Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135382e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135382e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          JF/Ik1zqJ84XUt0pKvzo422HsHOZM+C2WlKVB9uD4xE=
Subject key identifier:   20:72:1D:88:17:F5:9A:35:33:9B:80:4F:A1:29:E9:EC:AA:BE:DB:3F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       17E6AC6BECA10C8D6D5A7756232ED013446A4765
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135382e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:43 +0000
ROA not before:           Mon 26 Feb 2024 08:47:43 +0000
ROA not after:            Mon 24 Feb 2025 08:52:43 +0000
asID:                     47583
IP address blocks:        194.5.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:e6:ac:6b:ec:a1:0c:8d:6d:5a:77:56:23:2e:d0:13:44:6a:47:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:43 2024 GMT
            Not After : Feb 24 08:52:43 2025 GMT
        Subject: CN=20721D8817F59A35339B804FA129E9ECAABEDB3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3b:21:fd:3e:e4:c7:67:03:62:4b:75:9f:7a:
                    d1:1f:3f:c7:dd:36:18:12:98:59:6f:45:6d:78:93:
                    59:a7:cf:c2:b6:b1:24:be:72:41:d2:b0:93:7b:58:
                    b1:13:9c:52:9c:d8:fa:fb:fa:78:99:74:5e:39:4f:
                    7d:81:8f:6e:59:e2:2b:2d:96:64:72:0d:1e:6e:cb:
                    b5:9e:23:de:14:8f:ea:f5:3e:5e:3b:eb:94:63:7c:
                    74:6c:5e:3b:80:18:a4:33:2c:9e:09:a4:c8:48:18:
                    09:fe:2c:bd:f8:3d:54:f4:e4:7a:ef:ba:33:95:0c:
                    b0:84:7b:9c:b4:fb:c2:f2:38:76:4e:e9:07:ac:b3:
                    81:16:ff:a0:45:e2:5b:96:0f:0f:66:20:f9:06:8d:
                    97:4c:7e:10:f8:eb:67:50:b2:d6:c1:e2:dc:c9:69:
                    b9:fb:64:0d:d9:e6:18:18:ef:1f:73:a3:c4:15:0c:
                    06:58:93:4e:fc:44:e2:50:c9:ac:47:4d:a4:b1:5a:
                    c8:39:02:3b:5b:94:51:8f:76:1e:c9:f6:a3:b5:a1:
                    ea:39:28:cb:25:2f:33:5f:a4:d7:29:c6:69:94:ca:
                    0f:ff:80:40:c3:52:c0:77:9b:2e:36:da:eb:df:c7:
                    5f:ce:c0:c0:44:f8:4c:c8:18:23:f7:63:73:34:6d:
                    e0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:72:1D:88:17:F5:9A:35:33:9B:80:4F:A1:29:E9:EC:AA:BE:DB:3F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135382e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:7f:6c:69:95:f6:cd:4a:0d:06:f7:5c:ae:2d:d1:1c:00:92:
         be:45:91:fb:b0:6f:ff:f9:aa:31:4b:6c:f0:8b:11:cf:6b:60:
         3c:3a:77:00:d8:9e:87:b1:ab:49:20:18:4b:c4:06:b3:84:a2:
         97:27:55:c3:f0:d1:3a:64:b2:0a:4d:26:4b:d7:a8:96:7f:5b:
         2f:46:f1:13:96:fd:08:36:9e:dd:41:25:60:5b:9f:34:b7:49:
         c2:83:b9:bc:23:43:ce:8d:35:3c:25:29:61:85:72:60:34:4c:
         cd:eb:99:82:fa:53:e8:91:f1:5d:f8:09:d5:d1:87:4c:6e:93:
         35:77:4f:a9:5f:a9:c9:d7:84:5c:43:26:a9:6e:5f:e3:4c:e5:
         c6:dc:68:0e:79:2a:18:9c:57:50:31:d7:36:d2:43:79:be:cf:
         78:b8:16:32:16:90:0b:f6:44:2f:b2:8e:68:33:0b:12:7a:5b:
         ee:02:01:67:24:0f:85:4a:31:04:cd:67:73:b4:a0:28:b3:5a:
         8e:58:2e:63:69:d9:97:65:03:dc:b3:1b:a8:be:c5:96:35:33:
         95:58:c9:31:a1:6d:92:6f:17:fe:43:66:2d:8a:ee:01:29:ba:
         d3:a7:b7:0a:a7:70:16:ed:fa:4b:cb:64:59:ce:13:f2:46:34:
         74:1e:15:5f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF+asa+yhDI1tWndWIy7QE0RqR2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDNaFw0yNTAyMjQwODUyNDNaMDMxMTAvBgNV
BAMTKDIwNzIxRDg4MTdGNTlBMzUzMzlCODA0RkExMjlFOUVDQUFCRURCM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAOyH9PuTHZwNiS3WfetEfP8fd
NhgSmFlvRW14k1mnz8K2sSS+ckHSsJN7WLETnFKc2Pr7+niZdF45T32Bj25Z4ist
lmRyDR5uy7WeI94Uj+r1Pl4765RjfHRsXjuAGKQzLJ4JpMhIGAn+LL34PVT05Hrv
ujOVDLCEe5y0+8LyOHZO6Qess4EW/6BF4luWDw9mIPkGjZdMfhD462dQstbB4tzJ
abn7ZA3Z5hgY7x9zo8QVDAZYk078ROJQyaxHTaSxWsg5AjtblFGPdh7J9qO1oeo5
KMslLzNfpNcpxmmUyg//gEDDUsB3my422uvfx1/OwMBE+EzIGCP3Y3M0beClAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIHIdiBf1mjUzm4BPoSnp7Kq+2z8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
njANBgkqhkiG9w0BAQsFAAOCAQEAMH9saZX2zUoNBvdcri3RHACSvkWR+7Bv//mq
MUts8IsRz2tgPDp3ANieh7GrSSAYS8QGs4SilydVw/DROmSyCk0mS9eoln9bL0bx
E5b9CDae3UElYFufNLdJwoO5vCNDzo01PCUpYYVyYDRMzeuZgvpT6JHxXfgJ1dGH
TG6TNXdPqV+pydeEXEMmqW5f40zlxtxoDnkqGJxXUDHXNtJDeb7PeLgWMhaQC/ZE
L7KOaDMLEnpb7gIBZyQPhUoxBM1nc7SgKLNajlguY2nZl2UD3LMbqL7FljUzlVjJ
MaFtkm8X/kNmLYruASm606e3CqdwFu36S8tkWc4T8kY0dB4VXw==
-----END CERTIFICATE-----