Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203531313637.roa
File:                     3135392e34382e35332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          k0M7Ug6kW+e80oRuYFzP0T7aV0cXqgH02frplZKdEMU=
Subject key identifier:   F1:89:AA:B0:72:25:CC:41:09:BA:47:95:35:3E:83:FE:ED:CF:6E:99
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       46805BE90431F5A47808789C7D8838178B78D6BB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 16 Apr 2025 08:46:06 +0000
ROA not before:           Wed 16 Apr 2025 08:41:06 +0000
ROA not after:            Wed 15 Apr 2026 08:46:06 +0000
asID:                     51167
IP address blocks:        159.48.53.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:80:5b:e9:04:31:f5:a4:78:08:78:9c:7d:88:38:17:8b:78:d6:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 16 08:41:06 2025 GMT
            Not After : Apr 15 08:46:06 2026 GMT
        Subject: CN=F189AAB07225CC4109BA4795353E83FEEDCF6E99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4c:3b:89:9f:93:25:56:f9:ec:5a:02:34:f4:
                    18:34:62:90:2a:f3:0b:a3:a4:bc:3b:94:90:69:ba:
                    fa:7e:65:e7:5b:40:42:57:85:a0:5f:22:59:fd:49:
                    ee:c0:60:28:ef:15:10:9f:a6:a3:e8:b2:6f:40:41:
                    ee:8f:e9:5e:94:5c:06:95:cf:a1:0b:14:2c:aa:d7:
                    9c:da:a5:0c:05:39:4b:4c:8b:a3:b6:03:08:f0:27:
                    a8:22:27:8d:ee:61:9f:5c:7a:84:b7:94:f4:4f:41:
                    18:8a:fe:7d:1c:46:92:dc:2b:4c:5f:35:74:7d:ac:
                    78:49:47:a3:53:6a:c7:ee:24:6b:62:01:d7:a7:70:
                    20:2c:1a:c6:49:9b:87:5c:65:94:99:54:43:08:1c:
                    b7:52:88:a3:02:fd:53:2d:9b:ce:ce:1c:54:98:46:
                    22:10:f6:c5:cb:f6:fd:b2:d4:80:de:3d:ba:07:2d:
                    cf:9b:10:7c:46:75:e7:6f:0b:ee:38:c9:8f:98:7a:
                    06:aa:5d:a0:ff:ef:79:57:79:43:79:1a:49:d2:68:
                    42:f4:7b:b3:9c:3f:0b:54:8b:a0:5e:78:0a:2b:5d:
                    70:26:ab:3b:bc:39:bf:47:cf:48:44:51:24:e3:db:
                    32:67:89:04:c9:b6:c3:fe:3d:f4:50:b9:c3:f6:5e:
                    89:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:89:AA:B0:72:25:CC:41:09:BA:47:95:35:3E:83:FE:ED:CF:6E:99
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.48.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:b3:01:45:c3:cd:8f:ff:94:2f:fa:56:60:f1:48:44:27:02:
         70:04:0c:a0:16:0b:68:05:f2:7e:58:2b:42:0f:b9:ae:fb:8e:
         70:3d:f9:da:f1:5a:21:b9:9c:62:69:b7:ad:10:3e:92:0c:83:
         af:38:e6:46:90:7e:b6:7b:43:ad:70:c7:c1:cd:26:7e:88:a5:
         ef:11:2b:4f:95:1d:21:6f:e6:50:3b:2e:d7:f1:84:10:4a:24:
         42:07:e1:1d:31:e8:02:80:03:29:84:36:19:86:70:b2:43:a1:
         f5:82:42:f6:99:fc:99:24:4d:e4:37:1a:e7:45:ea:8f:36:de:
         01:82:6e:d9:a2:76:af:62:95:62:4d:e2:f1:85:9e:8e:e8:47:
         8a:43:ac:bb:af:e2:ba:e8:30:f6:04:85:79:da:10:c0:60:24:
         68:0e:5e:2c:88:c8:fc:bf:83:c6:c7:11:07:a0:b6:46:a3:3d:
         ec:fd:ba:b0:74:22:f4:ee:e1:03:04:c2:8a:68:ce:c6:ef:8f:
         72:85:15:8b:16:13:b5:0e:6a:b1:54:38:55:f7:cb:0d:93:fa:
         22:3c:65:0c:b8:89:9f:4f:d3:f2:99:3d:56:a9:03:38:f2:30:
         f3:b8:39:46:02:5a:59:80:64:17:44:f8:0c:31:65:4e:b3:82:
         2b:da:26:91
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURoBb6QQx9aR4CHicfYg4F4t41rswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA0MTYwODQxMDZaFw0yNjA0MTUwODQ2MDZaMDMxMTAvBgNV
BAMTKEYxODlBQUIwNzIyNUNDNDEwOUJBNDc5NTM1M0U4M0ZFRURDRjZFOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjTDuJn5MlVvnsWgI09Bg0YpAq
8wujpLw7lJBpuvp+ZedbQEJXhaBfIln9Se7AYCjvFRCfpqPosm9AQe6P6V6UXAaV
z6ELFCyq15zapQwFOUtMi6O2AwjwJ6giJ43uYZ9ceoS3lPRPQRiK/n0cRpLcK0xf
NXR9rHhJR6NTasfuJGtiAdencCAsGsZJm4dcZZSZVEMIHLdSiKMC/VMtm87OHFSY
RiIQ9sXL9v2y1IDePboHLc+bEHxGdedvC+44yY+YegaqXaD/73lXeUN5GknSaEL0
e7OcPwtUi6BeeAorXXAmqzu8Ob9Hz0hEUSTj2zJniQTJtsP+PfRQucP2XomfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8YmqsHIlzEEJukeVNT6D/u3PbpkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM5MmUzNDM4MmUzNTMz
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ8w
NTANBgkqhkiG9w0BAQsFAAOCAQEACrMBRcPNj/+UL/pWYPFIRCcCcAQMoBYLaAXy
flgrQg+5rvuOcD352vFaIbmcYmm3rRA+kgyDrzjmRpB+tntDrXDHwc0mfoil7xEr
T5UdIW/mUDsu1/GEEEokQgfhHTHoAoADKYQ2GYZwskOh9YJC9pn8mSRN5Dca50Xq
jzbeAYJu2aJ2r2KVYk3i8YWejuhHikOsu6/iuugw9gSFedoQwGAkaA5eLIjI/L+D
xscRB6C2RqM97P26sHQi9O7hAwTCimjOxu+PcoUVixYTtQ5qsVQ4VffLDZP6Ijxl
DLiJn0/T8pk9VqkDOPIw87g5RgJaWYBkF0T4DDFlTrOCK9omkQ==
-----END CERTIFICATE-----