Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          HAlevWoZif7CknCT3GJho64/l3glZmHvRj2qF3Cf9BU=
Subject key identifier:   1F:78:95:4C:27:6E:FD:57:4A:02:CF:14:FA:39:00:54:4E:97:76:34
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0C5A40753761FD7D81D0ADE71952EECCC669AA33
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 15 Sep 2023 07:09:14 +0000
ROA not before:           Fri 15 Sep 2023 07:04:14 +0000
ROA not after:            Fri 13 Sep 2024 07:09:14 +0000
asID:                     47583
IP address blocks:        195.35.52.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:5a:40:75:37:61:fd:7d:81:d0:ad:e7:19:52:ee:cc:c6:69:aa:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 15 07:04:14 2023 GMT
            Not After : Sep 13 07:09:14 2024 GMT
        Subject: CN=1F78954C276EFD574A02CF14FA3900544E977634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7e:93:c1:bd:b3:11:5a:e9:a6:62:51:50:c1:
                    cf:b0:e2:ef:31:91:ef:55:91:08:c5:8b:84:2b:77:
                    55:ea:dd:2e:c6:b8:5d:0b:b3:e5:1f:cb:5b:5d:55:
                    b9:67:58:10:79:5b:64:b0:8c:1c:94:04:fd:46:7b:
                    42:85:80:88:41:04:d7:52:cd:6f:77:b2:5f:1c:d6:
                    b1:ec:76:52:70:40:3f:a3:b2:51:df:92:b3:17:22:
                    39:08:e3:c0:e5:7d:e8:c3:40:6f:4c:7a:4d:5d:5e:
                    66:d3:d4:77:2d:47:14:16:2c:21:01:6b:22:92:6f:
                    1a:88:c2:bc:d7:97:94:48:59:21:a4:46:6c:26:3f:
                    e0:7c:c4:9b:2a:85:1a:b6:2d:cb:12:85:05:20:c6:
                    68:7f:35:3a:76:fa:ae:92:0d:aa:f2:a8:cc:77:bd:
                    61:d3:f1:8a:06:77:06:10:ec:be:fb:f9:90:4c:67:
                    2f:50:44:45:7e:24:7d:b7:c4:a5:ea:16:d6:7f:57:
                    10:48:bb:35:05:9e:55:08:01:be:f3:21:d3:be:0e:
                    13:3c:cf:54:90:5e:1a:68:0e:bc:8f:30:2e:86:71:
                    80:5a:00:a5:15:a9:43:68:83:5a:9b:24:a4:58:b7:
                    43:60:6e:1d:b3:1b:e5:a4:cb:af:3c:bf:e8:67:61:
                    76:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:78:95:4C:27:6E:FD:57:4A:02:CF:14:FA:39:00:54:4E:97:76:34
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:ee:8f:dc:f2:05:53:86:8f:a4:0b:f2:d3:39:0e:db:42:76:
         d8:67:13:62:f7:95:f9:f5:5e:7d:f3:fe:1d:7a:98:e4:5a:74:
         13:b2:44:6f:7e:05:e3:40:f2:c8:ee:bc:c8:23:6a:4c:e0:46:
         3b:8b:7e:d7:4f:43:15:c9:49:6b:59:27:25:84:a5:67:22:b9:
         08:9f:81:74:5c:64:6d:8a:79:66:fa:f7:48:0f:9a:aa:16:c2:
         0a:ec:d8:2b:a9:2b:fc:2f:79:0f:8b:ce:83:82:72:92:65:c4:
         b5:28:33:69:65:6c:3d:c5:59:ba:7a:6a:59:01:b2:8d:71:af:
         9c:75:63:93:e3:64:1c:4c:3c:c0:df:c8:c2:0a:07:ff:16:5f:
         45:ef:e2:0b:85:7d:6b:1f:42:13:f6:ab:66:39:40:71:17:00:
         5a:df:af:41:e0:ed:34:7c:32:04:37:ef:76:12:aa:cb:59:65:
         16:3d:d3:e9:74:ab:f8:d5:69:4e:6f:23:66:5b:b0:ff:e8:1e:
         9b:e0:a3:08:8c:11:cd:48:e5:93:c9:6a:b0:8a:5b:4a:c0:8e:
         18:81:f8:71:00:73:55:fa:07:8d:bf:99:2f:c1:24:db:b8:1d:
         aa:76:f7:1e:7e:77:06:80:75:17:99:65:4f:5f:fb:97:9f:57:
         ba:16:22:e3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDFpAdTdh/X2B0K3nGVLuzMZpqjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTUwNzA0MTRaFw0yNDA5MTMwNzA5MTRaMDMxMTAvBgNV
BAMTKDFGNzg5NTRDMjc2RUZENTc0QTAyQ0YxNEZBMzkwMDU0NEU5Nzc2MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCfpPBvbMRWummYlFQwc+w4u8x
ke9VkQjFi4Qrd1Xq3S7GuF0Ls+Ufy1tdVblnWBB5W2SwjByUBP1Ge0KFgIhBBNdS
zW93sl8c1rHsdlJwQD+jslHfkrMXIjkI48DlfejDQG9Mek1dXmbT1HctRxQWLCEB
ayKSbxqIwrzXl5RIWSGkRmwmP+B8xJsqhRq2LcsShQUgxmh/NTp2+q6SDaryqMx3
vWHT8YoGdwYQ7L77+ZBMZy9QREV+JH23xKXqFtZ/VxBIuzUFnlUIAb7zIdO+DhM8
z1SQXhpoDryPMC6GcYBaAKUVqUNog1qbJKRYt0Ngbh2zG+Wky688v+hnYXbzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUH3iVTCdu/VdKAs8U+jkAVE6XdjQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
NDANBgkqhkiG9w0BAQsFAAOCAQEAn+6P3PIFU4aPpAvy0zkO20J22GcTYveV+fVe
ffP+HXqY5Fp0E7JEb34F40DyyO68yCNqTOBGO4t+109DFclJa1knJYSlZyK5CJ+B
dFxkbYp5Zvr3SA+aqhbCCuzYK6kr/C95D4vOg4JykmXEtSgzaWVsPcVZunpqWQGy
jXGvnHVjk+NkHEw8wN/IwgoH/xZfRe/iC4V9ax9CE/arZjlAcRcAWt+vQeDtNHwy
BDfvdhKqy1llFj3T6XSr+NVpTm8jZluw/+gem+CjCIwRzUjlk8lqsIpbSsCOGIH4
cQBzVfoHjb+ZL8Ek27gdqnb3Hn53BoB1F5llT1/7l59XuhYi4w==
-----END CERTIFICATE-----