Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa
File:                     3139352e33352e382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          DqRYqKJzgM8lQt8ljmYJFhYmYp396XMBQ5u7GOiroIQ=
Subject key identifier:   64:8F:9F:42:21:F8:85:36:5E:F8:6F:C7:4F:DB:A1:71:22:F4:9A:18
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4AA04F8AABE4BDCA5F9D3F68A0B836008059C228
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:40:45 +0000
ROA not before:           Thu 13 Jun 2024 10:35:45 +0000
ROA not after:            Thu 12 Jun 2025 10:40:45 +0000
asID:                     47583
IP address blocks:        195.35.8.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:a0:4f:8a:ab:e4:bd:ca:5f:9d:3f:68:a0:b8:36:00:80:59:c2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:35:45 2024 GMT
            Not After : Jun 12 10:40:45 2025 GMT
        Subject: CN=648F9F4221F885365EF86FC74FDBA17122F49A18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e0:b8:f8:32:c4:31:f6:ff:8e:6e:52:52:08:
                    50:ab:4f:54:d1:28:51:7f:56:d5:b7:95:17:1e:f6:
                    f4:30:0d:de:55:28:b7:9b:34:f8:46:19:de:65:ce:
                    9e:a2:06:15:74:05:0a:2d:f9:f4:aa:38:c8:52:9a:
                    38:f9:28:28:14:44:7e:aa:d1:41:97:4c:e0:73:fd:
                    39:84:a5:d6:0a:d4:4d:e1:8b:ab:d7:2d:eb:97:16:
                    e6:f1:12:f0:67:71:72:43:0f:95:ab:38:5a:4d:bd:
                    4c:f8:a3:8f:59:77:b6:d5:fa:04:20:e0:d9:9a:62:
                    a7:ac:e2:f0:9b:6d:f5:85:86:b1:00:c1:ca:da:7a:
                    72:99:5a:ed:5e:09:30:7a:d6:b2:e8:5a:3b:6f:07:
                    be:3c:c2:13:b9:c6:0e:6a:7d:f9:61:e7:e9:b8:82:
                    94:18:5a:22:b3:ca:33:5b:38:ac:15:a0:c0:9a:ce:
                    2d:66:ad:d6:80:00:13:f2:64:8f:88:e4:6a:0f:ee:
                    fa:0f:2e:30:1b:28:92:42:0d:96:8b:03:14:4b:f6:
                    cc:0a:38:f3:dc:2b:07:99:4f:81:80:86:18:98:95:
                    6b:d7:52:8f:e7:59:6d:dd:ac:0e:97:fc:eb:50:92:
                    33:42:16:6d:d4:75:f8:e6:ed:c9:4b:f6:7c:a9:42:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8F:9F:42:21:F8:85:36:5E:F8:6F:C7:4F:DB:A1:71:22:F4:9A:18
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8f:d3:9e:90:d8:97:54:6d:2a:25:68:fd:f5:ff:0e:55:e7:5e:
         5e:4b:3a:66:44:70:9e:0a:9f:06:74:59:4a:d3:89:26:07:4d:
         ed:a5:3a:9c:1b:50:2b:dc:c6:3c:d7:9c:e8:44:57:a0:d3:2b:
         9b:dc:28:9f:92:a4:c2:52:1c:29:6a:82:b8:d0:c1:c5:bb:53:
         b9:04:84:6d:73:53:c7:fb:5a:53:92:93:88:db:4f:10:19:47:
         72:85:fd:b9:cf:8e:6f:bf:4b:45:77:47:a1:1a:bb:35:00:28:
         9d:c4:be:45:a6:53:e6:7c:ea:94:9c:3b:3f:a8:ec:bf:8c:0a:
         79:2a:5a:f4:09:04:79:c4:79:1e:26:e4:11:d1:21:12:97:eb:
         8f:6f:89:a9:f7:47:54:d0:26:74:2b:06:f6:fe:b0:dc:64:9e:
         35:08:07:ae:f8:80:87:f7:01:b9:b9:5f:6a:ee:17:d9:0d:e6:
         f9:a1:7f:96:ef:30:57:bc:fa:5f:87:e0:e8:04:b1:3b:16:51:
         f1:b0:95:b1:db:37:30:ba:d2:24:b3:e9:fe:68:b2:3e:c1:de:
         aa:55:7f:14:9a:e9:24:72:22:b5:93:24:0a:8c:5a:83:fb:f9:
         04:d3:b1:c3:c6:c9:45:52:67:cc:1f:da:a6:91:77:ec:c7:6e:
         ff:9f:b9:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSqBPiqvkvcpfnT9ooLg2AIBZwigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM1NDVaFw0yNTA2MTIxMDQwNDVaMDMxMTAvBgNV
BAMTKDY0OEY5RjQyMjFGODg1MzY1RUY4NkZDNzRGREJBMTcxMjJGNDlBMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24Lj4MsQx9v+OblJSCFCrT1TR
KFF/VtW3lRce9vQwDd5VKLebNPhGGd5lzp6iBhV0BQot+fSqOMhSmjj5KCgURH6q
0UGXTOBz/TmEpdYK1E3hi6vXLeuXFubxEvBncXJDD5WrOFpNvUz4o49Zd7bV+gQg
4NmaYqes4vCbbfWFhrEAwcraenKZWu1eCTB61rLoWjtvB748whO5xg5qfflh5+m4
gpQYWiKzyjNbOKwVoMCazi1mrdaAABPyZI+I5GoP7voPLjAbKJJCDZaLAxRL9swK
OPPcKweZT4GAhhiYlWvXUo/nWW3drA6X/OtQkjNCFm3Udfjm7clL9nypQkaDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZI+fQiH4hTZe+G/HT9uhcSL0mhgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPDIwgw
DQYJKoZIhvcNAQELBQADggEBAI/TnpDYl1RtKiVo/fX/DlXnXl5LOmZEcJ4KnwZ0
WUrTiSYHTe2lOpwbUCvcxjzXnOhEV6DTK5vcKJ+SpMJSHClqgrjQwcW7U7kEhG1z
U8f7WlOSk4jbTxAZR3KF/bnPjm+/S0V3R6EauzUAKJ3EvkWmU+Z86pScOz+o7L+M
CnkqWvQJBHnEeR4m5BHRIRKX649vian3R1TQJnQrBvb+sNxknjUIB674gIf3Abm5
X2ruF9kN5vmhf5bvMFe8+l+H4OgEsTsWUfGwlbHbNzC60iSz6f5osj7B3qpVfxSa
6SRyIrWTJAqMWoP7+QTTscPGyUVSZ8wf2qaRd+zHbv+fucw=
-----END CERTIFICATE-----