Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          /aIs24nxkPaxLg+kyuWQyvsLBDm8+c8RfRvarzq8aAg=
Subject key identifier:   D7:45:E8:0E:70:60:B0:81:DA:04:EA:3F:CB:E6:76:12:58:2A:6F:E0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7784280C347E739ECC7FE8410277D03ADDDB37ED
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 Aug 2024 08:04:39 +0000
ROA not before:           Fri 16 Aug 2024 07:59:39 +0000
ROA not after:            Fri 15 Aug 2025 08:04:39 +0000
asID:                     47583
IP address blocks:        195.35.52.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:84:28:0c:34:7e:73:9e:cc:7f:e8:41:02:77:d0:3a:dd:db:37:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 16 07:59:39 2024 GMT
            Not After : Aug 15 08:04:39 2025 GMT
        Subject: CN=D745E80E7060B081DA04EA3FCBE67612582A6FE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d3:44:99:91:ad:dc:51:61:ca:d7:48:44:d6:
                    85:bb:9a:62:a9:4c:cb:e5:a4:10:ee:ac:b6:f6:2b:
                    e4:6c:35:ec:d6:8d:ea:58:86:ef:64:56:7a:2f:54:
                    b2:1c:e7:a1:57:f9:da:3f:c8:78:04:a3:39:37:08:
                    a2:da:da:a8:70:a7:3b:4d:f0:14:27:2b:c5:17:13:
                    bd:ae:c6:bf:65:49:2b:8f:67:42:f2:fb:b4:48:6f:
                    9a:1f:0e:b3:d8:a5:9b:41:92:5a:f0:ce:a9:6a:cc:
                    93:e2:13:39:2d:3b:aa:07:15:54:26:42:13:7a:ef:
                    d6:f6:aa:1c:f6:8f:55:37:1e:12:3c:c5:0a:98:fe:
                    b4:81:3a:f1:bf:40:80:a6:12:66:32:6f:29:b7:fe:
                    17:d7:09:56:8f:7c:12:b5:5a:8e:00:a8:b0:c2:46:
                    81:4e:53:bf:49:2c:bb:5c:4e:48:57:dc:79:19:16:
                    0a:c3:5a:2d:ad:da:eb:e6:96:09:02:86:39:b2:7a:
                    f9:ae:4b:dd:0d:44:76:f1:54:0b:2f:77:17:02:0c:
                    13:00:89:49:fe:68:e2:ae:5e:5a:21:05:ef:f3:3b:
                    98:27:89:bc:b5:79:bb:8a:92:f5:0d:83:43:a4:c3:
                    75:11:ff:94:c5:6c:ab:69:22:4a:1d:01:c5:be:61:
                    fa:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:45:E8:0E:70:60:B0:81:DA:04:EA:3F:CB:E6:76:12:58:2A:6F:E0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:44:5b:93:45:fd:8e:7d:5e:e4:f5:e8:1e:10:bc:75:a5:63:
         9a:6e:c6:d2:18:5e:67:17:4a:01:b3:b8:ba:5c:da:bf:de:c8:
         08:ce:eb:97:11:a6:48:98:d3:4a:9d:2c:00:34:f0:62:03:48:
         11:65:d5:1e:68:7d:52:74:6d:3e:38:7d:9a:f1:b3:12:09:8e:
         ae:b9:34:a9:06:65:a1:80:f9:e6:c1:97:a9:c7:53:cb:4a:6e:
         27:06:0e:b9:38:31:55:5e:62:c5:a4:5e:7f:0d:66:bb:c8:7a:
         7e:ae:88:db:3f:aa:4e:fa:bc:56:59:f2:fe:41:65:bf:68:eb:
         94:d9:8b:89:04:df:34:7a:ae:cf:48:d5:0a:80:91:16:12:c2:
         1e:ff:5a:a7:91:94:23:76:13:cf:8c:f3:60:14:a2:36:2b:c4:
         39:f0:46:38:b4:69:b4:5c:fc:8c:77:aa:05:15:81:4c:c7:8c:
         73:43:e2:ce:5f:34:71:ef:52:e9:46:de:ad:d7:55:17:0f:a0:
         95:be:34:1c:a6:95:6b:0c:25:47:18:a4:bf:6d:34:77:e2:c5:
         4f:db:01:d1:bc:8d:bc:12:98:0f:40:13:9c:04:24:49:ef:c9:
         09:4c:78:5f:35:89:b5:5c:08:e3:d5:1b:eb:bd:40:f8:b0:8e:
         34:25:60:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUd4QoDDR+c57Mf+hBAnfQOt3bN+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTYwNzU5MzlaFw0yNTA4MTUwODA0MzlaMDMxMTAvBgNV
BAMTKEQ3NDVFODBFNzA2MEIwODFEQTA0RUEzRkNCRTY3NjEyNTgyQTZGRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF00SZka3cUWHK10hE1oW7mmKp
TMvlpBDurLb2K+RsNezWjepYhu9kVnovVLIc56FX+do/yHgEozk3CKLa2qhwpztN
8BQnK8UXE72uxr9lSSuPZ0Ly+7RIb5ofDrPYpZtBklrwzqlqzJPiEzktO6oHFVQm
QhN679b2qhz2j1U3HhI8xQqY/rSBOvG/QICmEmYybym3/hfXCVaPfBK1Wo4AqLDC
RoFOU79JLLtcTkhX3HkZFgrDWi2t2uvmlgkChjmyevmuS90NRHbxVAsvdxcCDBMA
iUn+aOKuXlohBe/zO5gniby1ebuKkvUNg0Okw3UR/5TFbKtpIkodAcW+YfqvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU10XoDnBgsIHaBOo/y+Z2Elgqb+AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
NDANBgkqhkiG9w0BAQsFAAOCAQEAeURbk0X9jn1e5PXoHhC8daVjmm7G0hheZxdK
AbO4ulzav97ICM7rlxGmSJjTSp0sADTwYgNIEWXVHmh9UnRtPjh9mvGzEgmOrrk0
qQZloYD55sGXqcdTy0puJwYOuTgxVV5ixaRefw1mu8h6fq6I2z+qTvq8Vlny/kFl
v2jrlNmLiQTfNHquz0jVCoCRFhLCHv9ap5GUI3YTz4zzYBSiNivEOfBGOLRptFz8
jHeqBRWBTMeMc0Pizl80ce9S6UberddVFw+glb40HKaVawwlRxikv200d+LFT9sB
0byNvBKYD0ATnAQkSe/JCUx4XzWJtVwI49Ub671A+LCONCVgHA==
-----END CERTIFICATE-----