Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e352e3135322e302f32342d3332203d3e203531313637.roa
File:                     3139342e352e3135322e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          vgiOjG/wtEPJEn733TLYGnYxRateIkYjPFu/cpD2Vbk=
Subject key identifier:   1C:67:EE:B0:9D:86:61:29:72:AC:74:0E:FA:2D:A9:FE:3A:BD:5C:FD
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       0A8150735AC9BE356E804AF03D7C7635BD7E91C2
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e352e3135322e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:49 +0000
ROA not before:           Mon 26 Feb 2024 08:48:49 +0000
ROA not after:            Mon 24 Feb 2025 08:53:49 +0000
asID:                     51167
IP address blocks:        194.5.152.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:81:50:73:5a:c9:be:35:6e:80:4a:f0:3d:7c:76:35:bd:7e:91:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:49 2024 GMT
            Not After : Feb 24 08:53:49 2025 GMT
        Subject: CN=1C67EEB09D86612972AC740EFA2DA9FE3ABD5CFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:18:b5:1b:e8:3f:8a:4e:6a:98:4f:5f:53:29:
                    c0:ca:26:13:f7:7b:2a:71:31:8a:d6:4c:90:cf:89:
                    9f:11:d7:48:88:1b:d7:f0:e9:18:10:a5:42:a4:e5:
                    d0:a9:cd:de:a2:79:de:01:5d:5c:11:32:1d:42:4f:
                    c9:74:e8:8a:0f:2f:ca:dd:0a:54:1c:1c:22:94:90:
                    f8:98:5c:c2:78:7a:62:02:59:da:17:82:1b:1f:61:
                    f0:53:2c:bd:27:f9:67:f0:39:ee:07:0a:86:12:41:
                    7a:de:8c:a1:78:24:55:30:c3:bf:c4:33:14:d1:af:
                    fa:d6:2b:2d:44:7c:ee:f0:8d:1a:59:34:1c:e5:a5:
                    30:08:51:80:50:f1:95:d7:ae:d5:b2:09:0f:3c:b6:
                    a4:a2:22:b7:59:9d:ba:1f:9a:ca:a4:d0:bd:16:32:
                    f7:95:c8:64:6c:e5:56:f6:db:e9:c1:a3:59:99:d0:
                    cd:71:ab:e8:77:5a:66:d9:ff:20:80:0e:23:16:75:
                    e1:c2:89:db:75:74:f2:01:5d:02:36:03:09:69:fa:
                    61:4e:61:7e:c2:86:09:d6:09:2b:e7:ca:fe:90:7b:
                    b0:61:55:ea:d1:93:0a:e3:6b:65:d5:fa:11:e0:db:
                    a6:2c:8f:85:23:07:a0:9f:2d:9c:f3:1d:89:76:57:
                    c4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:67:EE:B0:9D:86:61:29:72:AC:74:0E:FA:2D:A9:FE:3A:BD:5C:FD
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139342e352e3135322e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:18:19:c6:30:ad:14:4e:ad:d9:91:c7:06:99:fe:ab:bc:4b:
         3f:52:ce:36:54:de:54:5a:b3:50:ae:af:47:d3:4f:06:79:1c:
         91:a9:1b:27:de:ff:8e:74:f5:c7:13:bc:49:ac:95:9c:8a:2a:
         88:ae:ca:4c:55:37:5d:20:f9:ed:93:42:16:2f:5e:a9:37:39:
         8c:fe:cd:c6:6f:0b:c3:58:a4:15:b7:94:23:e6:6f:06:15:65:
         35:ec:66:2c:ad:e6:aa:15:63:76:bd:6c:41:25:0e:d9:1d:6b:
         96:f7:b0:2f:35:69:3f:4b:8b:a5:14:3a:04:3a:9d:25:3c:bc:
         a0:18:c5:f7:05:23:13:f2:98:d9:34:03:88:7e:db:92:40:41:
         21:48:49:7c:be:4d:f9:29:14:65:9d:6c:95:af:7b:2d:60:b2:
         7b:43:a3:24:a9:dc:03:e8:37:2d:fa:46:eb:ce:09:ad:2c:ed:
         7e:96:66:41:3e:6e:d6:7d:7c:fc:6d:54:8a:2b:79:29:d2:3b:
         2a:eb:fc:3e:dc:00:92:70:26:30:41:bd:42:fc:c5:1f:f5:86:
         eb:51:7e:c9:bb:c1:ce:b5:58:43:e6:89:0f:f7:22:b1:f7:06:
         fe:89:6f:ec:90:56:d7:e3:5f:59:4c:89:28:8c:d4:e3:c1:8f:
         16:40:6f:6b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCoFQc1rJvjVugErwPXx2Nb1+kcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDlaFw0yNTAyMjQwODUzNDlaMDMxMTAvBgNV
BAMTKDFDNjdFRUIwOUQ4NjYxMjk3MkFDNzQwRUZBMkRBOUZFM0FCRDVDRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWGLUb6D+KTmqYT19TKcDKJhP3
eypxMYrWTJDPiZ8R10iIG9fw6RgQpUKk5dCpzd6ied4BXVwRMh1CT8l06IoPL8rd
ClQcHCKUkPiYXMJ4emICWdoXghsfYfBTLL0n+WfwOe4HCoYSQXrejKF4JFUww7/E
MxTRr/rWKy1EfO7wjRpZNBzlpTAIUYBQ8ZXXrtWyCQ88tqSiIrdZnbofmsqk0L0W
MveVyGRs5Vb22+nBo1mZ0M1xq+h3WmbZ/yCADiMWdeHCidt1dPIBXQI2Awlp+mFO
YX7ChgnWCSvnyv6Qe7BhVerRkwrja2XV+hHg26Ysj4UjB6CfLZzzHYl2V8Q9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHGfusJ2GYSlyrHQO+i2p/jq9XP0wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzOTM0MmUzNTJlMzEzNTMy
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIF
mDANBgkqhkiG9w0BAQsFAAOCAQEAeBgZxjCtFE6t2ZHHBpn+q7xLP1LONlTeVFqz
UK6vR9NPBnkckakbJ97/jnT1xxO8SayVnIoqiK7KTFU3XSD57ZNCFi9eqTc5jP7N
xm8Lw1ikFbeUI+ZvBhVlNexmLK3mqhVjdr1sQSUO2R1rlvewLzVpP0uLpRQ6BDqd
JTy8oBjF9wUjE/KY2TQDiH7bkkBBIUhJfL5N+SkUZZ1sla97LWCye0OjJKncA+g3
LfpG684JrSztfpZmQT5u1n18/G1Uiit5KdI7Kuv8PtwAknAmMEG9QvzFH/WG61F+
ybvBzrVYQ+aJD/cisfcG/olv7JBW1+NfWUyJKIzU48GPFkBvaw==
-----END CERTIFICATE-----