Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135362e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          tpPB1oB+41fQrE6fq0VZVpRjQZjjsZWgWSQs0N7H0tc=
Subject key identifier:   DF:E7:90:6C:A1:DD:5A:5E:7B:A5:07:68:C0:A1:B7:0A:E3:EA:63:BB
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       354DE0C573989D94CCFF5557B129C0A39C63FBFC
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:49 +0000
ROA not before:           Mon 27 Jan 2025 09:39:49 +0000
ROA not after:            Mon 26 Jan 2026 09:44:49 +0000
asID:                     47583
IP address blocks:        194.5.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4d:e0:c5:73:98:9d:94:cc:ff:55:57:b1:29:c0:a3:9c:63:fb:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:49 2025 GMT
            Not After : Jan 26 09:44:49 2026 GMT
        Subject: CN=DFE7906CA1DD5A5E7BA50768C0A1B70AE3EA63BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:82:34:80:5c:63:91:9e:08:61:22:9c:8f:3b:
                    5e:40:9f:3c:72:60:e2:e2:e0:18:e8:68:65:b7:a7:
                    37:2b:df:ea:36:65:2a:21:0c:4d:28:4a:02:1c:5d:
                    84:1d:04:e6:6b:83:43:08:55:3f:03:71:07:b9:11:
                    26:c3:ef:c5:f6:04:c2:21:c6:9d:96:b6:ce:e0:6d:
                    5c:71:fa:ea:39:5f:17:22:a8:9c:3f:0e:cd:49:ff:
                    29:7a:09:3d:b5:3f:bf:65:6a:5f:33:f2:b8:db:cb:
                    48:58:99:4e:1a:34:05:93:2e:66:ec:fe:80:ab:0a:
                    e5:6c:9b:ea:91:95:ca:d4:e9:14:a6:98:8e:49:c8:
                    10:cd:09:a3:36:b8:9b:ab:df:5c:6b:48:df:5e:27:
                    b8:93:4a:92:6e:cf:96:4c:ee:58:d2:cd:14:ab:8c:
                    d9:fc:67:b9:7d:64:a9:cb:26:49:71:21:e1:54:9b:
                    c2:5f:df:76:f2:b4:a9:ef:f6:06:19:4b:47:cb:a1:
                    aa:df:bf:8a:6d:69:7e:3a:28:8b:b5:89:bc:e8:7f:
                    12:a5:99:07:a2:ab:2e:e9:cb:29:ff:51:2f:26:92:
                    0b:99:3f:31:fc:cf:a1:e6:b4:16:16:0f:e4:5b:ae:
                    f7:b2:17:32:26:cf:44:54:4c:7e:ca:c5:40:a4:9f:
                    d2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E7:90:6C:A1:DD:5A:5E:7B:A5:07:68:C0:A1:B7:0A:E3:EA:63:BB
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135362e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:cb:98:7b:67:e8:91:e2:5e:49:0d:62:88:9c:a4:8b:68:5e:
         d0:c2:2b:01:39:2c:ca:9f:53:d8:88:c0:17:65:2d:d3:43:87:
         27:17:d7:66:76:e7:33:c2:a3:06:83:55:95:36:b5:23:91:1d:
         78:32:d9:44:71:e4:0f:62:8f:f4:a8:4c:8a:36:f3:f9:98:16:
         04:b3:8f:91:91:d6:09:9f:f5:06:3b:96:ce:0e:ee:31:de:b4:
         de:1e:3f:e3:de:7d:07:7a:26:43:b8:d3:01:5c:d8:61:f1:1c:
         ec:7e:ff:00:03:2c:3e:c4:d9:f0:a0:bf:72:7c:a1:41:fb:27:
         b5:22:c4:82:3e:55:90:f5:af:13:97:98:d9:0d:af:85:58:1b:
         4b:c0:b9:68:0e:ef:62:86:fb:b3:e5:e9:53:f5:74:d8:3e:0e:
         64:2e:cd:c7:ef:11:de:c2:cd:b8:c4:04:50:99:11:3a:a7:22:
         b2:69:e3:cc:1f:47:69:8c:06:27:b5:7c:47:9d:a1:0a:84:39:
         6f:70:e5:31:17:5a:88:1d:cb:9f:69:60:4c:ed:a4:25:2d:55:
         4c:6e:44:06:b6:b2:68:18:5f:7c:48:e1:4f:aa:ef:f7:c1:42:
         d6:54:eb:70:07:37:d9:a8:47:88:68:79:c3:3a:cf:10:dd:31:
         63:55:93:94
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNU3gxXOYnZTM/1VXsSnAo5xj+/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDlaFw0yNjAxMjYwOTQ0NDlaMDMxMTAvBgNV
BAMTKERGRTc5MDZDQTFERDVBNUU3QkE1MDc2OEMwQTFCNzBBRTNFQTYzQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0gjSAXGORnghhIpyPO15Anzxy
YOLi4BjoaGW3pzcr3+o2ZSohDE0oSgIcXYQdBOZrg0MIVT8DcQe5ESbD78X2BMIh
xp2Wts7gbVxx+uo5XxciqJw/Ds1J/yl6CT21P79lal8z8rjby0hYmU4aNAWTLmbs
/oCrCuVsm+qRlcrU6RSmmI5JyBDNCaM2uJur31xrSN9eJ7iTSpJuz5ZM7ljSzRSr
jNn8Z7l9ZKnLJklxIeFUm8Jf33bytKnv9gYZS0fLoarfv4ptaX46KIu1ibzofxKl
mQeiqy7pyyn/US8mkguZPzH8z6HmtBYWD+RbrveyFzImz0RUTH7KxUCkn9JLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3+eQbKHdWl57pQdowKG3CuPqY7swHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nDANBgkqhkiG9w0BAQsFAAOCAQEAWMuYe2fokeJeSQ1iiJyki2he0MIrATksyp9T
2IjAF2Ut00OHJxfXZnbnM8KjBoNVlTa1I5EdeDLZRHHkD2KP9KhMijbz+ZgWBLOP
kZHWCZ/1BjuWzg7uMd603h4/4959B3omQ7jTAVzYYfEc7H7/AAMsPsTZ8KC/cnyh
QfsntSLEgj5VkPWvE5eY2Q2vhVgbS8C5aA7vYob7s+XpU/V02D4OZC7Nx+8R3sLN
uMQEUJkROqcismnjzB9HaYwGJ7V8R52hCoQ5b3DlMRdaiB3Ln2lgTO2kJS1VTG5E
BrayaBhffEjhT6rv98FC1lTrcAc32ahHiGh5wzrPEN0xY1WTlA==
-----END CERTIFICATE-----