Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e34382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          p5EjQoU3JVzkN8Pe222HoadG16V61vfmhIHRokJ1L2c=
Subject key identifier:   6E:D8:35:CF:B8:96:C0:21:F7:62:ED:50:10:77:0B:84:10:80:8C:85
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       684C0D1FE28D44A815BDEF590D84E4D8282DDFE2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        195.35.48.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:4c:0d:1f:e2:8d:44:a8:15:bd:ef:59:0d:84:e4:d8:28:2d:df:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=6ED835CFB896C021F762ED5010770B8410808C85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:33:e6:9c:c0:27:34:0d:aa:92:ec:c0:d9:f3:
                    8b:0f:f3:dd:d2:9d:8b:f6:c3:a3:f6:0c:b9:af:d1:
                    a4:11:1c:f3:a0:96:95:df:a3:b6:0b:7f:0b:da:b5:
                    11:09:88:d7:24:64:25:b7:8e:cf:bd:de:61:6c:84:
                    18:cb:91:41:5b:43:39:79:70:b5:78:23:ac:00:34:
                    2e:e4:d7:68:ae:61:4a:a6:9b:fe:c2:cb:9f:31:9f:
                    e3:89:e8:e8:c0:f8:64:48:cd:8a:db:70:48:5f:de:
                    83:cc:ab:b9:2a:01:af:a0:bf:37:1b:58:aa:5d:8f:
                    57:e9:e3:d9:26:fb:6b:09:aa:23:61:c9:6a:fe:2c:
                    cf:e3:0d:83:c3:aa:5d:0a:c3:7c:06:b8:38:33:b8:
                    e4:42:ae:2e:0e:97:f0:09:17:c9:1a:e8:17:de:f0:
                    56:0f:be:a0:8b:f2:5b:e4:fb:84:0e:96:1d:fa:eb:
                    fe:d6:6d:3c:1e:50:b2:e7:32:8d:4e:fd:ec:f3:94:
                    90:c9:c5:ac:fe:e7:45:6d:1a:68:e3:6e:f0:9f:76:
                    4e:73:32:df:8b:6f:da:71:11:ce:4e:5b:58:53:5e:
                    b6:6c:a8:1f:36:ca:82:2d:c0:03:89:33:1e:cd:be:
                    3d:f8:68:97:d7:66:79:2b:2c:b5:71:bd:5f:f0:70:
                    04:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D8:35:CF:B8:96:C0:21:F7:62:ED:50:10:77:0B:84:10:80:8C:85
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:15:e5:57:96:c0:ac:44:00:0a:ba:89:55:0c:08:59:03:d6:
         a2:d9:d8:47:f5:b3:84:eb:e1:ad:b8:47:e4:16:33:40:09:d2:
         75:3b:7a:a9:1e:ac:f7:d9:0d:a2:7a:15:12:67:3e:ce:ee:90:
         e2:25:b8:6a:7a:48:5a:c5:cb:f6:bd:00:21:e4:a2:b5:da:85:
         5c:d5:5d:84:67:5f:05:28:2b:d9:8e:c0:4f:a8:d2:68:87:57:
         e2:43:0f:b0:04:8b:9f:70:be:7c:34:7a:83:3c:68:25:23:b2:
         59:f0:2d:0b:f6:fe:72:98:07:0f:81:58:8f:b5:47:6a:96:d8:
         83:03:e3:d8:60:51:ac:ac:d9:97:ff:c4:ea:d1:48:4e:8f:3e:
         cb:4f:6b:7c:5c:63:96:05:29:eb:9d:6b:fe:a7:41:25:a1:1e:
         8a:33:93:d9:0a:80:52:7c:a2:f0:36:46:8d:1f:8d:3c:6d:3e:
         a5:84:13:59:58:8f:86:94:ca:05:5c:d4:27:97:a9:35:76:c0:
         c4:5c:f2:22:70:a0:f0:e3:41:0f:41:77:a7:0d:21:48:bb:08:
         7f:1f:e7:2c:35:31:c8:d8:77:3f:48:95:29:57:07:cf:9c:9f:
         f9:82:14:4f:04:e3:50:d7:37:95:dc:49:38:9f:6a:3a:8f:c1:
         68:12:40:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaEwNH+KNRKgVve9ZDYTk2Cgt3+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKDZFRDgzNUNGQjg5NkMwMjFGNzYyRUQ1MDEwNzcwQjg0MTA4MDhDODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/M+acwCc0DaqS7MDZ84sP893S
nYv2w6P2DLmv0aQRHPOglpXfo7YLfwvatREJiNckZCW3js+93mFshBjLkUFbQzl5
cLV4I6wANC7k12iuYUqmm/7Cy58xn+OJ6OjA+GRIzYrbcEhf3oPMq7kqAa+gvzcb
WKpdj1fp49km+2sJqiNhyWr+LM/jDYPDql0Kw3wGuDgzuORCri4Ol/AJF8ka6Bfe
8FYPvqCL8lvk+4QOlh366/7WbTweULLnMo1O/ezzlJDJxaz+50VtGmjjbvCfdk5z
Mt+Lb9pxEc5OW1hTXrZsqB82yoItwAOJMx7Nvj34aJfXZnkrLLVxvV/wcARLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbtg1z7iWwCH3Yu1QEHcLhBCAjIUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
MDANBgkqhkiG9w0BAQsFAAOCAQEASBXlV5bArEQACrqJVQwIWQPWotnYR/WzhOvh
rbhH5BYzQAnSdTt6qR6s99kNonoVEmc+zu6Q4iW4anpIWsXL9r0AIeSitdqFXNVd
hGdfBSgr2Y7AT6jSaIdX4kMPsASLn3C+fDR6gzxoJSOyWfAtC/b+cpgHD4FYj7VH
apbYgwPj2GBRrKzZl//E6tFITo8+y09rfFxjlgUp651r/qdBJaEeijOT2QqAUnyi
8DZGjR+NPG0+pYQTWViPhpTKBVzUJ5epNXbAxFzyInCg8ONBD0F3pw0hSLsIfx/n
LDUxyNh3P0iVKVcHz5yf+YIUTwTjUNc3ldxJOJ9qOo/BaBJAHQ==
-----END CERTIFICATE-----