Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35342e302f32342d3332203d3e2039303039.roa
File:                     3139342e33312e35342e302f32342d3332203d3e2039303039.roa (raw, json)
Hash identifier:          51Cmc/40REGJm6pJ1BTiJXEPaomPEEosmiGxVglaKt0=
Subject key identifier:   D3:76:98:7F:08:C2:C1:DB:69:87:37:62:53:FF:EF:E0:C5:40:48:8B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1843EC1524CDD6C4B11D1C392A933769DD7E9013
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35342e302f32342d3332203d3e2039303039.roa
Signing time:             Mon 30 Dec 2024 15:41:21 +0000
ROA not before:           Mon 30 Dec 2024 15:36:21 +0000
ROA not after:            Mon 29 Dec 2025 15:41:21 +0000
asID:                     9009
IP address blocks:        194.31.54.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:43:ec:15:24:cd:d6:c4:b1:1d:1c:39:2a:93:37:69:dd:7e:90:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Dec 30 15:36:21 2024 GMT
            Not After : Dec 29 15:41:21 2025 GMT
        Subject: CN=D376987F08C2C1DB6987376253FFEFE0C540488B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:25:1c:2a:4a:0c:65:f7:af:9c:b7:ac:b0:17:
                    19:a1:75:5e:f6:03:e3:8d:37:87:84:8f:9e:ae:7d:
                    7a:99:03:69:09:ac:23:5c:22:28:ab:d2:6a:81:9f:
                    78:cb:43:ca:6b:a4:ee:0d:96:87:1e:87:22:9f:be:
                    c8:81:83:0e:c2:d0:e0:10:b9:3d:9c:5b:d3:e4:68:
                    a7:75:25:ca:53:85:13:81:9f:bb:3c:13:bc:f1:04:
                    c2:b0:7a:2c:08:a7:40:91:db:95:e7:92:64:37:fe:
                    40:92:de:06:b8:4e:a6:33:5d:8a:d4:4a:b0:b4:b3:
                    36:dc:63:14:71:cb:e4:74:87:8f:72:8b:31:e5:5a:
                    ba:f1:19:61:2f:06:76:59:a5:d3:53:e9:f7:0d:76:
                    e6:31:9b:f9:91:7c:b6:e8:11:f9:9a:64:51:1b:a4:
                    fa:b3:19:0c:e0:30:b8:db:5b:7b:30:84:1a:b6:5f:
                    6e:aa:ba:7f:39:a4:78:87:50:a1:53:cb:da:64:f2:
                    32:fa:77:4e:bc:8a:fe:8d:a3:19:6c:83:0d:8c:b5:
                    71:41:e2:1a:5e:fc:29:f9:d7:28:7e:76:f6:82:e4:
                    71:7e:9d:11:7a:a3:1a:47:97:5f:55:e4:3b:af:82:
                    43:ba:ec:cd:88:b2:d3:e6:8e:f5:18:49:f5:b1:4b:
                    7e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:76:98:7F:08:C2:C1:DB:69:87:37:62:53:FF:EF:E0:C5:40:48:8B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e35342e302f32342d3332203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2e:d6:fc:9e:a0:6b:51:80:b9:e6:22:5d:7d:d7:58:85:f9:
         bd:18:dc:39:76:e4:0b:b8:05:55:2a:e7:f0:41:e3:8b:aa:99:
         c4:72:00:e8:e6:f0:6a:72:a9:6c:d4:da:60:01:fd:fa:af:4c:
         e3:56:6e:21:7b:fe:67:1c:a3:17:11:76:1f:b6:b7:25:81:fd:
         3c:18:dd:8f:9c:0b:7e:89:a4:c5:c0:c5:47:ef:cb:28:3a:6c:
         6b:5a:de:92:33:b1:8e:7f:33:eb:a3:c2:89:28:4b:be:78:59:
         1d:05:70:c5:a5:ab:d8:9b:71:5f:73:e2:a9:a9:13:0a:f3:fc:
         d7:ed:b0:6a:0e:79:4a:7a:15:5e:94:13:5b:9a:be:ed:0a:01:
         5c:9d:3b:a1:69:1b:ca:2a:0e:29:7c:44:10:06:8f:e9:03:45:
         b9:bd:07:aa:dc:de:0a:bb:f0:e3:c1:12:4c:73:00:3e:c3:87:
         07:72:ce:97:8a:69:b2:0f:ac:01:a8:1d:e0:c5:35:68:de:2d:
         a3:2a:6c:28:58:4e:c0:a7:50:15:67:16:b1:15:35:9a:d7:87:
         5d:32:b2:c1:25:1d:31:a8:5e:ad:4d:27:96:b0:14:6e:dd:1b:
         a4:b1:05:ae:c4:ee:e9:b8:18:5a:60:c7:1b:ed:d3:4e:fa:30:
         6a:2f:65:26
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGEPsFSTN1sSxHRw5KpM3ad1+kBMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDEyMzAxNTM2MjFaFw0yNTEyMjkxNTQxMjFaMDMxMTAvBgNV
BAMTKEQzNzY5ODdGMDhDMkMxREI2OTg3Mzc2MjUzRkZFRkUwQzU0MDQ4OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAJRwqSgxl96+ct6ywFxmhdV72
A+ONN4eEj56ufXqZA2kJrCNcIiir0mqBn3jLQ8prpO4NlocehyKfvsiBgw7C0OAQ
uT2cW9PkaKd1JcpThROBn7s8E7zxBMKweiwIp0CR25XnkmQ3/kCS3ga4TqYzXYrU
SrC0szbcYxRxy+R0h49yizHlWrrxGWEvBnZZpdNT6fcNduYxm/mRfLboEfmaZFEb
pPqzGQzgMLjbW3swhBq2X26qun85pHiHUKFTy9pk8jL6d068iv6Noxlsgw2MtXFB
4hpe/Cn51yh+dvaC5HF+nRF6oxpHl19V5DuvgkO67M2IstPmjvUYSfWxS36JAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU03aYfwjCwdtphzdiU//v4MVASIswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzNTM0
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCHzYw
DQYJKoZIhvcNAQELBQADggEBACYu1vyeoGtRgLnmIl1911iF+b0Y3Dl25Au4BVUq
5/BB44uqmcRyAOjm8GpyqWzU2mAB/fqvTONWbiF7/mccoxcRdh+2tyWB/TwY3Y+c
C36JpMXAxUfvyyg6bGta3pIzsY5/M+ujwokoS754WR0FcMWlq9ibcV9z4qmpEwrz
/NftsGoOeUp6FV6UE1uavu0KAVydO6FpG8oqDil8RBAGj+kDRbm9B6rc3gq78OPB
EkxzAD7DhwdyzpeKabIPrAGoHeDFNWjeLaMqbChYTsCnUBVnFrEVNZrXh10yssEl
HTGoXq1NJ5awFG7dG6SxBa7E7um4GFpgxxvt0076MGovZSY=
-----END CERTIFICATE-----