Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
File:                     3139332e34332e37312e302f32342d3332203d3e203536383736.roa (raw, json)
Hash identifier:          ewheJ/Zv5GzXOOg9gSCP7kfehyUU65KRK0kyO+PspjQ=
Subject key identifier:   F8:38:2A:37:39:20:37:61:64:D2:A6:9B:2F:EA:88:5B:B9:A6:34:9A
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       7A649FA20B95392A7039F40C5D3E6E7D70C02816
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
Signing time:             Mon 26 Feb 2024 08:52:43 +0000
ROA not before:           Mon 26 Feb 2024 08:47:43 +0000
ROA not after:            Mon 24 Feb 2025 08:52:43 +0000
asID:                     56876
IP address blocks:        193.43.71.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:64:9f:a2:0b:95:39:2a:70:39:f4:0c:5d:3e:6e:7d:70:c0:28:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:43 2024 GMT
            Not After : Feb 24 08:52:43 2025 GMT
        Subject: CN=F8382A373920376164D2A69B2FEA885BB9A6349A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:01:57:81:4e:10:80:3f:5a:17:27:ed:8f:06:
                    44:fb:4c:62:98:6c:c9:ab:dd:f7:c0:ea:20:c8:59:
                    75:44:17:18:ce:2b:50:24:22:df:74:8a:88:8a:33:
                    e6:00:8b:a6:3a:c8:79:f8:80:ab:2f:d2:d9:65:4e:
                    79:fe:71:07:90:68:de:e6:ca:08:d0:d5:90:83:cd:
                    9c:ac:71:c2:a6:9a:00:75:8a:c8:1d:dd:59:aa:40:
                    d3:29:86:5e:34:e2:8f:5c:16:5e:13:62:bb:c5:4e:
                    5a:de:17:36:f7:58:70:de:66:27:5f:2d:aa:71:49:
                    ad:d5:08:e5:b7:13:9a:be:ad:66:20:cf:b4:6c:61:
                    38:cd:aa:84:fb:af:fb:0c:15:48:b2:0c:df:ad:ee:
                    a2:dd:d8:07:5d:17:6c:57:80:75:7a:ad:0a:99:58:
                    5e:af:93:6c:c8:da:f2:76:d1:4f:29:59:f5:20:b9:
                    af:a2:c0:6d:bb:cb:4a:6f:91:94:56:13:c8:a3:a7:
                    c9:7c:b1:ec:4c:37:02:08:de:57:26:77:ad:54:c7:
                    8f:3b:65:58:46:5d:8c:1f:54:e8:6d:ca:f9:3a:fa:
                    4e:90:8e:90:5d:7a:c8:06:3d:c6:aa:ad:4e:63:61:
                    f6:94:55:a8:56:11:78:67:95:33:cd:7f:e8:a0:8c:
                    e5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:38:2A:37:39:20:37:61:64:D2:A6:9B:2F:EA:88:5B:B9:A6:34:9A
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:8b:82:33:8e:3a:7a:62:b0:e0:6d:f3:e3:fb:1c:85:dd:2f:
         4a:ca:a7:4d:2e:ee:85:a7:d1:c8:0f:52:a4:1f:7e:ae:13:92:
         4f:86:95:3d:46:6b:0d:19:1a:5d:9b:55:f8:f0:04:85:25:a7:
         f5:9d:ff:ea:9c:92:86:d6:5f:fd:57:a4:ab:f1:04:1e:da:6b:
         e2:79:05:f1:75:1d:c8:1a:2a:57:32:00:2f:17:b1:c0:13:48:
         4f:32:80:eb:be:e1:20:28:3c:4b:d3:16:74:a5:19:6d:98:bf:
         2f:95:cf:43:7f:c4:bb:6a:5e:33:82:e0:3b:12:c0:8b:37:11:
         68:7a:3d:70:06:f5:e0:1a:26:65:8d:c7:55:e7:1d:99:40:e1:
         98:16:21:43:74:3c:74:3d:c0:3a:98:33:56:6b:bc:e2:5e:d5:
         b3:45:e0:da:49:22:d8:88:cc:3e:9d:d5:3b:9f:06:98:1d:18:
         b7:3e:f0:e7:a5:88:11:64:61:82:8b:7a:da:fc:00:f9:e5:3c:
         90:0a:db:c2:ac:43:97:91:6f:5c:a1:28:62:96:93:46:23:c8:
         73:1d:05:53:52:98:f3:af:4e:b3:16:eb:71:dd:0b:88:77:23:
         5c:dc:e4:06:55:a7:17:fd:da:ca:96:4d:b8:09:66:15:3e:cc:
         1c:3f:d7:61
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUemSfoguVOSpwOfQMXT5ufXDAKBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDNaFw0yNTAyMjQwODUyNDNaMDMxMTAvBgNV
BAMTKEY4MzgyQTM3MzkyMDM3NjE2NEQyQTY5QjJGRUE4ODVCQjlBNjM0OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuAVeBThCAP1oXJ+2PBkT7TGKY
bMmr3ffA6iDIWXVEFxjOK1AkIt90ioiKM+YAi6Y6yHn4gKsv0tllTnn+cQeQaN7m
ygjQ1ZCDzZysccKmmgB1isgd3VmqQNMphl404o9cFl4TYrvFTlreFzb3WHDeZidf
LapxSa3VCOW3E5q+rWYgz7RsYTjNqoT7r/sMFUiyDN+t7qLd2AddF2xXgHV6rQqZ
WF6vk2zI2vJ20U8pWfUgua+iwG27y0pvkZRWE8ijp8l8sexMNwII3lcmd61Ux487
ZVhGXYwfVOhtyvk6+k6QjpBdesgGPcaqrU5jYfaUVahWEXhnlTPNf+igjOXpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+DgqNzkgN2Fk0qabL+qIW7mmNJowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzNDMzMmUzNzMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzNjM4MzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEr
RzANBgkqhkiG9w0BAQsFAAOCAQEAnYuCM446emKw4G3z4/schd0vSsqnTS7uhafR
yA9SpB9+rhOST4aVPUZrDRkaXZtV+PAEhSWn9Z3/6pyShtZf/Vekq/EEHtpr4nkF
8XUdyBoqVzIALxexwBNITzKA677hICg8S9MWdKUZbZi/L5XPQ3/Eu2peM4LgOxLA
izcRaHo9cAb14BomZY3HVecdmUDhmBYhQ3Q8dD3AOpgzVmu84l7Vs0Xg2kki2IjM
Pp3VO58GmB0Ytz7w56WIEWRhgot62vwA+eU8kArbwqxDl5FvXKEoYpaTRiPIcx0F
U1KY869Osxbrcd0LiHcjXNzkBlWnF/3aypZNuAlmFT7MHD/XYQ==
-----END CERTIFICATE-----