Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e36302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Ms8pDycNkZEeSPtlaBCgn66SKazFeL17IWbd4jf2R/g=
Subject key identifier:   AF:45:99:84:C5:B3:10:E6:0B:56:F6:35:0E:0A:41:19:6D:A4:41:59
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2E546EE0D2EE87FC979577700102EC635B496484
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 15 Sep 2023 07:08:57 +0000
ROA not before:           Fri 15 Sep 2023 07:03:57 +0000
ROA not after:            Fri 13 Sep 2024 07:08:57 +0000
asID:                     47583
IP address blocks:        195.35.60.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:54:6e:e0:d2:ee:87:fc:97:95:77:70:01:02:ec:63:5b:49:64:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 15 07:03:57 2023 GMT
            Not After : Sep 13 07:08:57 2024 GMT
        Subject: CN=AF459984C5B310E60B56F6350E0A41196DA44159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:56:df:28:32:30:f0:ce:0e:46:3d:ff:91:3c:
                    1b:82:83:31:ae:49:3c:91:f8:fb:ad:f6:28:e0:60:
                    b0:cc:30:9b:a5:39:b2:33:83:bd:99:75:eb:fd:f6:
                    c7:3f:fc:0c:6c:03:70:a7:8f:a3:7d:c9:de:65:87:
                    ea:95:7d:33:f8:3f:1b:49:22:45:ef:2d:f9:88:2b:
                    e6:60:5c:da:2c:f4:c0:63:26:8b:d2:04:67:1d:26:
                    60:d9:2c:da:1b:26:c9:ec:88:47:9a:b9:f9:ab:86:
                    dd:ac:d9:38:fa:a2:29:a5:83:39:5f:46:d6:70:e0:
                    75:8d:54:82:84:7c:12:8d:84:63:a8:cd:86:d5:7a:
                    71:43:a1:48:6b:0c:ad:e4:40:82:c3:e6:b9:11:aa:
                    7a:83:20:07:91:56:06:a8:b6:07:08:95:7d:79:ac:
                    de:39:bd:44:d8:d4:45:78:4e:1c:d3:64:ae:a9:da:
                    b0:0e:c6:82:ad:ff:9e:91:42:fc:57:44:60:fe:46:
                    22:05:47:e8:aa:25:d4:f6:dd:8e:96:9a:8d:d4:c1:
                    0b:e3:a7:9e:47:80:a4:55:58:ec:61:9e:69:e5:ef:
                    df:0a:64:e4:49:96:df:3b:b2:a5:ed:bc:ed:d0:f9:
                    d6:d5:27:7c:0f:b3:36:14:37:40:49:03:ef:aa:5f:
                    cc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:45:99:84:C5:B3:10:E6:0B:56:F6:35:0E:0A:41:19:6D:A4:41:59
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:09:d6:46:05:05:6b:35:53:60:63:3b:33:85:ea:b4:18:01:
         e1:63:50:5c:9d:86:3b:01:41:e5:90:d0:40:e6:52:e0:ea:b2:
         b8:01:b4:82:c9:f0:65:b3:0e:85:33:1c:c1:bb:f4:14:1b:4e:
         45:8c:fe:c1:0c:d5:d7:a9:37:fe:55:1f:04:38:d9:3c:04:71:
         e9:39:b6:8b:fc:64:24:c6:ae:44:d0:b7:e6:37:fa:22:e1:38:
         e3:f5:e2:52:70:37:79:6a:c3:78:ee:d5:a4:ed:51:f8:f7:a0:
         34:62:21:0b:c6:b6:0e:c6:29:a0:4e:ee:63:84:72:e5:90:19:
         f1:f1:6d:fc:76:ad:b9:d0:b0:56:74:5f:ff:47:ff:91:e0:d3:
         89:18:8d:df:62:be:f7:ca:27:5b:a1:a5:a1:35:b5:81:e7:fc:
         08:21:20:7a:64:2f:b8:d9:ca:d2:d3:40:90:7d:5d:7b:46:11:
         7c:1b:42:69:c2:8e:57:97:ef:b0:35:b4:34:c7:42:40:7b:69:
         66:d0:b5:5d:06:ef:ec:cc:6b:b7:9d:70:a6:46:a4:f2:1e:73:
         68:c7:c2:fc:8e:de:4d:07:7c:88:87:29:9c:4b:a1:ab:be:0a:
         72:2d:04:62:ae:4e:e9:83:39:b1:d9:01:b5:3c:5c:c1:d2:14:
         a7:30:52:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULlRu4NLuh/yXlXdwAQLsY1tJZIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTUwNzAzNTdaFw0yNDA5MTMwNzA4NTdaMDMxMTAvBgNV
BAMTKEFGNDU5OTg0QzVCMzEwRTYwQjU2RjYzNTBFMEE0MTE5NkRBNDQxNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNVt8oMjDwzg5GPf+RPBuCgzGu
STyR+Put9ijgYLDMMJulObIzg72Zdev99sc//AxsA3Cnj6N9yd5lh+qVfTP4PxtJ
IkXvLfmIK+ZgXNos9MBjJovSBGcdJmDZLNobJsnsiEeaufmrht2s2Tj6oimlgzlf
RtZw4HWNVIKEfBKNhGOozYbVenFDoUhrDK3kQILD5rkRqnqDIAeRVgaotgcIlX15
rN45vUTY1EV4ThzTZK6p2rAOxoKt/56RQvxXRGD+RiIFR+iqJdT23Y6Wmo3UwQvj
p55HgKRVWOxhnmnl798KZORJlt87sqXtvO3Q+dbVJ3wPszYUN0BJA++qX8wPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUr0WZhMWzEOYLVvY1DgpBGW2kQVkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNjMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
PDANBgkqhkiG9w0BAQsFAAOCAQEAEwnWRgUFazVTYGM7M4XqtBgB4WNQXJ2GOwFB
5ZDQQOZS4OqyuAG0gsnwZbMOhTMcwbv0FBtORYz+wQzV16k3/lUfBDjZPARx6Tm2
i/xkJMauRNC35jf6IuE44/XiUnA3eWrDeO7VpO1R+PegNGIhC8a2DsYpoE7uY4Ry
5ZAZ8fFt/HatudCwVnRf/0f/keDTiRiN32K+98onW6GloTW1gef8CCEgemQvuNnK
0tNAkH1de0YRfBtCacKOV5fvsDW0NMdCQHtpZtC1XQbv7Mxrt51wpkak8h5zaMfC
/I7eTQd8iIcpnEuhq74Kci0EYq5O6YM5sdkBtTxcwdIUpzBSsg==
-----END CERTIFICATE-----