Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e36302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          pNV/maKQBmo9DpFCS9UUeczQzX4pWoZ1JFuNPEU1GZk=
Subject key identifier:   0B:43:F0:82:6E:EE:D7:D4:1B:E9:7F:B1:83:1D:DE:F5:15:E6:69:46
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       159E13D4FD292A518272311B3CA456FD7BB54567
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 Aug 2024 08:04:39 +0000
ROA not before:           Fri 16 Aug 2024 07:59:39 +0000
ROA not after:            Fri 15 Aug 2025 08:04:39 +0000
asID:                     47583
IP address blocks:        195.35.60.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:9e:13:d4:fd:29:2a:51:82:72:31:1b:3c:a4:56:fd:7b:b5:45:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 16 07:59:39 2024 GMT
            Not After : Aug 15 08:04:39 2025 GMT
        Subject: CN=0B43F0826EEED7D41BE97FB1831DDEF515E66946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2f:a3:fe:97:e3:36:71:af:ef:f8:dd:9f:91:
                    ec:79:e7:97:f7:a9:12:39:b8:91:10:d4:ce:f6:d4:
                    d0:6f:9e:1e:63:eb:25:17:20:e2:87:15:0a:15:17:
                    f4:fd:75:31:21:c6:e0:b8:01:de:e5:09:2e:a2:f9:
                    8a:51:67:7c:f4:b3:9b:33:03:a0:dd:37:fb:8a:8b:
                    0d:b2:06:76:81:a2:d4:01:26:d8:01:52:32:7d:b1:
                    be:35:30:5a:c7:6c:0c:70:68:c8:5c:3a:cb:f3:ae:
                    22:ac:ae:49:56:78:22:0d:af:69:83:69:bb:f5:ad:
                    d7:45:6d:d3:98:ac:9b:9d:e2:a3:c7:08:0d:38:d8:
                    92:8a:d9:5d:87:1f:bb:a4:2f:a3:15:bb:39:1e:95:
                    6a:d8:1a:1d:be:27:58:cd:66:fb:f6:32:78:67:02:
                    3b:d2:9f:81:22:29:27:69:01:9a:e0:b7:40:ed:96:
                    a1:0f:28:e5:a1:8f:e1:87:29:54:c4:d9:f1:01:2e:
                    70:02:6a:fe:b6:7a:f2:dd:5f:58:71:6f:60:e4:67:
                    b5:ad:de:41:1f:e0:e6:3d:c2:d9:e0:ab:17:32:29:
                    b6:c4:c0:75:00:87:9a:1a:2f:c9:c7:25:d1:fb:fd:
                    80:78:e7:5f:91:e9:94:6a:bc:c0:54:9a:e9:99:c1:
                    83:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:43:F0:82:6E:EE:D7:D4:1B:E9:7F:B1:83:1D:DE:F5:15:E6:69:46
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:d1:df:fb:54:c3:3a:c1:5c:fe:73:66:e9:01:92:da:1a:59:
         c3:77:74:3d:73:a9:5d:33:b7:3f:da:ef:9c:f6:2e:59:ac:8a:
         9c:88:1a:80:72:c2:9d:98:05:11:24:22:c6:07:cb:88:2a:67:
         92:cd:e6:d7:43:c2:84:72:1f:99:35:86:33:a3:f4:d4:d8:7f:
         5f:41:1c:fb:fd:3e:f1:95:a6:4b:4d:8a:57:46:55:25:ba:ac:
         3e:f8:79:91:39:6e:39:e3:35:ce:e1:af:52:d8:c1:7c:63:33:
         88:6b:6b:04:9a:19:df:8c:ac:c3:e0:03:4c:f4:6f:32:0d:df:
         2c:bf:a1:ce:95:8e:91:db:da:7f:63:24:40:d1:4d:3d:87:be:
         3f:ed:8f:02:44:d8:d4:e7:4a:bb:d0:ec:ed:8b:bb:23:81:20:
         d0:97:8d:77:b6:71:e2:96:e4:73:7e:e5:d3:91:70:69:1d:a5:
         cd:39:ea:f1:f4:52:4b:70:08:34:50:38:f8:75:e2:42:bd:d3:
         38:00:0d:75:4e:50:ee:e9:d0:a9:20:9c:e4:66:96:a1:d6:9b:
         35:72:31:8b:42:41:97:c8:bb:26:3c:47:1c:c8:d4:8e:c4:30:
         c4:4e:6a:5d:ea:6a:3a:c2:ec:e1:a5:80:b9:80:cb:ff:7d:bb:
         25:8a:3a:90
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFZ4T1P0pKlGCcjEbPKRW/Xu1RWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTYwNzU5MzlaFw0yNTA4MTUwODA0MzlaMDMxMTAvBgNV
BAMTKDBCNDNGMDgyNkVFRUQ3RDQxQkU5N0ZCMTgzMURERUY1MTVFNjY5NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVL6P+l+M2ca/v+N2fkex555f3
qRI5uJEQ1M721NBvnh5j6yUXIOKHFQoVF/T9dTEhxuC4Ad7lCS6i+YpRZ3z0s5sz
A6DdN/uKiw2yBnaBotQBJtgBUjJ9sb41MFrHbAxwaMhcOsvzriKsrklWeCINr2mD
abv1rddFbdOYrJud4qPHCA042JKK2V2HH7ukL6MVuzkelWrYGh2+J1jNZvv2Mnhn
AjvSn4EiKSdpAZrgt0DtlqEPKOWhj+GHKVTE2fEBLnACav62evLdX1hxb2DkZ7Wt
3kEf4OY9wtngqxcyKbbEwHUAh5oaL8nHJdH7/YB451+R6ZRqvMBUmumZwYPpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUC0Pwgm7u19Qb6X+xgx3e9RXmaUYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNjMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
PDANBgkqhkiG9w0BAQsFAAOCAQEADtHf+1TDOsFc/nNm6QGS2hpZw3d0PXOpXTO3
P9rvnPYuWayKnIgagHLCnZgFESQixgfLiCpnks3m10PChHIfmTWGM6P01Nh/X0Ec
+/0+8ZWmS02KV0ZVJbqsPvh5kTluOeM1zuGvUtjBfGMziGtrBJoZ34ysw+ADTPRv
Mg3fLL+hzpWOkdvaf2MkQNFNPYe+P+2PAkTY1OdKu9Ds7Yu7I4Eg0JeNd7Zx4pbk
c37l05FwaR2lzTnq8fRSS3AINFA4+HXiQr3TOAANdU5Q7unQqSCc5GaWodabNXIx
i0JBl8i7JjxHHMjUjsQwxE5qXepqOsLs4aWAuYDL/327JYo6kA==
-----END CERTIFICATE-----