Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e36302e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          5gS7/UTJ2k44eZEdGjhaDfgt6gcOafrhFTJRo41rwYQ=
Subject key identifier:   37:51:6F:D3:AA:E0:D3:AA:CB:DF:B7:30:66:4D:B9:09:F6:FD:23:B8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       437F61BF11484CB1178B1BE9D6795D87210C798C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 18 Jul 2025 08:46:54 +0000
ROA not before:           Fri 18 Jul 2025 08:41:54 +0000
ROA not after:            Fri 17 Jul 2026 08:46:54 +0000
asID:                     47583
IP address blocks:        195.35.60.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:7f:61:bf:11:48:4c:b1:17:8b:1b:e9:d6:79:5d:87:21:0c:79:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 18 08:41:54 2025 GMT
            Not After : Jul 17 08:46:54 2026 GMT
        Subject: CN=37516FD3AAE0D3AACBDFB730664DB909F6FD23B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:67:1a:b4:03:2d:e2:db:10:61:aa:b2:80:1c:
                    5a:14:e8:8a:33:1c:39:90:5d:7c:a4:2c:44:70:51:
                    4a:a4:ce:59:db:22:8a:f4:13:ca:ef:1e:45:30:42:
                    d7:69:5b:10:f6:aa:81:d3:1f:23:2e:e5:38:56:e2:
                    f3:2b:25:2a:dc:78:6b:89:b1:ee:fb:38:22:5f:d9:
                    b3:ca:96:57:8a:ff:52:11:09:90:71:5a:f6:2d:02:
                    a4:06:11:e8:3f:a2:d1:65:05:ab:7c:e2:f5:9a:43:
                    f8:35:d3:5a:fe:eb:12:5a:15:25:c3:4b:75:a9:01:
                    8b:80:46:d2:5b:e4:4b:c8:7e:c3:17:75:1d:78:a5:
                    35:6e:02:bf:56:53:f6:25:ca:10:79:56:d0:bd:4f:
                    b4:f9:73:43:8d:76:7e:c0:0c:23:c6:68:93:55:ba:
                    8c:5f:13:76:b2:1f:07:ae:9c:89:77:7f:d6:2b:e1:
                    07:59:85:20:e0:48:06:07:4a:69:82:d2:94:1a:cf:
                    a6:e6:37:d9:90:ec:d7:b5:ed:54:a8:f1:93:99:a0:
                    c0:fe:9a:90:3b:fd:8f:b9:6f:87:d9:77:47:e8:de:
                    5f:80:e8:f4:c5:9d:e9:fa:59:b6:8d:79:a8:b6:4f:
                    cf:46:69:4f:d5:cc:01:5f:88:72:14:8d:85:08:bb:
                    03:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:51:6F:D3:AA:E0:D3:AA:CB:DF:B7:30:66:4D:B9:09:F6:FD:23:B8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36302e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:0c:63:22:48:46:59:48:75:a5:dc:32:f7:af:68:8c:2d:81:
         53:fb:6f:f4:2a:26:85:2a:1d:48:18:6a:7d:98:d2:ab:26:04:
         80:7e:a9:8f:46:c8:45:fd:42:16:b5:13:9e:c9:25:b2:76:39:
         df:fe:47:f4:41:93:27:91:2f:3d:ff:fa:a6:dc:a7:80:6b:35:
         9a:92:f3:ed:1a:d7:9a:bd:21:7b:56:d1:b0:a0:b2:71:b5:bc:
         a6:d4:b3:cb:5a:9a:a4:71:bc:97:cd:ca:6d:db:d6:d3:08:04:
         0a:a6:f8:d8:e9:58:1f:26:d6:16:17:bf:8d:a1:fb:e9:94:69:
         b8:34:3f:cc:77:5a:4e:9f:69:05:46:63:0d:14:ff:30:a0:c2:
         bc:cd:a9:8d:05:71:6f:2e:dc:2c:ac:48:50:c8:47:44:0b:87:
         7d:de:b7:29:e1:db:c3:ea:24:5b:6d:c1:20:32:d1:1d:4f:5d:
         30:fb:b7:fc:fc:06:21:8e:2c:4c:8b:5f:4e:87:28:ba:ff:2f:
         9f:e0:b4:d2:c7:82:62:85:5c:15:96:13:7c:9d:49:fe:34:f7:
         65:3d:95:23:bf:80:96:7f:45:45:87:af:33:d0:61:8d:51:7d:
         6b:11:97:3e:af:09:ec:03:fa:06:c8:d5:2d:5c:81:75:75:cd:
         38:2e:51:59
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQ39hvxFITLEXixvp1nldhyEMeYwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTgwODQxNTRaFw0yNjA3MTcwODQ2NTRaMDMxMTAvBgNV
BAMTKDM3NTE2RkQzQUFFMEQzQUFDQkRGQjczMDY2NERCOTA5RjZGRDIzQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOZxq0Ay3i2xBhqrKAHFoU6Ioz
HDmQXXykLERwUUqkzlnbIor0E8rvHkUwQtdpWxD2qoHTHyMu5ThW4vMrJSrceGuJ
se77OCJf2bPKlleK/1IRCZBxWvYtAqQGEeg/otFlBat84vWaQ/g101r+6xJaFSXD
S3WpAYuARtJb5EvIfsMXdR14pTVuAr9WU/YlyhB5VtC9T7T5c0ONdn7ADCPGaJNV
uoxfE3ayHweunIl3f9Yr4QdZhSDgSAYHSmmC0pQaz6bmN9mQ7Ne17VSo8ZOZoMD+
mpA7/Y+5b4fZd0fo3l+A6PTFnen6WbaNeai2T89GaU/VzAFfiHIUjYUIuwOLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN1Fv06rg06rL37cwZk25Cfb9I7gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNjMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
PDANBgkqhkiG9w0BAQsFAAOCAQEAXgxjIkhGWUh1pdwy969ojC2BU/tv9ComhSod
SBhqfZjSqyYEgH6pj0bIRf1CFrUTnsklsnY53/5H9EGTJ5EvPf/6ptyngGs1mpLz
7RrXmr0he1bRsKCycbW8ptSzy1qapHG8l83KbdvW0wgECqb42OlYHybWFhe/jaH7
6ZRpuDQ/zHdaTp9pBUZjDRT/MKDCvM2pjQVxby7cLKxIUMhHRAuHfd63KeHbw+ok
W23BIDLRHU9dMPu3/PwGIY4sTItfTocouv8vn+C00seCYoVcFZYTfJ1J/jT3ZT2V
I7+Aln9FRYevM9BhjVF9axGXPq8J7AP6BsjVLVyBdXXNOC5RWQ==
-----END CERTIFICATE-----