Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
File:                     3139332e34332e37312e302f32342d3332203d3e203536383736.roa (raw, json)
Hash identifier:          NW+Twl4+TKUw4X1vitnQGfMpT0bCz4orgP96tdIA7cE=
Subject key identifier:   43:7E:55:50:05:88:83:BF:C1:B8:05:D4:6B:36:66:D7:68:8A:FA:19
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       286D91C2ADE750136E409F20CA64BBF027F5F861
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
Signing time:             Mon 27 Jan 2025 09:44:46 +0000
ROA not before:           Mon 27 Jan 2025 09:39:46 +0000
ROA not after:            Mon 26 Jan 2026 09:44:46 +0000
asID:                     56876
IP address blocks:        193.43.71.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:6d:91:c2:ad:e7:50:13:6e:40:9f:20:ca:64:bb:f0:27:f5:f8:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:46 2025 GMT
            Not After : Jan 26 09:44:46 2026 GMT
        Subject: CN=437E5550058883BFC1B805D46B3666D7688AFA19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:73:cb:df:d9:1f:c7:93:b0:31:18:91:f3:c7:
                    6d:bb:bc:98:93:84:74:9a:5a:26:48:1c:a2:bc:0d:
                    93:33:8a:4f:c1:ba:cb:19:f4:f5:fe:16:19:90:f5:
                    6d:db:0a:e9:dc:5d:3d:08:25:1d:54:2a:77:7f:d8:
                    78:ab:34:22:58:9b:8d:02:00:48:0c:58:df:ee:d1:
                    eb:b6:a3:a6:77:87:bf:0f:24:18:a4:68:af:7e:e1:
                    61:db:7a:68:91:a8:7c:10:bb:80:a4:61:ab:e4:4b:
                    ef:ad:9d:e2:16:5c:63:f2:88:b4:02:30:5d:f7:f9:
                    d2:13:cc:c6:69:b0:e0:de:42:24:ef:56:35:7f:c5:
                    dd:f4:ce:89:7c:53:4a:c3:30:85:30:f7:d0:37:38:
                    5c:12:10:fa:bb:05:c0:92:0d:26:f2:6b:39:ad:2c:
                    83:ba:fb:37:70:7c:a4:fd:f4:e4:62:6d:af:8c:02:
                    2c:bf:49:9f:eb:35:6c:37:34:7a:8a:99:b0:40:8c:
                    21:e1:7d:9d:ce:61:e6:24:c3:1d:5d:5a:f8:b2:16:
                    00:06:4a:0c:0e:41:3f:07:61:00:57:46:e8:ef:04:
                    ce:ac:be:77:bd:43:7e:ce:66:d4:a4:3b:06:50:08:
                    66:1d:6c:df:32:0a:b5:9f:21:89:58:ca:fe:71:8b:
                    37:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7E:55:50:05:88:83:BF:C1:B8:05:D4:6B:36:66:D7:68:8A:FA:19
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e3:89:32:20:87:16:ab:b8:70:15:df:03:1c:06:f0:77:7f:
         4b:e9:67:22:91:56:e2:cc:c6:b2:89:68:82:c5:a8:ef:42:63:
         3b:ab:14:05:a6:3f:1f:54:6c:04:3f:60:af:66:4f:17:91:9f:
         7e:1c:ef:6c:42:8c:35:c7:33:27:8b:b7:23:3e:9e:b2:30:19:
         92:44:86:32:b2:72:80:80:1f:ab:b9:91:90:fe:20:92:f5:15:
         28:38:9d:46:76:86:f8:77:7b:f0:38:15:d1:27:5b:de:f6:a2:
         a7:d2:c3:91:16:3b:3a:05:d4:01:68:5b:1c:72:cd:4f:6c:b3:
         41:c7:a3:1f:32:3c:69:45:fb:65:03:36:b3:1b:90:ee:ed:bb:
         ff:94:fc:fd:24:56:63:1c:ce:6f:fc:55:1f:57:6d:5b:20:82:
         f8:53:c9:97:90:c1:eb:a8:bf:b8:0d:fe:5a:ad:0a:5f:2c:3c:
         8b:30:41:e6:36:4b:aa:d1:36:59:48:9c:df:dd:0c:4f:e4:ee:
         9c:7f:22:21:c3:5d:49:b6:de:4c:fd:f3:63:19:f9:7a:e5:12:
         49:3f:d9:06:fa:ce:3d:13:47:64:29:86:0f:be:4b:b9:04:c8:
         29:be:22:c6:47:21:f2:6c:cc:e9:a8:15:fc:d7:06:6d:d0:71:
         db:1c:53:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKG2Rwq3nUBNuQJ8gymS78Cf1+GEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDZaFw0yNjAxMjYwOTQ0NDZaMDMxMTAvBgNV
BAMTKDQzN0U1NTUwMDU4ODgzQkZDMUI4MDVENDZCMzY2NkQ3Njg4QUZBMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8c8vf2R/Hk7AxGJHzx227vJiT
hHSaWiZIHKK8DZMzik/BussZ9PX+FhmQ9W3bCuncXT0IJR1UKnd/2HirNCJYm40C
AEgMWN/u0eu2o6Z3h78PJBikaK9+4WHbemiRqHwQu4CkYavkS++tneIWXGPyiLQC
MF33+dITzMZpsODeQiTvVjV/xd30zol8U0rDMIUw99A3OFwSEPq7BcCSDSbyazmt
LIO6+zdwfKT99ORiba+MAiy/SZ/rNWw3NHqKmbBAjCHhfZ3OYeYkwx1dWviyFgAG
SgwOQT8HYQBXRujvBM6svne9Q37OZtSkOwZQCGYdbN8yCrWfIYlYyv5xizcPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQ35VUAWIg7/BuAXUazZm12iK+hkwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzNDMzMmUzNzMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzNjM4MzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEr
RzANBgkqhkiG9w0BAQsFAAOCAQEAG+OJMiCHFqu4cBXfAxwG8Hd/S+lnIpFW4szG
sologsWo70JjO6sUBaY/H1RsBD9gr2ZPF5GffhzvbEKMNcczJ4u3Iz6esjAZkkSG
MrJygIAfq7mRkP4gkvUVKDidRnaG+Hd78DgV0Sdb3vaip9LDkRY7OgXUAWhbHHLN
T2yzQcejHzI8aUX7ZQM2sxuQ7u27/5T8/SRWYxzOb/xVH1dtWyCC+FPJl5DB66i/
uA3+Wq0KXyw8izBB5jZLqtE2WUic390MT+TunH8iIcNdSbbeTP3zYxn5euUSST/Z
BvrOPRNHZCmGD75LuQTIKb4ixkch8mzM6agV/NcGbdBx2xxTpA==
-----END CERTIFICATE-----