Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35322e302f32342d3234203d3e203437353833.roa
File:                     3139342e33312e35322e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          V9x0EGqhT32/7K7ferMv+2e370Alm5ocCC6Bh6v7Vtw=
Subject key identifier:   1B:D8:18:E7:21:7F:2D:D0:BE:5B:57:9F:13:56:A9:70:B4:59:C5:0C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       25365F6B98C1180DBB24DA91101783247A35BE45
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35322e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 30 Dec 2024 15:41:16 +0000
ROA not before:           Mon 30 Dec 2024 15:36:16 +0000
ROA not after:            Mon 29 Dec 2025 15:41:16 +0000
asID:                     47583
IP address blocks:        194.31.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:36:5f:6b:98:c1:18:0d:bb:24:da:91:10:17:83:24:7a:35:be:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Dec 30 15:36:16 2024 GMT
            Not After : Dec 29 15:41:16 2025 GMT
        Subject: CN=1BD818E7217F2DD0BE5B579F1356A970B459C50C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7d:38:94:af:fe:66:17:48:22:68:3d:7e:45:
                    40:c2:23:e3:05:9e:c4:be:e9:2b:08:14:a8:9d:34:
                    7d:3a:49:f0:b4:72:f8:98:39:ac:47:33:21:c3:74:
                    ec:c7:88:0a:b6:d9:d5:ff:79:e3:04:b7:0d:07:37:
                    8f:dd:39:6f:da:a6:d6:0a:b8:98:1c:85:85:c4:72:
                    56:4e:ea:7e:ea:e8:ac:4e:99:ce:ff:6f:08:f1:96:
                    c7:40:3c:0a:1a:eb:55:7b:8f:0c:df:e4:54:81:4b:
                    a1:e3:88:83:01:cf:09:df:12:90:4e:e1:72:2f:2a:
                    08:51:0d:18:51:79:99:b0:8e:1f:bc:a5:b9:ac:ed:
                    68:83:ad:08:a5:f1:0b:c7:e4:47:24:59:fa:da:98:
                    9a:fe:3f:f8:ea:1d:f7:f9:6d:f9:eb:4f:04:78:60:
                    c5:d3:e6:df:42:c6:9a:30:e4:f6:0b:86:8e:dc:1b:
                    a3:18:26:3c:7e:ee:f3:d0:ff:0a:a2:f8:09:43:c0:
                    59:9e:84:c0:dc:81:a9:6e:61:12:ff:9e:58:a2:e0:
                    5c:69:22:32:6f:e9:09:e2:f6:61:69:f4:9b:54:8b:
                    b5:3a:7e:83:b4:04:52:82:7c:37:db:54:9c:70:87:
                    a5:75:90:e3:12:ab:c9:e2:59:2b:6e:12:52:11:22:
                    7e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D8:18:E7:21:7F:2D:D0:BE:5B:57:9F:13:56:A9:70:B4:59:C5:0C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35322e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ec:f5:67:77:38:e1:2b:08:a2:86:ec:0a:29:e2:7c:7e:5d:
         7d:ba:77:73:cf:2a:05:77:8b:c7:6d:3d:30:53:6b:33:94:91:
         b6:75:25:f6:b7:ac:e5:42:5a:8c:66:53:9b:d5:59:0d:62:36:
         b6:a6:f8:43:af:ab:9b:ce:cd:c1:fd:84:14:7a:c1:c3:85:f0:
         3b:4e:15:ab:a9:a0:15:15:0a:bc:a2:77:06:53:ee:54:02:d1:
         19:23:9b:82:f5:a5:6b:fb:f7:42:eb:01:3d:9b:85:b0:eb:e6:
         e9:88:12:fd:f5:b7:c4:a8:ce:b4:35:0f:f7:bb:4d:76:93:8f:
         b5:ad:e6:06:31:81:94:44:7c:71:90:6e:a6:38:89:76:06:c7:
         00:db:b6:9d:4f:f6:9d:ed:27:5f:22:60:13:39:30:eb:56:f6:
         c1:b4:13:ae:2b:e6:af:55:b7:a8:f7:8b:7b:e4:3c:07:13:d7:
         18:a5:78:dd:d5:7d:70:cf:b1:a4:08:c0:7d:75:cc:fa:e7:b5:
         bf:a6:2a:e4:4f:0a:1a:a7:c3:83:81:99:f9:51:a7:be:be:23:
         e6:cc:e5:cf:ce:15:ee:9a:e9:cd:0e:07:d5:cd:0b:99:c0:4b:
         e2:8f:ca:29:b8:f2:cc:cf:6c:b7:4d:be:7b:36:3a:cc:03:e2:
         c8:4b:ee:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJTZfa5jBGA27JNqREBeDJHo1vkUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDEyMzAxNTM2MTZaFw0yNTEyMjkxNTQxMTZaMDMxMTAvBgNV
BAMTKDFCRDgxOEU3MjE3RjJERDBCRTVCNTc5RjEzNTZBOTcwQjQ1OUM1MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqfTiUr/5mF0giaD1+RUDCI+MF
nsS+6SsIFKidNH06SfC0cviYOaxHMyHDdOzHiAq22dX/eeMEtw0HN4/dOW/aptYK
uJgchYXEclZO6n7q6KxOmc7/bwjxlsdAPAoa61V7jwzf5FSBS6HjiIMBzwnfEpBO
4XIvKghRDRhReZmwjh+8pbms7WiDrQil8QvH5EckWframJr+P/jqHff5bfnrTwR4
YMXT5t9Cxpow5PYLho7cG6MYJjx+7vPQ/wqi+AlDwFmehMDcgaluYRL/nlii4Fxp
IjJv6Qni9mFp9JtUi7U6foO0BFKCfDfbVJxwh6V1kOMSq8niWStuElIRIn5lAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUG9gY5yF/LdC+W1efE1apcLRZxQwwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIf
NDANBgkqhkiG9w0BAQsFAAOCAQEARuz1Z3c44SsIoobsCinifH5dfbp3c88qBXeL
x209MFNrM5SRtnUl9res5UJajGZTm9VZDWI2tqb4Q6+rm87Nwf2EFHrBw4XwO04V
q6mgFRUKvKJ3BlPuVALRGSObgvWla/v3QusBPZuFsOvm6YgS/fW3xKjOtDUP97tN
dpOPta3mBjGBlER8cZBupjiJdgbHANu2nU/2ne0nXyJgEzkw61b2wbQTrivmr1W3
qPeLe+Q8BxPXGKV43dV9cM+xpAjAfXXM+ue1v6Yq5E8KGqfDg4GZ+VGnvr4j5szl
z84V7prpzQ4H1c0LmcBL4o/KKbjyzM9st02+ezY6zAPiyEvuoA==
-----END CERTIFICATE-----