Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e36322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          mGRIXE3u/c3w0dKzCly05BUI/JTxDnLyUoAlqfALav4=
Subject key identifier:   B5:46:7C:61:4B:0B:A7:88:B0:D5:B0:5A:47:83:39:6D:2D:DF:34:AB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       062A59277A41451D87C5A4172282AD2EFE63B5C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 Aug 2024 08:04:39 +0000
ROA not before:           Fri 16 Aug 2024 07:59:39 +0000
ROA not after:            Fri 15 Aug 2025 08:04:39 +0000
asID:                     47583
IP address blocks:        195.35.62.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:2a:59:27:7a:41:45:1d:87:c5:a4:17:22:82:ad:2e:fe:63:b5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 16 07:59:39 2024 GMT
            Not After : Aug 15 08:04:39 2025 GMT
        Subject: CN=B5467C614B0BA788B0D5B05A4783396D2DDF34AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:55:6d:85:7c:6d:af:d9:02:ab:91:70:00:16:
                    44:6a:b7:c7:83:03:c6:68:30:bb:59:51:d5:e3:cc:
                    b4:3b:52:c4:6c:a9:c0:ca:b0:b5:4d:35:e6:4f:89:
                    86:4c:14:ca:ae:5a:55:86:be:83:fd:4c:4b:86:30:
                    5b:65:0f:bc:a7:3f:ff:a7:d3:c7:98:44:dc:f7:1a:
                    44:ad:64:e2:0e:ca:77:43:c7:e1:ce:0c:81:44:70:
                    db:ff:c6:1d:c8:ec:82:79:bf:6e:26:22:3a:dd:5a:
                    33:aa:17:03:37:7f:69:dc:f9:a6:7a:33:ae:a6:74:
                    11:34:dd:c3:9d:92:b1:07:7a:cc:61:08:5e:50:41:
                    73:77:7d:eb:0b:41:47:0c:b6:e4:64:68:55:82:db:
                    f2:e9:1e:6c:f3:a0:3f:94:d6:d5:e2:33:10:7a:18:
                    73:67:cc:10:70:c9:ed:05:cf:23:1a:ef:c3:08:ce:
                    b2:1a:35:85:75:2b:90:eb:26:42:5a:69:7f:6f:c4:
                    b4:a1:34:2c:66:aa:9c:ae:40:04:8e:1c:ad:5c:b6:
                    ef:58:74:29:96:89:10:9f:de:d3:f0:bb:aa:b8:2c:
                    05:41:29:9f:56:8d:7a:f4:2d:a7:b7:bc:ef:1b:32:
                    84:bd:a0:ad:d3:b7:25:fd:ab:ff:f5:91:c9:6c:dd:
                    b5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:46:7C:61:4B:0B:A7:88:B0:D5:B0:5A:47:83:39:6D:2D:DF:34:AB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:8f:fe:1f:6c:49:22:9b:b4:15:d6:af:87:89:c9:e0:cc:79:
         f4:fa:ee:bf:08:df:7a:6b:00:26:cf:e9:09:5b:8b:42:f0:7c:
         e6:22:6c:a9:a3:46:93:a6:94:fd:14:73:3a:c5:75:f5:ac:65:
         0b:bd:bb:3a:b3:25:d5:9a:4f:30:49:e7:6f:3f:19:f5:42:f4:
         b9:6b:7a:b1:df:c1:b6:b8:fa:27:d5:00:78:3d:9f:25:bb:bc:
         af:be:52:41:24:b8:77:29:a9:8d:44:82:ad:fc:56:04:9c:98:
         7f:75:9c:cb:54:69:90:e3:4e:c8:84:ef:cb:61:5e:73:2c:0c:
         f4:b8:76:77:01:a9:00:9f:94:f8:ae:16:9e:82:7f:63:b2:85:
         b7:18:06:a5:70:fd:95:bd:fa:3f:95:16:bb:f3:c8:82:c8:8f:
         2c:de:a3:e2:f8:67:02:94:68:ba:c4:0b:90:02:d1:b8:9d:85:
         16:80:51:2f:72:3f:c7:8c:74:0f:5b:bc:51:89:73:42:02:1f:
         a7:56:d6:2e:c4:06:78:60:14:ca:f8:8d:7f:e0:33:63:f7:c0:
         6f:52:d3:f4:10:d8:25:9c:fa:39:b2:43:a6:5b:4d:98:4b:fc:
         09:77:b7:fe:c9:b4:b6:61:0c:c7:58:b1:76:e8:b2:63:6d:cd:
         45:4b:46:14
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBipZJ3pBRR2HxaQXIoKtLv5jtcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTYwNzU5MzlaFw0yNTA4MTUwODA0MzlaMDMxMTAvBgNV
BAMTKEI1NDY3QzYxNEIwQkE3ODhCMEQ1QjA1QTQ3ODMzOTZEMkRERjM0QUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDVW2FfG2v2QKrkXAAFkRqt8eD
A8ZoMLtZUdXjzLQ7UsRsqcDKsLVNNeZPiYZMFMquWlWGvoP9TEuGMFtlD7ynP/+n
08eYRNz3GkStZOIOyndDx+HODIFEcNv/xh3I7IJ5v24mIjrdWjOqFwM3f2nc+aZ6
M66mdBE03cOdkrEHesxhCF5QQXN3fesLQUcMtuRkaFWC2/LpHmzzoD+U1tXiMxB6
GHNnzBBwye0FzyMa78MIzrIaNYV1K5DrJkJaaX9vxLShNCxmqpyuQASOHK1ctu9Y
dCmWiRCf3tPwu6q4LAVBKZ9WjXr0Lae3vO8bMoS9oK3TtyX9q//1kcls3bXvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtUZ8YUsLp4iw1bBaR4M5bS3fNKswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
PjANBgkqhkiG9w0BAQsFAAOCAQEAgI/+H2xJIpu0Fdavh4nJ4Mx59PruvwjfemsA
Js/pCVuLQvB85iJsqaNGk6aU/RRzOsV19axlC727OrMl1ZpPMEnnbz8Z9UL0uWt6
sd/Btrj6J9UAeD2fJbu8r75SQSS4dympjUSCrfxWBJyYf3Wcy1RpkONOyITvy2Fe
cywM9Lh2dwGpAJ+U+K4WnoJ/Y7KFtxgGpXD9lb36P5UWu/PIgsiPLN6j4vhnApRo
usQLkALRuJ2FFoBRL3I/x4x0D1u8UYlzQgIfp1bWLsQGeGAUyviNf+AzY/fAb1LT
9BDYJZz6ObJDpltNmEv8CXe3/sm0tmEMx1ixduiyY23NRUtGFA==
-----END CERTIFICATE-----