Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa
File:                     3139352e33352e382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          D2N8OF9SjLJJleyr2dF4Szs+ydk0YBqqX/vfTYuL8JY=
Subject key identifier:   DC:66:58:53:53:76:22:D2:6B:78:2A:B6:5F:C1:21:A2:55:AF:79:37
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       391FF8756EFE303AD724A9046D532E5B33A7B67C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        195.35.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 17:19:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:1f:f8:75:6e:fe:30:3a:d7:24:a9:04:6d:53:2e:5b:33:a7:b6:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=DC665853537622D26B782AB65FC121A255AF7937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b1:0b:cf:22:94:b0:04:19:80:15:58:c5:fd:
                    f8:bf:79:b7:5d:4a:34:64:09:11:19:97:d4:5b:49:
                    60:43:58:5f:c0:df:c4:87:24:fe:70:38:61:9d:de:
                    ad:53:2e:2d:c5:a6:fb:d2:45:49:d0:5b:3d:4c:d4:
                    0a:a2:64:7d:bc:e3:14:7e:d5:b7:51:2f:1a:9e:fd:
                    ab:da:58:6a:3c:59:b9:25:e4:91:fe:e8:22:54:6b:
                    76:a4:09:ed:62:05:30:d9:e9:18:c0:69:7f:b7:63:
                    26:e6:9f:f6:69:f8:ef:1b:80:d5:88:e6:3a:80:fd:
                    57:7a:97:6c:07:f5:e9:58:d1:51:91:bb:36:52:c9:
                    f5:91:eb:d7:14:50:07:4c:b8:03:5c:ce:e8:a4:17:
                    b5:66:54:98:b5:62:6d:1b:cd:f6:2b:e2:a4:c1:b9:
                    8a:d7:3f:bf:f1:6a:f7:43:9e:b1:3d:3c:37:4a:82:
                    e2:c0:f1:52:cd:ba:f5:63:54:ee:7e:a4:98:7b:a6:
                    a5:9a:64:8a:7e:17:e2:9e:16:70:96:15:82:dc:cd:
                    bd:ab:8b:dc:7a:c0:c7:6b:d0:f7:16:66:03:38:01:
                    d3:59:eb:cf:24:96:f2:4a:cd:9f:9d:b0:3c:38:39:
                    66:4f:fb:56:09:e1:69:33:d3:1a:b3:3a:f4:a1:d3:
                    1e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:66:58:53:53:76:22:D2:6B:78:2A:B6:5F:C1:21:A2:55:AF:79:37
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:71:7e:f4:fa:83:85:14:9d:20:96:f0:22:2e:cc:75:e5:f8:
         9a:23:76:97:fd:09:f6:17:c6:ec:92:df:d4:30:dc:6a:1a:01:
         0a:52:a9:55:f0:4d:0f:2c:b3:c1:46:7a:fe:ce:c3:4d:19:a5:
         29:68:89:5d:59:2e:c1:31:3a:a8:3b:23:c6:df:2e:7b:44:cd:
         e7:e6:90:32:3c:3f:33:29:d4:79:8f:0c:b5:1e:c4:c3:62:5e:
         d9:7a:c2:15:35:46:69:c8:dd:be:78:f6:b5:55:58:27:a7:40:
         54:93:b7:36:33:89:fa:98:43:38:db:31:36:2d:30:72:28:f2:
         39:04:74:7c:dd:75:59:3a:ca:07:f6:64:de:77:74:87:81:eb:
         29:39:96:2b:72:1a:51:d5:16:f3:ba:ce:ca:f3:20:b4:c9:a8:
         e0:0d:9a:f8:5a:1b:f6:5d:46:6f:24:7c:b7:f8:ad:7c:1d:b1:
         a0:e7:56:30:a3:84:0a:27:2d:2b:5d:a6:80:d5:98:1f:ce:6b:
         d8:07:ad:f6:44:52:5e:0f:79:42:67:c3:ba:7b:65:91:e7:79:
         9a:77:83:ea:ad:5a:3e:cb:14:64:88:2c:31:11:2e:c9:58:60:
         f1:5e:a5:3d:e4:11:5c:77:19:2d:79:26:23:1a:16:b0:eb:52:
         78:a5:82:27
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOR/4dW7+MDrXJKkEbVMuWzOntnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKERDNjY1ODUzNTM3NjIyRDI2Qjc4MkFCNjVGQzEyMUEyNTVBRjc5MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpsQvPIpSwBBmAFVjF/fi/ebdd
SjRkCREZl9RbSWBDWF/A38SHJP5wOGGd3q1TLi3FpvvSRUnQWz1M1AqiZH284xR+
1bdRLxqe/avaWGo8Wbkl5JH+6CJUa3akCe1iBTDZ6RjAaX+3Yybmn/Zp+O8bgNWI
5jqA/Vd6l2wH9elY0VGRuzZSyfWR69cUUAdMuANczuikF7VmVJi1Ym0bzfYr4qTB
uYrXP7/xavdDnrE9PDdKguLA8VLNuvVjVO5+pJh7pqWaZIp+F+KeFnCWFYLczb2r
i9x6wMdr0PcWZgM4AdNZ688klvJKzZ+dsDw4OWZP+1YJ4Wkz0xqzOvSh0x6dAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3GZYU1N2ItJreCq2X8EholWveTcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPDIwgw
DQYJKoZIhvcNAQELBQADggEBAAhxfvT6g4UUnSCW8CIuzHXl+Jojdpf9CfYXxuyS
39Qw3GoaAQpSqVXwTQ8ss8FGev7Ow00ZpSloiV1ZLsExOqg7I8bfLntEzefmkDI8
PzMp1HmPDLUexMNiXtl6whU1RmnI3b549rVVWCenQFSTtzYzifqYQzjbMTYtMHIo
8jkEdHzddVk6ygf2ZN53dIeB6yk5lityGlHVFvO6zsrzILTJqOANmvhaG/ZdRm8k
fLf4rXwdsaDnVjCjhAonLStdpoDVmB/Oa9gHrfZEUl4PeUJnw7p7ZZHneZp3g+qt
Wj7LFGSILDERLslYYPFepT3kEVx3GS15JiMaFrDrUnilgic=
-----END CERTIFICATE-----