Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          2fByrSmgC2iw96v31l/RgPge0ZNs1TjUqUdgi5nhB/g=
Subject key identifier:   A9:58:5C:04:A2:15:8B:76:FC:92:04:F2:4B:11:1B:10:DB:40:B3:CA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       617084F6D6ECC9F3C5BAA33CD2D0221E9C95A7B9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 15 Sep 2023 07:09:20 +0000
ROA not before:           Fri 15 Sep 2023 07:04:20 +0000
ROA not after:            Fri 13 Sep 2024 07:09:20 +0000
asID:                     47583
IP address blocks:        195.35.50.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:70:84:f6:d6:ec:c9:f3:c5:ba:a3:3c:d2:d0:22:1e:9c:95:a7:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 15 07:04:20 2023 GMT
            Not After : Sep 13 07:09:20 2024 GMT
        Subject: CN=A9585C04A2158B76FC9204F24B111B10DB40B3CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:66:b2:c9:b4:78:ba:26:23:d4:1b:c6:bc:
                    88:9f:09:2c:8f:39:c2:89:c3:49:df:0b:c4:ba:d7:
                    c4:ba:9c:0b:eb:16:f2:08:83:25:95:e8:16:fd:fc:
                    6c:1d:43:54:69:53:48:4d:c3:b7:6c:ac:5f:47:6b:
                    f7:4d:7b:c1:14:fb:7d:da:b5:6a:bf:a9:9e:3e:54:
                    0a:d3:9c:d8:ef:3d:a0:b2:17:0b:6e:c4:e8:73:f9:
                    44:97:30:51:1b:7e:03:45:07:2e:34:eb:fa:c2:58:
                    e0:9b:d8:48:ee:86:74:f4:3c:6d:55:cf:15:ae:6f:
                    6b:ee:f5:8d:a9:55:42:fc:8b:b9:fb:af:e4:3a:17:
                    b8:be:b4:43:16:af:fb:53:e5:c2:6d:51:04:10:2c:
                    d0:f5:04:5a:a9:64:94:54:3f:06:32:52:dc:ed:f9:
                    1d:56:0d:3c:1c:e4:9a:78:f2:6b:b6:f7:7e:64:7f:
                    63:2e:24:ca:83:58:69:ff:eb:b1:bf:82:c9:92:52:
                    3f:77:64:a9:4b:93:26:a6:be:96:8a:69:3f:09:92:
                    e6:ea:ed:37:9b:68:87:47:34:38:66:5d:51:0d:b3:
                    ca:8c:ec:cb:5f:d5:65:70:d6:5a:e6:62:f0:d8:23:
                    e1:6f:66:e6:f6:82:63:9e:b7:bc:fa:44:a6:92:71:
                    47:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:58:5C:04:A2:15:8B:76:FC:92:04:F2:4B:11:1B:10:DB:40:B3:CA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:5c:6a:e7:70:4e:29:40:10:a4:84:5c:2f:e4:3b:e7:57:fe:
         9f:fb:f4:e2:ef:3f:ce:6a:b2:0a:8b:ff:2d:d6:b6:ea:c8:df:
         d6:c3:a5:de:4a:97:38:3e:b9:ce:66:b8:f7:91:69:7a:d1:0a:
         17:b2:32:71:1b:d5:d3:2f:a0:89:42:45:c7:4e:8c:7d:7e:41:
         2a:42:d0:30:36:f0:d9:31:d4:c5:a4:89:91:d7:00:96:e1:23:
         7d:a5:90:3d:52:77:7b:f8:5a:3b:09:2f:b9:a0:c2:3e:d5:19:
         01:ba:1e:f7:63:74:9b:7e:04:79:02:8b:f2:cc:24:dd:0b:17:
         b1:86:12:f0:bb:c1:56:a8:2f:f5:24:53:d7:cf:39:40:d1:0f:
         fb:0e:f4:50:bc:d4:03:8f:19:5c:b6:39:20:95:17:d1:6b:b3:
         d4:2a:0c:0b:19:90:75:32:4b:89:23:a7:85:af:1c:70:98:ab:
         8d:8d:be:4f:14:37:7f:6c:0d:fe:d5:2b:a9:2d:24:4b:4f:f4:
         b5:ec:d5:6c:0f:90:8c:09:2d:bd:6f:f4:e3:98:eb:27:55:36:
         82:01:70:b4:d0:f9:fd:7c:35:10:bd:56:a3:98:b1:10:95:c1:
         d1:9b:96:c2:ed:9f:e6:51:39:68:0a:87:fa:bc:8d:99:55:55:
         05:f2:77:7c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYXCE9tbsyfPFuqM80tAiHpyVp7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTUwNzA0MjBaFw0yNDA5MTMwNzA5MjBaMDMxMTAvBgNV
BAMTKEE5NTg1QzA0QTIxNThCNzZGQzkyMDRGMjRCMTExQjEwREI0MEIzQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIbWayybR4uiYj1BvGvIifCSyP
OcKJw0nfC8S618S6nAvrFvIIgyWV6Bb9/GwdQ1RpU0hNw7dsrF9Ha/dNe8EU+33a
tWq/qZ4+VArTnNjvPaCyFwtuxOhz+USXMFEbfgNFBy406/rCWOCb2EjuhnT0PG1V
zxWub2vu9Y2pVUL8i7n7r+Q6F7i+tEMWr/tT5cJtUQQQLND1BFqpZJRUPwYyUtzt
+R1WDTwc5Jp48mu2935kf2MuJMqDWGn/67G/gsmSUj93ZKlLkyamvpaKaT8Jkubq
7TebaIdHNDhmXVENs8qM7Mtf1WVw1lrmYvDYI+FvZub2gmOet7z6RKaScUfXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqVhcBKIVi3b8kgTySxEbENtAs8owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
MjANBgkqhkiG9w0BAQsFAAOCAQEAJFxq53BOKUAQpIRcL+Q751f+n/v04u8/zmqy
Cov/Lda26sjf1sOl3kqXOD65zma495FpetEKF7IycRvV0y+giUJFx06MfX5BKkLQ
MDbw2THUxaSJkdcAluEjfaWQPVJ3e/haOwkvuaDCPtUZAboe92N0m34EeQKL8swk
3QsXsYYS8LvBVqgv9SRT1885QNEP+w70ULzUA48ZXLY5IJUX0Wuz1CoMCxmQdTJL
iSOnha8ccJirjY2+TxQ3f2wN/tUrqS0kS0/0tezVbA+QjAktvW/045jrJ1U2ggFw
tND5/Xw1EL1Wo5ixEJXB0ZuWwu2f5lE5aAqH+ryNmVVVBfJ3fA==
-----END CERTIFICATE-----