Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          hOig8WA5Vqg7dh9P1nVAwZtrhmNJjHXQqOWeozWb67I=
Subject key identifier:   BC:87:79:76:70:58:F8:DD:45:2D:18:EF:12:D9:39:39:37:60:1D:08
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       04968611682E9C735AD861C3BFFF813EF6A4C666
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:17 +0000
ROA not before:           Thu 15 May 2025 10:41:17 +0000
ROA not after:            Thu 14 May 2026 10:46:17 +0000
asID:                     47583
IP address blocks:        195.35.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:10:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:96:86:11:68:2e:9c:73:5a:d8:61:c3:bf:ff:81:3e:f6:a4:c6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:17 2025 GMT
            Not After : May 14 10:46:17 2026 GMT
        Subject: CN=BC8779767058F8DD452D18EF12D9393937601D08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a6:ce:83:81:99:4a:c2:40:7e:f6:8a:55:18:
                    b9:f9:1d:94:f4:7a:eb:10:cc:fc:5b:b1:34:f9:9d:
                    b0:08:22:26:3f:2d:5b:5f:63:34:27:b3:76:4b:e4:
                    e3:d8:6d:8b:76:3d:88:3d:aa:49:fa:69:df:dc:02:
                    39:e0:d9:dc:de:2d:45:25:02:8a:09:c6:9c:76:d7:
                    9d:c0:58:cb:bd:9c:11:14:6d:1e:5d:aa:5e:76:8d:
                    4a:7d:f4:76:6e:72:f5:59:85:34:13:7b:61:64:7d:
                    8a:c0:ce:89:df:02:3b:d5:2c:b5:26:33:1a:e4:5d:
                    f9:22:fc:e3:60:90:1a:3b:7a:0a:56:6a:6e:4d:0c:
                    df:b6:c3:a9:de:88:e8:6c:2e:54:5c:ad:8a:b2:98:
                    44:53:c9:97:9e:de:aa:03:3c:d6:bd:5a:b9:a6:11:
                    4f:28:ca:90:27:dc:13:3e:22:25:c1:48:71:a1:fd:
                    d8:df:c4:a2:1f:3a:a4:5e:7b:7d:47:54:5c:f3:b2:
                    bd:78:c2:c7:09:94:69:b6:6a:12:dc:71:a4:c7:2c:
                    ba:8c:12:06:e8:a7:b7:a7:b7:1e:ff:a5:e0:23:3d:
                    b6:0e:ac:28:87:c0:4d:80:24:4f:d7:3f:be:4b:fe:
                    42:e5:dc:3b:1a:21:30:4d:9e:d3:02:d3:fb:19:b6:
                    08:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:87:79:76:70:58:F8:DD:45:2D:18:EF:12:D9:39:39:37:60:1D:08
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:fa:cc:7c:3f:93:09:d6:84:48:9a:18:24:49:2b:0c:13:a0:
         59:6b:6a:0d:03:12:cd:ef:b2:b5:ec:37:eb:60:e2:3f:2a:7f:
         f6:2e:a4:4d:0d:af:fd:c3:c5:77:99:08:a6:09:04:72:5d:00:
         6c:25:fa:c8:6a:4c:3a:8e:66:cc:6b:46:b3:5d:75:ba:bc:46:
         48:e4:5f:77:37:95:63:2f:1e:59:2a:6d:be:3b:1d:cb:b4:95:
         c6:a2:7f:a7:10:83:1b:87:e2:66:23:ee:f1:74:9a:8b:98:18:
         27:ef:25:bb:3e:f8:6e:3c:2d:c1:a7:35:30:cf:9b:c7:1b:e8:
         ab:3a:e0:f9:21:49:e4:b5:40:48:f6:8d:4e:29:68:0f:41:45:
         b1:d0:63:44:fd:a3:b6:ec:8e:ee:4f:60:0d:dd:1f:34:e9:cc:
         a8:3f:08:5a:32:1a:7d:99:68:c3:99:12:06:95:fe:92:ca:61:
         c9:d2:2d:20:a6:7d:67:d8:f1:61:05:51:28:82:a0:c0:02:6c:
         5e:fa:da:dc:a0:6f:88:eb:4e:9e:61:56:f9:f7:51:89:d8:1d:
         3b:83:c2:37:81:67:e3:0a:01:7f:64:72:a4:4a:de:cc:7c:84:
         d3:10:80:b5:e0:9d:36:44:74:04:ee:83:ad:ec:cc:2c:35:10:
         97:0f:32:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBJaGEWgunHNa2GHDv/+BPvakxmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTdaFw0yNjA1MTQxMDQ2MTdaMDMxMTAvBgNV
BAMTKEJDODc3OTc2NzA1OEY4REQ0NTJEMThFRjEyRDkzOTM5Mzc2MDFEMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdps6DgZlKwkB+9opVGLn5HZT0
eusQzPxbsTT5nbAIIiY/LVtfYzQns3ZL5OPYbYt2PYg9qkn6ad/cAjng2dzeLUUl
AooJxpx2153AWMu9nBEUbR5dql52jUp99HZucvVZhTQTe2FkfYrAzonfAjvVLLUm
MxrkXfki/ONgkBo7egpWam5NDN+2w6neiOhsLlRcrYqymERTyZee3qoDPNa9Wrmm
EU8oypAn3BM+IiXBSHGh/djfxKIfOqRee31HVFzzsr14wscJlGm2ahLccaTHLLqM
Egbop7entx7/peAjPbYOrCiHwE2AJE/XP75L/kLl3DsaITBNntMC0/sZtgitAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvId5dnBY+N1FLRjvEtk5OTdgHQgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
KDANBgkqhkiG9w0BAQsFAAOCAQEARvrMfD+TCdaESJoYJEkrDBOgWWtqDQMSze+y
tew362DiPyp/9i6kTQ2v/cPFd5kIpgkEcl0AbCX6yGpMOo5mzGtGs111urxGSORf
dzeVYy8eWSptvjsdy7SVxqJ/pxCDG4fiZiPu8XSai5gYJ+8luz74bjwtwac1MM+b
xxvoqzrg+SFJ5LVASPaNTiloD0FFsdBjRP2jtuyO7k9gDd0fNOnMqD8IWjIafZlo
w5kSBpX+ksphydItIKZ9Z9jxYQVRKIKgwAJsXvra3KBviOtOnmFW+fdRidgdO4PC
N4Fn4woBf2RypErezHyE0xCAteCdNkR0BO6DrezMLDUQlw8yUg==
-----END CERTIFICATE-----