Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          9I1e3y8GeR/noNntYk6U0y+zvfdorAUiRdjn0w+R/6o=
Subject key identifier:   1E:5E:9C:7E:2C:8B:03:4D:5C:C2:87:D3:0F:FF:2F:F6:65:54:A3:DE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       25B937AD5507DA6A0971448E3F2339E3F3399BED
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 Aug 2024 08:04:39 +0000
ROA not before:           Fri 16 Aug 2024 07:59:39 +0000
ROA not after:            Fri 15 Aug 2025 08:04:39 +0000
asID:                     47583
IP address blocks:        195.35.50.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b9:37:ad:55:07:da:6a:09:71:44:8e:3f:23:39:e3:f3:39:9b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 16 07:59:39 2024 GMT
            Not After : Aug 15 08:04:39 2025 GMT
        Subject: CN=1E5E9C7E2C8B034D5CC287D30FFF2FF66554A3DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:76:fc:c2:d3:a4:8a:53:32:e7:3f:83:68:f4:
                    a4:ce:00:77:3e:23:40:46:3e:61:ae:c7:df:6b:45:
                    10:bb:95:e2:1e:67:1f:e6:39:5d:db:c3:34:36:03:
                    2e:ee:42:98:56:4e:10:99:df:69:5f:64:b9:64:df:
                    e6:a3:70:44:8c:b8:5c:f9:4a:41:5b:07:a2:d5:81:
                    ce:0d:96:1a:1f:76:3e:62:c4:05:53:2b:62:94:07:
                    ee:de:52:ca:b0:7b:59:fd:c2:17:38:3b:df:84:cc:
                    e8:fc:92:ca:2d:cd:c8:e7:c3:7c:f7:14:30:f5:fe:
                    c7:3b:a0:78:6c:40:e4:73:1f:69:b2:fa:4b:ec:85:
                    28:5e:72:4c:f9:86:a9:8d:08:13:8a:c5:32:98:d1:
                    8a:76:55:96:f0:02:43:ce:f6:35:be:c3:7a:46:a4:
                    c6:e2:6b:cd:bb:0a:aa:9c:37:49:69:59:9c:83:e0:
                    92:c5:50:d5:3b:7f:fc:9e:e6:ce:89:74:cc:57:ae:
                    1b:f9:47:58:1e:57:a1:b2:b0:89:6e:4d:f5:e8:ee:
                    60:16:14:8f:fb:54:8c:a8:86:8b:ef:e6:1d:0f:e3:
                    a8:97:ea:77:10:ff:74:c0:eb:f6:e3:cf:76:00:0f:
                    6f:29:73:ee:b7:21:41:77:8b:70:31:84:4e:93:6a:
                    44:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:5E:9C:7E:2C:8B:03:4D:5C:C2:87:D3:0F:FF:2F:F6:65:54:A3:DE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:24:27:13:4f:ca:54:50:d3:5f:eb:67:07:52:aa:87:5d:cc:
         62:c7:c6:b2:d8:df:b3:97:d1:43:29:55:40:43:8c:aa:af:f2:
         6d:15:46:46:f5:60:d1:d8:bc:a4:b9:d9:06:be:e4:53:5f:f6:
         e6:5f:86:08:2f:77:b3:79:20:76:20:84:5f:f4:c8:16:ef:a7:
         c8:a0:80:87:3b:43:e6:fd:02:e3:9d:3c:f0:51:4e:cc:e9:6e:
         7d:99:9f:02:2f:ae:32:34:1a:9e:cc:8a:a4:4b:ad:ae:2d:18:
         b3:5c:09:41:e4:50:af:52:5d:d1:fb:de:54:95:a3:be:e5:bb:
         ce:0d:bb:1f:41:5e:30:a4:ba:f0:a6:a3:25:21:b4:61:69:7e:
         00:bc:10:64:51:17:4a:66:fc:28:71:f3:23:e0:92:4c:08:54:
         96:de:a1:49:bf:bd:cb:e5:8d:6b:19:5f:93:97:94:cc:8e:26:
         32:a7:a9:85:5e:e2:98:1a:b0:9e:ac:03:b3:44:5c:99:79:a7:
         88:57:e3:b0:8e:bb:87:d0:f3:01:4b:a3:6c:2a:40:c9:98:43:
         bb:9e:b4:3b:bf:e5:51:28:1b:36:72:68:3d:d6:41:42:68:4b:
         64:7c:2c:2f:7e:5d:59:3e:52:10:5d:50:f4:ed:dc:07:60:16:
         24:e4:0e:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJbk3rVUH2moJcUSOPyM54/M5m+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTYwNzU5MzlaFw0yNTA4MTUwODA0MzlaMDMxMTAvBgNV
BAMTKDFFNUU5QzdFMkM4QjAzNEQ1Q0MyODdEMzBGRkYyRkY2NjU1NEEzREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGdvzC06SKUzLnP4No9KTOAHc+
I0BGPmGux99rRRC7leIeZx/mOV3bwzQ2Ay7uQphWThCZ32lfZLlk3+ajcESMuFz5
SkFbB6LVgc4Nlhofdj5ixAVTK2KUB+7eUsqwe1n9whc4O9+EzOj8ksotzcjnw3z3
FDD1/sc7oHhsQORzH2my+kvshSheckz5hqmNCBOKxTKY0Yp2VZbwAkPO9jW+w3pG
pMbia827CqqcN0lpWZyD4JLFUNU7f/ye5s6JdMxXrhv5R1geV6GysIluTfXo7mAW
FI/7VIyohovv5h0P46iX6ncQ/3TA6/bjz3YAD28pc+63IUF3i3AxhE6TakSvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHl6cfiyLA01cwofTD/8v9mVUo94wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
MjANBgkqhkiG9w0BAQsFAAOCAQEAQCQnE0/KVFDTX+tnB1Kqh13MYsfGstjfs5fR
QylVQEOMqq/ybRVGRvVg0di8pLnZBr7kU1/25l+GCC93s3kgdiCEX/TIFu+nyKCA
hztD5v0C45088FFOzOlufZmfAi+uMjQansyKpEutri0Ys1wJQeRQr1Jd0fveVJWj
vuW7zg27H0FeMKS68KajJSG0YWl+ALwQZFEXSmb8KHHzI+CSTAhUlt6hSb+9y+WN
axlfk5eUzI4mMqephV7imBqwnqwDs0RcmXmniFfjsI67h9DzAUujbCpAyZhDu560
O7/lUSgbNnJoPdZBQmhLZHwsL35dWT5SEF1Q9O3cB2AWJOQOCg==
-----END CERTIFICATE-----