Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          WTEeSwLYeBpw5aMlkvZcbzunAudNmQHEa1di///SgRA=
Subject key identifier:   72:5E:4F:AB:9A:38:7E:CD:20:DC:E8:70:4F:D1:B2:3A:73:81:87:E0
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       34BF3BB15FA422C3D8F46AB66A9EE96BEB1733DE
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:40 +0000
ROA not before:           Mon 26 Feb 2024 08:47:40 +0000
ROA not after:            Mon 24 Feb 2025 08:52:40 +0000
asID:                     47583
IP address blocks:        194.5.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:bf:3b:b1:5f:a4:22:c3:d8:f4:6a:b6:6a:9e:e9:6b:eb:17:33:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:40 2024 GMT
            Not After : Feb 24 08:52:40 2025 GMT
        Subject: CN=725E4FAB9A387ECD20DCE8704FD1B23A738187E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:23:2c:a5:06:60:09:6e:3d:c1:54:f2:64:
                    bc:07:ec:38:5f:f7:41:da:ef:c1:00:37:23:0e:2f:
                    ad:e5:6d:10:2a:94:06:e0:69:47:06:d6:98:45:6d:
                    3a:a6:0d:76:cd:9b:ea:5a:75:95:49:94:a9:c5:76:
                    ea:67:88:b0:c9:8f:1e:9b:df:5a:4d:eb:22:24:b1:
                    bc:25:68:26:69:aa:87:d2:b5:cf:63:24:5b:2c:64:
                    72:73:2e:0c:98:0a:bf:9e:38:cd:1c:3f:30:1f:2c:
                    f1:75:0d:9a:b9:5c:31:51:05:60:05:79:cd:37:80:
                    2b:fa:1a:38:e4:c2:ad:e2:ec:00:92:f0:1a:34:4a:
                    bc:ef:53:11:9f:0c:57:b1:42:57:d4:e4:08:14:4f:
                    95:3b:c6:11:ad:95:64:f3:ef:67:fc:1a:de:0f:88:
                    69:c0:66:7b:d8:29:93:a8:1f:6e:d0:9c:43:c3:94:
                    b2:bd:3a:06:bc:03:1d:c8:d8:af:3c:00:eb:52:5d:
                    49:ef:94:8d:92:f1:5f:49:61:28:61:05:78:10:b6:
                    f8:8e:5a:6c:af:db:6c:55:3f:55:18:c5:47:5d:a3:
                    07:d6:15:51:a4:c7:61:21:99:cf:39:1d:da:40:c5:
                    06:a0:be:02:56:c6:f1:78:7b:fe:02:8a:cd:c9:9c:
                    94:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5E:4F:AB:9A:38:7E:CD:20:DC:E8:70:4F:D1:B2:3A:73:81:87:E0
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:6c:26:32:66:04:cb:4a:95:ec:41:3e:62:06:6a:13:e7:0c:
         17:38:47:1c:d0:7b:01:f1:ee:fc:b9:42:aa:ac:6f:28:ef:97:
         de:23:26:fb:92:85:b2:73:5d:9b:cb:bd:bf:25:cd:18:75:76:
         12:23:b0:73:5f:bc:71:e6:25:8c:ff:f7:a9:4a:93:e2:ed:5a:
         9c:72:14:9b:d2:b4:a5:4b:54:18:04:56:32:aa:b1:72:45:53:
         19:3d:1c:bb:12:2b:57:85:0c:2b:84:1b:05:17:34:80:a3:4a:
         73:d0:99:89:bf:41:80:6e:d5:45:4a:84:20:7c:10:8f:96:4b:
         fd:df:71:0b:dc:88:34:78:63:6b:ae:6f:fa:bf:29:55:9e:0c:
         04:a0:7f:32:e4:24:9c:d3:f2:fd:1a:46:71:2c:28:c9:e6:fc:
         c1:5b:84:0d:b6:de:aa:92:49:43:cb:98:41:03:cd:c2:41:8f:
         b9:d3:18:6c:01:99:39:a4:19:35:45:3f:ae:33:14:53:7a:00:
         de:b0:2a:9f:2d:f1:bc:fd:b9:ba:6f:de:1d:fc:bb:90:ad:1b:
         bf:e0:aa:82:9f:fb:1d:80:5b:71:2a:64:a8:11:cf:30:e3:64:
         c9:6b:46:1b:f5:07:82:cc:a3:55:03:a3:e5:7c:47:ee:59:2b:
         e6:06:03:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNL87sV+kIsPY9Gq2ap7pa+sXM94wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDBaFw0yNTAyMjQwODUyNDBaMDMxMTAvBgNV
BAMTKDcyNUU0RkFCOUEzODdFQ0QyMERDRTg3MDRGRDFCMjNBNzM4MTg3RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCXCMspQZgCW49wVTyZLwH7Dhf
90Ha78EANyMOL63lbRAqlAbgaUcG1phFbTqmDXbNm+padZVJlKnFdupniLDJjx6b
31pN6yIksbwlaCZpqofStc9jJFssZHJzLgyYCr+eOM0cPzAfLPF1DZq5XDFRBWAF
ec03gCv6Gjjkwq3i7ACS8Bo0SrzvUxGfDFexQlfU5AgUT5U7xhGtlWTz72f8Gt4P
iGnAZnvYKZOoH27QnEPDlLK9Oga8Ax3I2K88AOtSXUnvlI2S8V9JYShhBXgQtviO
Wmyv22xVP1UYxUddowfWFVGkx2Ehmc85HdpAxQagvgJWxvF4e/4Cis3JnJSbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcl5Pq5o4fs0g3OhwT9GyOnOBh+AwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nTANBgkqhkiG9w0BAQsFAAOCAQEArmwmMmYEy0qV7EE+YgZqE+cMFzhHHNB7AfHu
/LlCqqxvKO+X3iMm+5KFsnNdm8u9vyXNGHV2EiOwc1+8ceYljP/3qUqT4u1anHIU
m9K0pUtUGARWMqqxckVTGT0cuxIrV4UMK4QbBRc0gKNKc9CZib9BgG7VRUqEIHwQ
j5ZL/d9xC9yINHhja65v+r8pVZ4MBKB/MuQknNPy/RpGcSwoyeb8wVuEDbbeqpJJ
Q8uYQQPNwkGPudMYbAGZOaQZNUU/rjMUU3oA3rAqny3xvP25um/eHfy7kK0bv+Cq
gp/7HYBbcSpkqBHPMONkyWtGG/UHgsyjVQOj5XxH7lkr5gYDLA==
-----END CERTIFICATE-----