7FwB6t8fK0iyvxCuAE4WD03bKhI4DgKj5CA/LiiCMOfYklwBf9P//NFaP+pa1c5i
bteJEg8RKcuCmxCb+DTBLxk93N5Cvhq2GtW0z9SmURW3x2OZyR/D9CRbL9uXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIOZOlkqXZgzHqh6vQ4X+5FBpZUcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
MDANBgkqhkiG9w0BAQsFAAOCAQEABzyW/xrWTKGs77TaB3g1PpORC6F75J1IhUR4
c1yiL8A4W4gn9v5jPr363DUvHroQ5ShK6nW2pLYLXfVy8Zle4vu4jafariQnGMUg
hOw8WpvWXIWeOA3cTQ0yAtPrCWDFA7D4Zke0NGWOxnXYSNAFn8XtPGevCEDbozxf
6vc5r1k+3Z/CqbOA5ELuAEUoIIlJiAIiWfAF6fO1ceMQ+ONSNq2PcxJGfvb0kUPa
iAFn9HuCvNRnIvIx256NeG7gtgqussJykzEb19Wpm2oC5gUcCSB06EpEtrsMX16b
dFw5/yzRkMK8MrG/3OOHeYtTguriaVxJ/RuAibxny8iyO56eHw==
-----END CERTIFICATE-----