Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa
File:                     3139352e33352e36322e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          mPygbd6pRcmWnxtLVlWmQB6FHBlUh082eMaSsag7tiw=
Subject key identifier:   62:99:19:80:AF:EE:80:9A:99:C8:BF:1C:E0:78:FE:E5:47:58:10:A8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7D224CF16BFA1A78831B4D83EDE49105EEF21353
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 15 Sep 2023 07:08:50 +0000
ROA not before:           Fri 15 Sep 2023 07:03:50 +0000
ROA not after:            Fri 13 Sep 2024 07:08:50 +0000
asID:                     47583
IP address blocks:        195.35.62.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:22:4c:f1:6b:fa:1a:78:83:1b:4d:83:ed:e4:91:05:ee:f2:13:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 15 07:03:50 2023 GMT
            Not After : Sep 13 07:08:50 2024 GMT
        Subject: CN=62991980AFEE809A99C8BF1CE078FEE5475810A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:27:27:52:19:24:b0:45:65:a2:19:f9:0d:50:
                    9f:cf:3c:d4:ff:37:31:a3:7e:4a:8b:24:12:97:b1:
                    36:7a:a8:4f:02:13:91:0c:52:96:a0:cf:99:e8:98:
                    a4:4e:3e:f1:06:53:f7:f2:94:6b:ec:27:da:0b:db:
                    a8:ee:38:03:28:8d:3a:7d:25:6c:bf:9c:9a:e0:b3:
                    24:d4:f3:c0:e9:fc:c8:fc:21:7a:36:b1:2e:95:25:
                    9d:09:1a:f8:3a:0e:7e:95:25:2d:69:c9:c1:15:ac:
                    2d:88:b9:98:f7:ce:b1:58:f7:d8:60:92:dd:49:99:
                    2b:08:5a:81:c8:90:45:cf:3b:1c:a7:d9:10:85:be:
                    de:f3:57:4b:fc:5b:08:02:70:82:9c:df:5a:e0:a0:
                    61:db:d7:4e:02:47:8f:6d:e6:d2:48:12:c6:02:04:
                    25:82:4d:33:b0:0a:61:48:71:78:54:21:f9:c6:12:
                    92:6b:f1:a6:63:1f:59:ae:0c:e9:fd:84:a9:04:80:
                    bd:87:d8:36:95:ac:91:a7:b9:41:1f:6b:77:ce:a1:
                    3f:80:5d:be:88:30:46:4b:b5:31:24:35:a7:1d:5f:
                    24:a0:33:96:7d:86:1f:48:9a:bd:74:1b:59:e8:89:
                    88:dc:e1:22:c0:d5:0d:c7:79:54:82:51:07:c1:2d:
                    ea:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:99:19:80:AF:EE:80:9A:99:C8:BF:1C:E0:78:FE:E5:47:58:10:A8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e36322e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:1e:61:19:72:7f:08:c0:0d:a4:15:92:aa:b8:66:85:87:1d:
         3b:49:ea:a5:6c:72:ef:aa:29:c7:c7:eb:c2:2e:a5:c6:bd:38:
         36:0f:a2:4d:23:6c:56:5e:b0:d9:a2:aa:58:d7:59:3b:03:ae:
         76:31:0f:be:ed:1b:23:4b:02:f5:a3:98:1c:c9:ce:67:4c:6c:
         7a:12:68:f4:3d:3f:96:7f:6e:31:8c:c7:f7:d2:0b:6c:18:63:
         86:ba:d6:31:42:69:4d:69:b5:51:e1:31:94:1f:4e:4c:bf:b6:
         3f:81:06:2c:28:0d:d7:39:83:54:e0:6c:9e:8c:19:bb:1d:b1:
         a8:e9:d0:54:12:38:10:d9:33:69:87:bd:b8:fc:63:03:71:88:
         c3:ac:48:e0:5c:2c:77:82:d1:09:83:f2:22:51:ba:2f:a7:4e:
         65:1f:0d:95:7a:03:6e:a9:f2:27:9e:cd:12:57:7e:b2:47:6e:
         7e:ef:8b:ca:e1:07:1f:1c:16:a8:9b:4c:f3:8d:fd:55:85:61:
         0f:18:35:05:7c:43:1e:7d:de:86:0f:93:4f:7d:f8:79:6b:b0:
         51:80:3e:91:4a:31:8b:3c:72:ed:35:1d:0a:d6:e4:fe:5b:6e:
         72:d8:e7:4e:02:c6:06:f6:91:56:ac:a7:31:1a:c6:ae:d2:97:
         a5:aa:b3:ea
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfSJM8Wv6GniDG02D7eSRBe7yE1MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MTUwNzAzNTBaFw0yNDA5MTMwNzA4NTBaMDMxMTAvBgNV
BAMTKDYyOTkxOTgwQUZFRTgwOUE5OUM4QkYxQ0UwNzhGRUU1NDc1ODEwQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwJydSGSSwRWWiGfkNUJ/PPNT/
NzGjfkqLJBKXsTZ6qE8CE5EMUpagz5nomKROPvEGU/fylGvsJ9oL26juOAMojTp9
JWy/nJrgsyTU88Dp/Mj8IXo2sS6VJZ0JGvg6Dn6VJS1pycEVrC2IuZj3zrFY99hg
kt1JmSsIWoHIkEXPOxyn2RCFvt7zV0v8WwgCcIKc31rgoGHb104CR49t5tJIEsYC
BCWCTTOwCmFIcXhUIfnGEpJr8aZjH1muDOn9hKkEgL2H2DaVrJGnuUEfa3fOoT+A
Xb6IMEZLtTEkNacdXySgM5Z9hh9Imr10G1noiYjc4SLA1Q3HeVSCUQfBLeplAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYpkZgK/ugJqZyL8c4Hj+5UdYEKgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcMj
PjANBgkqhkiG9w0BAQsFAAOCAQEANB5hGXJ/CMANpBWSqrhmhYcdO0nqpWxy76op
x8frwi6lxr04Ng+iTSNsVl6w2aKqWNdZOwOudjEPvu0bI0sC9aOYHMnOZ0xsehJo
9D0/ln9uMYzH99ILbBhjhrrWMUJpTWm1UeExlB9OTL+2P4EGLCgN1zmDVOBsnowZ
ux2xqOnQVBI4ENkzaYe9uPxjA3GIw6xI4Fwsd4LRCYPyIlG6L6dOZR8NlXoDbqny
J57NEld+skdufu+LyuEHHxwWqJtM8439VYVhDxg1BXxDHn3ehg+TT334eWuwUYA+
kUoxizxy7TUdCtbk/ltuctjnTgLGBvaRVqynMRrGrtKXpaqz6g==
-----END CERTIFICATE-----