Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          OXSrGa/iIuLLxpHYEvp5YT3eKGFO4UiFWTfuVn4GX9k=
Subject key identifier:   9B:2D:06:04:22:71:16:46:0A:A4:40:1A:01:84:3A:38:AB:FC:39:6A
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       46FB0233F9CE01B8091323198014C5147F098407
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:48 +0000
ROA not before:           Mon 27 Jan 2025 09:39:48 +0000
ROA not after:            Mon 26 Jan 2026 09:44:48 +0000
asID:                     47583
IP address blocks:        194.5.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:fb:02:33:f9:ce:01:b8:09:13:23:19:80:14:c5:14:7f:09:84:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:48 2025 GMT
            Not After : Jan 26 09:44:48 2026 GMT
        Subject: CN=9B2D0604227116460AA4401A01843A38ABFC396A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3f:67:00:6a:a6:b5:c2:ec:20:0e:10:55:89:
                    c3:26:a1:47:51:00:ee:62:cb:b7:bb:a2:a0:43:bd:
                    61:6d:8a:97:90:2c:c0:35:00:61:2f:d8:4c:74:31:
                    df:89:5b:c8:e9:ce:91:71:88:9c:1a:8e:5e:16:98:
                    94:24:a1:d5:43:2c:0c:54:58:d5:b6:06:66:19:81:
                    21:8c:2f:6a:15:81:55:55:19:74:00:bc:85:ed:01:
                    9a:ba:ad:6c:3c:d2:ef:78:ca:05:35:35:f5:72:76:
                    cd:48:d6:27:50:29:85:06:32:ce:9b:df:f5:be:1a:
                    75:15:72:bf:55:4b:50:db:e9:f5:b9:45:0c:1f:b5:
                    6d:f1:a2:c8:28:6d:f2:d3:91:f6:65:a7:e0:70:1c:
                    2c:20:b8:06:e0:8d:32:4b:a4:6d:b3:59:59:b9:31:
                    ed:70:5d:bf:9f:d4:8c:0a:14:74:d6:a7:53:3e:ea:
                    2d:23:f6:e8:e9:c1:1f:e4:0c:cc:3f:c4:e6:40:19:
                    92:78:b3:31:53:6b:75:6a:a3:d2:98:c6:10:ab:48:
                    00:d3:3c:62:31:32:43:fd:32:7c:8f:92:38:6c:ce:
                    67:fd:f5:a3:11:39:4f:49:cf:cd:9f:d3:e0:ec:68:
                    14:01:a0:93:b8:9e:43:e4:05:de:d3:96:47:bc:2a:
                    10:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:2D:06:04:22:71:16:46:0A:A4:40:1A:01:84:3A:38:AB:FC:39:6A
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9c:8e:49:7b:7c:a7:95:be:77:a5:ad:65:be:2f:77:2a:d4:
         93:f4:8f:a8:56:3b:db:8e:53:03:1b:cd:7c:57:9e:77:57:64:
         9f:b6:91:47:6d:e7:ae:75:fc:74:6c:7e:15:e7:f5:8c:aa:cd:
         d1:51:f5:40:f1:6d:c1:31:d0:a5:b4:8e:6b:03:89:80:29:87:
         9c:0a:92:ef:b3:bc:e5:3f:85:cf:f4:9f:c0:7d:ad:cb:a5:47:
         25:19:1f:87:86:70:da:5c:af:00:a9:02:6e:df:9e:0b:4f:7b:
         da:ca:7a:69:ab:b5:2a:5c:ed:f4:39:47:bf:70:51:0d:29:09:
         5b:a7:aa:a9:cc:25:1b:09:9d:bc:d5:3d:2e:59:de:54:6c:32:
         11:c8:cc:9b:6b:90:d9:29:fd:98:18:7c:f1:19:ee:60:b8:82:
         b9:4e:a1:de:1f:6b:59:39:26:3e:c5:10:f3:f5:7f:e0:e7:2a:
         63:bd:3b:3d:3b:e3:a1:b2:45:72:1e:d0:9b:c8:9f:f9:a9:ca:
         74:d9:18:d6:c3:2d:f9:62:b0:eb:ad:35:75:00:c4:28:60:e5:
         1d:e3:c2:3f:f3:90:98:db:87:e9:e5:2e:bc:0d:57:50:83:fb:
         63:f5:94:65:2a:aa:17:ed:fc:a4:13:e9:47:30:3c:a8:29:07:
         42:f0:42:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURvsCM/nOAbgJEyMZgBTFFH8JhAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDhaFw0yNjAxMjYwOTQ0NDhaMDMxMTAvBgNV
BAMTKDlCMkQwNjA0MjI3MTE2NDYwQUE0NDAxQTAxODQzQTM4QUJGQzM5NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdP2cAaqa1wuwgDhBVicMmoUdR
AO5iy7e7oqBDvWFtipeQLMA1AGEv2Ex0Md+JW8jpzpFxiJwajl4WmJQkodVDLAxU
WNW2BmYZgSGML2oVgVVVGXQAvIXtAZq6rWw80u94ygU1NfVyds1I1idQKYUGMs6b
3/W+GnUVcr9VS1Db6fW5RQwftW3xosgobfLTkfZlp+BwHCwguAbgjTJLpG2zWVm5
Me1wXb+f1IwKFHTWp1M+6i0j9ujpwR/kDMw/xOZAGZJ4szFTa3Vqo9KYxhCrSADT
PGIxMkP9MnyPkjhszmf99aMROU9Jz82f0+DsaBQBoJO4nkPkBd7Tlke8KhA9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmy0GBCJxFkYKpEAaAYQ6OKv8OWowHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nTANBgkqhkiG9w0BAQsFAAOCAQEATZyOSXt8p5W+d6WtZb4vdyrUk/SPqFY7245T
AxvNfFeed1dkn7aRR23nrnX8dGx+Fef1jKrN0VH1QPFtwTHQpbSOawOJgCmHnAqS
77O85T+Fz/SfwH2ty6VHJRkfh4Zw2lyvAKkCbt+eC0972sp6aau1Klzt9DlHv3BR
DSkJW6eqqcwlGwmdvNU9LlneVGwyEcjMm2uQ2Sn9mBh88RnuYLiCuU6h3h9rWTkm
PsUQ8/V/4OcqY707PTvjobJFch7Qm8if+anKdNkY1sMt+WKw6601dQDEKGDlHePC
P/OQmNuH6eUuvA1XUIP7Y/WUZSqqF+38pBPpRzA8qCkHQvBC+A==
-----END CERTIFICATE-----