Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20383334.roa
File:                     3139342e33312e3134392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          KiVTLnUGUVwNjqojNfFYF1kllxHdCqxLZkwdS/dMFA8=
Subject key identifier:   B6:84:0F:24:2A:A6:2D:FA:7F:8A:23:4A:BC:F8:44:E9:E5:3C:8E:33
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3505591A711F44F29E1D3E36CBED133E3D6CFB6B
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20383334.roa
Signing time:             Wed 14 Feb 2024 12:46:10 +0000
ROA not before:           Wed 14 Feb 2024 12:41:10 +0000
ROA not after:            Wed 12 Feb 2025 12:46:10 +0000
asID:                     834
IP address blocks:        194.31.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:05:59:1a:71:1f:44:f2:9e:1d:3e:36:cb:ed:13:3e:3d:6c:fb:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 14 12:41:10 2024 GMT
            Not After : Feb 12 12:46:10 2025 GMT
        Subject: CN=B6840F242AA62DFA7F8A234ABCF844E9E53C8E33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e6:87:d4:30:51:5f:7b:12:2e:bf:9c:01:79:
                    78:b4:d9:68:23:49:72:16:5e:e7:d1:34:9f:e0:78:
                    19:98:b1:31:a5:3e:78:8d:15:c3:8c:ed:ac:2b:8d:
                    d0:ff:9f:82:bc:44:74:68:9d:0f:94:d5:de:f8:24:
                    de:c2:71:02:63:f2:03:80:cb:60:80:d6:bc:fa:59:
                    96:55:78:33:34:65:66:45:f6:f4:4f:0b:c1:95:ff:
                    0a:f2:c3:44:69:7a:3e:da:4d:55:19:e0:8f:06:0d:
                    cf:e4:38:b7:4a:a5:d4:83:d3:79:b6:11:f2:68:54:
                    13:af:2d:e1:2b:6a:51:95:e5:e7:24:7d:05:4d:8d:
                    1d:c0:f7:cf:5f:37:7a:96:6d:5b:f0:92:5b:1f:55:
                    dc:8e:85:82:3f:9b:26:34:47:da:0b:5d:aa:70:43:
                    1a:fa:7b:6d:fb:a4:ef:b9:38:67:2b:61:5d:dd:ff:
                    df:0c:f1:d8:b4:ec:e5:8d:dc:1b:d9:b3:f2:57:9b:
                    6a:99:95:af:26:78:e8:16:4a:ae:17:82:36:00:49:
                    f4:2f:b9:6c:25:fc:d4:7d:de:de:ff:d6:c7:f3:9d:
                    bc:76:bc:4c:8b:88:44:5c:27:95:a0:86:6f:cd:27:
                    50:12:0d:ec:f1:40:dd:9e:f9:78:55:fc:40:73:f0:
                    dc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:84:0F:24:2A:A6:2D:FA:7F:8A:23:4A:BC:F8:44:E9:E5:3C:8E:33
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:40:ab:08:c2:28:8c:f5:62:8a:e6:b7:24:8e:05:59:52:a8:
         7d:86:e6:19:a8:43:7d:93:ce:73:1e:51:ad:8d:8f:69:a0:f9:
         7d:2e:db:8f:52:d0:f4:c9:a5:61:9b:9a:13:c9:9c:ba:e4:ef:
         c0:8e:b6:cb:92:19:0a:93:90:f5:cd:1d:a9:7e:d4:98:58:76:
         65:f0:2b:79:75:a4:79:46:63:ca:bc:ac:33:86:2c:2a:3b:25:
         76:49:e9:35:f9:d3:e5:41:c0:7f:28:11:4d:e6:a2:1a:e3:b6:
         4d:5f:91:2c:08:da:30:4f:7e:fb:21:71:24:6a:69:0a:8a:6a:
         66:0d:9d:44:30:07:c1:4a:39:2f:90:ec:44:21:df:bf:f8:80:
         3d:d9:1b:a8:c9:fd:4f:41:2e:9a:17:1b:6a:f5:eb:38:d8:eb:
         a1:0f:0d:7a:83:a3:cb:36:84:18:84:94:a6:bd:9d:7d:0f:4f:
         81:5a:20:51:19:9e:58:2e:1c:ba:d7:26:ee:40:63:09:6d:47:
         32:3c:68:ee:c9:2a:3e:f8:04:fa:66:a2:bb:39:66:f7:9b:1b:
         4b:20:f3:7e:81:c5:68:76:1b:e8:af:71:d9:c4:ef:52:bc:34:
         5b:69:1f:77:62:69:22:75:79:2d:8d:a4:42:c5:40:32:c4:b3:
         ad:81:e2:3e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNQVZGnEfRPKeHT42y+0TPj1s+2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMTQxMjQxMTBaFw0yNTAyMTIxMjQ2MTBaMDMxMTAvBgNV
BAMTKEI2ODQwRjI0MkFBNjJERkE3RjhBMjM0QUJDRjg0NEU5RTUzQzhFMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH5ofUMFFfexIuv5wBeXi02Wgj
SXIWXufRNJ/geBmYsTGlPniNFcOM7awrjdD/n4K8RHRonQ+U1d74JN7CcQJj8gOA
y2CA1rz6WZZVeDM0ZWZF9vRPC8GV/wryw0Rpej7aTVUZ4I8GDc/kOLdKpdSD03m2
EfJoVBOvLeEralGV5eckfQVNjR3A989fN3qWbVvwklsfVdyOhYI/myY0R9oLXapw
Qxr6e237pO+5OGcrYV3d/98M8di07OWN3BvZs/JXm2qZla8meOgWSq4XgjYASfQv
uWwl/NR93t7/1sfznbx2vEyLiERcJ5Wghm/NJ1ASDezxQN2e+XhV/EBz8NzJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtoQPJCqmLfp/iiNKvPhE6eU8jjMwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCH5Uw
DQYJKoZIhvcNAQELBQADggEBACtAqwjCKIz1YormtySOBVlSqH2G5hmoQ32TznMe
Ua2Nj2mg+X0u249S0PTJpWGbmhPJnLrk78COtsuSGQqTkPXNHal+1JhYdmXwK3l1
pHlGY8q8rDOGLCo7JXZJ6TX50+VBwH8oEU3mohrjtk1fkSwI2jBPfvshcSRqaQqK
amYNnUQwB8FKOS+Q7EQh37/4gD3ZG6jJ/U9BLpoXG2r16zjY66EPDXqDo8s2hBiE
lKa9nX0PT4FaIFEZnlguHLrXJu5AYwltRzI8aO7JKj74BPpmors5ZvebG0sg836B
xWh2G+ivcdnE71K8NFtpH3diaSJ1eS2NpELFQDLEs62B4j4=
-----END CERTIFICATE-----