Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e35342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          0kcP6282M5FqpupTrbS38NRv2aqu75wgnMnpD+IJ7Zw=
Subject key identifier:   41:CC:56:31:FB:92:0E:E5:07:60:67:20:DD:43:D4:0C:00:2C:66:54
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4E6B63FF3F9A8E8064FE8E906D488D6B6FE9B486
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 Aug 2024 08:04:39 +0000
ROA not before:           Fri 16 Aug 2024 07:59:39 +0000
ROA not after:            Fri 15 Aug 2025 08:04:39 +0000
asID:                     47583
IP address blocks:        195.35.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:6b:63:ff:3f:9a:8e:80:64:fe:8e:90:6d:48:8d:6b:6f:e9:b4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 16 07:59:39 2024 GMT
            Not After : Aug 15 08:04:39 2025 GMT
        Subject: CN=41CC5631FB920EE507606720DD43D40C002C6654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d4:2b:b4:c0:fa:b1:80:91:9b:05:71:e2:c1:
                    c6:f4:c4:58:01:87:ea:7c:30:6f:96:92:4a:47:be:
                    e6:a8:83:c6:ed:2c:8a:8e:07:bf:57:d7:0d:91:a8:
                    5c:35:dd:ef:b7:d9:44:26:22:ae:3d:39:f4:68:d0:
                    86:f1:86:e7:66:f3:ea:cf:a5:26:55:df:b6:25:13:
                    4e:7f:3b:a2:00:b1:65:be:9b:ba:48:11:a3:0e:f4:
                    3a:0f:ef:a7:c9:9d:c1:c7:b5:8a:37:22:2d:da:d8:
                    07:c1:9e:dd:f7:e6:05:25:58:41:2f:60:20:73:16:
                    06:8f:41:0a:f2:8b:51:19:67:94:82:d0:bd:f3:63:
                    46:eb:92:f7:73:1e:43:68:a5:5e:d1:98:a7:5e:9c:
                    e6:bd:8c:fe:ac:de:68:d3:86:f0:3b:9a:b3:cf:94:
                    3f:01:68:ed:44:a8:28:8f:86:9d:c7:4d:2a:9d:05:
                    53:0c:ab:49:03:fc:d4:30:aa:b8:2d:3a:e6:76:74:
                    a5:a5:56:5c:c4:e8:ff:c0:a6:8d:e5:43:ef:58:df:
                    a2:3f:89:9c:c5:e3:69:33:d3:db:eb:fc:89:4c:48:
                    75:7a:8e:2f:3e:0d:da:a3:34:fe:ab:a6:3b:70:6f:
                    f6:ed:ee:37:15:70:d3:66:98:24:97:53:c4:8b:ca:
                    55:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CC:56:31:FB:92:0E:E5:07:60:67:20:DD:43:D4:0C:00:2C:66:54
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e35342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:6a:e8:ce:b6:1a:29:be:f8:c1:30:f8:51:9f:4a:70:a5:ba:
         2b:66:ea:65:c3:45:b5:13:d4:20:2e:de:96:e4:e7:4c:63:a8:
         c7:89:f5:dc:78:8d:a1:3e:af:5b:b7:f7:59:89:f4:7c:3a:81:
         6f:78:55:8d:41:d0:76:e3:e6:e2:fc:2f:55:d4:69:1c:ca:3b:
         c2:4c:d4:65:28:a7:6d:2f:97:76:7b:ae:4c:8f:be:ab:22:54:
         0a:4c:e0:93:61:8a:f8:06:93:92:e8:7d:56:76:79:52:07:9b:
         12:e0:f0:cf:12:af:dd:5a:0c:2a:c6:36:bd:ef:99:17:03:e5:
         ba:22:d3:be:27:f7:b0:9a:80:33:27:b5:a7:33:62:ab:07:18:
         8b:89:74:36:e0:fa:01:e3:46:bd:23:cf:de:17:89:ab:93:dc:
         dd:ad:12:49:6c:5b:22:1d:63:d6:02:1d:74:6b:e5:d4:00:28:
         7e:b7:b8:be:a5:31:b1:e8:de:ee:ba:c3:cc:52:9d:d9:ce:d4:
         31:12:b9:dc:af:2c:3e:df:bd:2b:e8:4c:e3:02:86:17:cc:49:
         a2:df:b8:0b:ea:3d:2e:a3:56:93:01:10:76:c5:bd:91:36:4d:
         d8:3a:e1:f3:9d:a3:88:4d:30:00:2e:70:2c:13:7d:e9:27:3d:
         be:eb:0b:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTmtj/z+ajoBk/o6QbUiNa2/ptIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTYwNzU5MzlaFw0yNTA4MTUwODA0MzlaMDMxMTAvBgNV
BAMTKDQxQ0M1NjMxRkI5MjBFRTUwNzYwNjcyMERENDNENDBDMDAyQzY2NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh1Cu0wPqxgJGbBXHiwcb0xFgB
h+p8MG+WkkpHvuaog8btLIqOB79X1w2RqFw13e+32UQmIq49OfRo0Ibxhudm8+rP
pSZV37YlE05/O6IAsWW+m7pIEaMO9DoP76fJncHHtYo3Ii3a2AfBnt335gUlWEEv
YCBzFgaPQQryi1EZZ5SC0L3zY0brkvdzHkNopV7RmKdenOa9jP6s3mjThvA7mrPP
lD8BaO1EqCiPhp3HTSqdBVMMq0kD/NQwqrgtOuZ2dKWlVlzE6P/Apo3lQ+9Y36I/
iZzF42kz09vr/IlMSHV6ji8+DdqjNP6rpjtwb/bt7jcVcNNmmCSXU8SLylVlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQcxWMfuSDuUHYGcg3UPUDAAsZlQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
NjANBgkqhkiG9w0BAQsFAAOCAQEAl2rozrYaKb74wTD4UZ9KcKW6K2bqZcNFtRPU
IC7eluTnTGOox4n13HiNoT6vW7f3WYn0fDqBb3hVjUHQduPm4vwvVdRpHMo7wkzU
ZSinbS+XdnuuTI++qyJUCkzgk2GK+AaTkuh9VnZ5UgebEuDwzxKv3VoMKsY2ve+Z
FwPluiLTvif3sJqAMye1pzNiqwcYi4l0NuD6AeNGvSPP3heJq5Pc3a0SSWxbIh1j
1gIddGvl1AAofre4vqUxseje7rrDzFKd2c7UMRK53K8sPt+9K+hM4wKGF8xJot+4
C+o9LqNWkwEQdsW9kTZN2Drh852jiE0wAC5wLBN96Sc9vusL3g==
-----END CERTIFICATE-----