Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa
File:                     3139342e352e3135392e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Kdl+mykwUe1tTSHG6wKDF9JQJhh90CtTmiG/Se5YlLo=
Subject key identifier:   18:41:B7:0B:68:81:E8:9D:52:3C:23:78:58:6F:E2:9C:2E:84:BA:5B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       69EAB5CF31FAC62F0580F7B87678C8B68D5C7E3A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     47583
IP address blocks:        194.5.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ea:b5:cf:31:fa:c6:2f:05:80:f7:b8:76:78:c8:b6:8d:5c:7e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=1841B70B6881E89D523C2378586FE29C2E84BA5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:1c:9e:05:f4:5e:b1:67:f8:2f:d0:20:97:
                    7e:a2:43:b9:e8:90:e2:f5:b0:16:11:c4:bd:50:b0:
                    1c:d5:b9:a2:ff:77:07:93:27:8a:2f:3c:23:67:0c:
                    74:d6:60:b7:bc:ab:47:0c:8a:e8:bc:6a:8b:99:3c:
                    b0:b8:87:4d:77:34:e2:92:a3:c0:7a:fd:b8:9b:26:
                    ec:74:60:43:72:0c:65:cb:bf:2b:fd:43:c7:f7:f7:
                    ac:90:78:ba:9f:3f:f1:4f:2b:fc:b3:84:7d:2b:49:
                    a3:8b:d2:1a:68:19:ca:b9:86:4c:43:36:77:c9:29:
                    21:7c:97:e2:30:28:c3:9c:84:93:f8:a4:c6:28:38:
                    3e:d3:98:8c:73:3d:00:87:e3:02:97:d5:de:4e:59:
                    75:47:7c:0d:0e:72:a0:23:6a:64:84:d1:94:fb:d2:
                    0a:c7:46:ad:3f:c4:ed:49:4c:fe:05:50:92:68:fa:
                    03:19:d6:f1:55:4b:f0:b5:39:d4:b4:ef:ec:bf:19:
                    1e:b2:01:2f:36:75:bd:15:cd:a9:15:31:1b:8f:ac:
                    ea:ab:cf:6d:ee:07:5d:5b:bb:5f:26:e9:de:49:58:
                    db:fc:ee:53:05:e9:50:43:93:db:8d:4e:42:37:d7:
                    20:cd:6a:82:34:40:73:83:ab:44:e7:0e:ce:51:8a:
                    b1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:41:B7:0B:68:81:E8:9D:52:3C:23:78:58:6F:E2:9C:2E:84:BA:5B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e352e3135392e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:7d:df:45:19:9b:08:4d:9e:c3:3b:f1:52:0c:89:b5:83:46:
         68:c6:53:22:fc:88:32:eb:92:41:27:ae:fd:52:b3:d9:47:c8:
         bd:d3:e8:28:96:6a:63:70:80:32:fd:35:e6:38:8d:25:8d:73:
         12:54:74:3e:53:90:e3:23:3f:10:30:31:2b:82:39:8f:2d:10:
         0d:84:43:27:78:17:b9:4d:c1:c0:6e:31:7e:f8:45:8f:80:33:
         bc:8e:7f:b7:83:d6:b7:9c:fb:3c:e8:80:ff:eb:3f:fa:2a:b8:
         b5:51:b3:84:1d:4f:05:ca:61:80:72:5b:ea:7a:af:af:91:1a:
         2b:fe:55:60:b6:3c:5d:66:f5:b9:3b:86:1a:27:66:58:7a:20:
         b7:45:0e:5f:5e:ef:bb:79:30:b9:88:9b:1f:8e:96:3e:04:a3:
         f9:c7:41:0c:bf:4b:1c:f2:5d:ad:e3:e9:1f:d3:ca:14:0f:b2:
         11:e5:de:40:0b:96:6e:15:4b:39:4c:c1:74:ef:13:a4:28:94:
         81:23:b4:f0:5a:7f:8d:d4:76:56:94:de:0a:25:72:d4:d7:4e:
         12:d8:f6:66:f4:94:9d:3d:81:fc:46:2f:19:d5:58:21:d0:dd:
         73:05:28:28:9d:e4:8b:a3:51:eb:36:03:c7:b5:58:ce:87:f6:
         21:58:55:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaeq1zzH6xi8FgPe4dnjIto1cfjowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKDE4NDFCNzBCNjg4MUU4OUQ1MjNDMjM3ODU4NkZFMjlDMkU4NEJBNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg7hyeBfResWf4L9Agl36iQ7no
kOL1sBYRxL1QsBzVuaL/dweTJ4ovPCNnDHTWYLe8q0cMiui8aouZPLC4h013NOKS
o8B6/bibJux0YENyDGXLvyv9Q8f396yQeLqfP/FPK/yzhH0rSaOL0hpoGcq5hkxD
NnfJKSF8l+IwKMOchJP4pMYoOD7TmIxzPQCH4wKX1d5OWXVHfA0OcqAjamSE0ZT7
0grHRq0/xO1JTP4FUJJo+gMZ1vFVS/C1OdS07+y/GR6yAS82db0VzakVMRuPrOqr
z23uB11bu18m6d5JWNv87lMF6VBDk9uNTkI31yDNaoI0QHODq0TnDs5RirFRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGEG3C2iB6J1SPCN4WG/inC6EulswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzNTJlMzEzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
nzANBgkqhkiG9w0BAQsFAAOCAQEAr33fRRmbCE2ewzvxUgyJtYNGaMZTIvyIMuuS
QSeu/VKz2UfIvdPoKJZqY3CAMv015jiNJY1zElR0PlOQ4yM/EDAxK4I5jy0QDYRD
J3gXuU3BwG4xfvhFj4AzvI5/t4PWt5z7POiA/+s/+iq4tVGzhB1PBcphgHJb6nqv
r5EaK/5VYLY8XWb1uTuGGidmWHogt0UOX17vu3kwuYibH46WPgSj+cdBDL9LHPJd
rePpH9PKFA+yEeXeQAuWbhVLOUzBdO8TpCiUgSO08Fp/jdR2VpTeCiVy1NdOEtj2
ZvSUnT2B/EYvGdVYIdDdcwUoKJ3ki6NR6zYDx7VYzof2IVhV8w==
-----END CERTIFICATE-----