Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135392e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          5ICgVR+Y70LBuhaomxl+7SytbRBAnRI9owa2t6kAfTk=
Subject key identifier:   49:32:74:68:F6:E0:7F:27:E4:9D:07:F6:35:F5:AE:23:D4:A8:8C:4E
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       483656F77720374DA64704EDAD7EA4B74425A23A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:46 +0000
ROA not before:           Mon 27 Jan 2025 09:39:46 +0000
ROA not after:            Mon 26 Jan 2026 09:44:46 +0000
asID:                     47583
IP address blocks:        194.5.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:36:56:f7:77:20:37:4d:a6:47:04:ed:ad:7e:a4:b7:44:25:a2:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:46 2025 GMT
            Not After : Jan 26 09:44:46 2026 GMT
        Subject: CN=49327468F6E07F27E49D07F635F5AE23D4A88C4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bd:e7:07:1c:61:b2:9f:a7:22:76:26:ba:9a:
                    a3:65:5e:a9:32:53:4b:19:05:56:11:99:ba:eb:a8:
                    7d:de:08:07:bb:14:a1:c4:7c:30:b4:b7:b5:68:da:
                    40:d2:25:b0:da:07:5a:f3:f2:a3:23:a8:89:0c:99:
                    7b:02:d5:a3:93:d1:67:eb:9b:4e:da:7d:e8:cc:0f:
                    5c:9e:32:33:4e:8b:b5:84:63:36:8e:8b:55:2e:5a:
                    14:9d:47:20:81:bc:3f:0e:b0:1f:df:cb:c4:62:a2:
                    54:d5:eb:7b:d8:98:aa:65:0e:3d:8c:b0:f4:65:7b:
                    b4:00:e6:a4:c1:19:2b:46:55:80:df:f7:32:85:29:
                    26:90:49:e4:81:bb:ba:5c:44:6e:6a:22:25:06:8a:
                    54:e2:42:b2:70:97:08:8e:65:db:e9:a1:e6:3b:b0:
                    52:e2:a2:f9:0d:e6:54:09:74:f5:bf:d1:b9:d5:df:
                    36:7d:ca:80:f3:fb:2c:2a:37:6d:d5:69:e5:b4:eb:
                    f9:05:d0:c3:9a:0d:65:8e:56:b2:b8:05:11:a0:de:
                    a6:f5:e3:37:dc:b6:3a:57:4b:79:46:6f:49:63:72:
                    2c:cf:6d:f3:83:13:d5:4e:84:33:c6:31:f1:a8:90:
                    a3:e5:9d:38:a7:7d:39:43:8c:fa:bb:e2:97:a3:12:
                    2c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:32:74:68:F6:E0:7F:27:E4:9D:07:F6:35:F5:AE:23:D4:A8:8C:4E
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d2:7a:81:c4:a5:91:78:d5:87:9d:fa:f3:08:cb:6e:a5:a3:
         cb:67:1a:d8:43:b5:a5:cf:41:9a:12:12:84:22:8f:37:80:2c:
         6b:96:76:21:9b:8b:6f:66:e1:54:0f:80:08:93:99:25:88:8d:
         9c:d0:32:63:86:ef:69:b5:2e:cd:df:73:24:f0:c5:22:11:69:
         00:ec:e3:cf:b2:e5:03:a9:9b:3a:f2:b1:42:f9:24:bb:0b:3f:
         7d:92:bc:0f:da:b5:e9:f6:2b:f0:1b:e7:38:b2:50:da:f4:8b:
         c2:28:2c:4a:03:fb:1b:67:8e:a9:a2:cc:84:16:13:20:21:6f:
         08:2a:f8:be:a7:f0:b2:23:33:24:1d:b6:33:40:99:51:f0:0f:
         08:dc:9a:9a:ee:88:77:db:b5:95:d2:9e:a8:3a:6d:01:30:f0:
         7e:9b:65:61:f8:54:ed:0e:f3:16:84:60:0d:97:72:73:8b:03:
         49:0d:7f:39:de:2b:95:a9:af:b0:3f:71:16:17:d8:c3:a8:89:
         b2:b2:77:76:27:ab:72:c5:8c:5d:2e:2a:6c:d0:c1:30:a4:a4:
         3c:71:1f:59:92:db:ba:49:c6:51:d0:6a:d2:61:9a:69:76:fd:
         6c:a3:43:f9:11:44:28:60:1c:e2:79:62:cf:3e:d2:90:41:f6:
         94:a2:4b:69
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSDZW93cgN02mRwTtrX6kt0QlojowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDZaFw0yNjAxMjYwOTQ0NDZaMDMxMTAvBgNV
BAMTKDQ5MzI3NDY4RjZFMDdGMjdFNDlEMDdGNjM1RjVBRTIzRDRBODhDNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDvecHHGGyn6cidia6mqNlXqky
U0sZBVYRmbrrqH3eCAe7FKHEfDC0t7Vo2kDSJbDaB1rz8qMjqIkMmXsC1aOT0Wfr
m07afejMD1yeMjNOi7WEYzaOi1UuWhSdRyCBvD8OsB/fy8RiolTV63vYmKplDj2M
sPRle7QA5qTBGStGVYDf9zKFKSaQSeSBu7pcRG5qIiUGilTiQrJwlwiOZdvpoeY7
sFLiovkN5lQJdPW/0bnV3zZ9yoDz+ywqN23VaeW06/kF0MOaDWWOVrK4BRGg3qb1
4zfctjpXS3lGb0ljcizPbfODE9VOhDPGMfGokKPlnTinfTlDjPq74pejEiydAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSTJ0aPbgfyfknQf2NfWuI9SojE4wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nzANBgkqhkiG9w0BAQsFAAOCAQEAiNJ6gcSlkXjVh5368wjLbqWjy2ca2EO1pc9B
mhIShCKPN4Asa5Z2IZuLb2bhVA+ACJOZJYiNnNAyY4bvabUuzd9zJPDFIhFpAOzj
z7LlA6mbOvKxQvkkuws/fZK8D9q16fYr8BvnOLJQ2vSLwigsSgP7G2eOqaLMhBYT
ICFvCCr4vqfwsiMzJB22M0CZUfAPCNyamu6Id9u1ldKeqDptATDwfptlYfhU7Q7z
FoRgDZdyc4sDSQ1/Od4rlamvsD9xFhfYw6iJsrJ3diercsWMXS4qbNDBMKSkPHEf
WZLbuknGUdBq0mGaaXb9bKND+RFEKGAc4nlizz7SkEH2lKJLaQ==
-----END CERTIFICATE-----