Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
File:                     3139352e3138342e39322e302f32332d3233203d3e2035343634.roa (raw, json)
Hash identifier:          OKc3uZvr3kmY38TGv/j5cCd/d8TD6IBU2hGWJY9u+K0=
Subject key identifier:   4B:56:54:D3:0F:54:0D:54:0F:88:95:17:F5:93:93:9F:BF:6F:3A:1B
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       2AC45B644805C958631641DFC911AFCD894B3562
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
Signing time:             Wed 23 Apr 2025 09:54:04 +0000
ROA not before:           Wed 23 Apr 2025 09:49:04 +0000
ROA not after:            Wed 22 Apr 2026 09:54:04 +0000
asID:                     5464
IP address blocks:        195.184.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:09:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c4:5b:64:48:05:c9:58:63:16:41:df:c9:11:af:cd:89:4b:35:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Apr 23 09:49:04 2025 GMT
            Not After : Apr 22 09:54:04 2026 GMT
        Subject: CN=4B5654D30F540D540F889517F593939FBF6F3A1B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:15:3e:77:0c:47:45:b3:f1:b8:be:96:93:
                    81:e9:88:ee:4b:d5:30:39:02:b8:36:9a:3c:6f:a4:
                    7a:74:ca:0c:d5:c4:85:5e:d6:0c:82:be:a4:f3:98:
                    36:27:76:40:fe:4f:b5:ee:aa:4c:0b:a0:8d:4c:86:
                    1e:2d:27:ce:b3:83:20:f0:6d:20:55:78:68:82:15:
                    69:d8:4a:d1:0f:db:84:2e:f1:be:cf:22:72:6d:f1:
                    21:d7:e7:5d:c5:fb:5d:69:6b:ac:5c:45:a3:17:2f:
                    a4:a9:32:9a:8a:73:32:62:55:20:b7:b0:87:dd:45:
                    77:a7:6c:6e:9e:bb:d2:94:de:dc:45:d6:dc:56:e0:
                    7b:7b:f6:10:7c:e7:1c:c3:57:63:22:8a:51:ca:53:
                    36:f9:2f:0f:44:25:0a:07:3c:f7:bb:20:4e:73:9e:
                    ff:04:cc:7c:db:20:5a:e4:66:04:04:e2:44:e8:83:
                    39:b4:af:ed:e9:ad:21:a9:7e:25:71:02:70:7c:79:
                    75:63:f8:85:57:b6:27:43:99:6b:1c:47:0c:0a:6e:
                    38:f1:4d:08:7d:f7:83:28:77:ff:ae:40:34:1a:e9:
                    3d:19:76:38:93:74:cf:70:db:f2:db:ab:ce:91:81:
                    0c:3c:13:9a:7f:c9:cb:96:76:78:4b:2b:bd:6e:fb:
                    c9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:56:54:D3:0F:54:0D:54:0F:88:95:17:F5:93:93:9F:BF:6F:3A:1B
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:7d:6a:74:9f:44:26:82:8e:4a:97:50:c7:d9:02:7c:d7:26:
         b7:78:73:89:ec:80:32:6c:06:61:c2:e8:72:9b:57:98:04:c4:
         bb:f9:b4:3e:97:00:8f:1d:77:8e:b1:b6:96:c7:d5:95:26:22:
         bc:48:42:9e:e0:31:fb:45:15:27:9e:f6:96:e6:f5:2c:ba:a2:
         61:74:05:ec:2b:87:9c:e2:f5:d3:fd:57:9c:10:f3:ce:61:69:
         48:41:d7:2c:1a:7a:57:a5:76:f0:41:f0:2b:c9:67:5c:6d:b5:
         cf:8b:f3:db:85:37:04:6e:7a:82:d3:28:eb:16:79:d0:87:c9:
         de:6f:76:28:c6:d2:32:02:08:ee:9a:bc:b5:1d:8a:12:78:00:
         b4:b2:b0:70:c5:4c:5f:99:68:ca:4c:be:07:8c:42:a0:8d:6a:
         ee:9a:55:82:01:81:34:c7:85:c2:f9:1e:79:e6:0e:e2:77:81:
         87:8e:a5:b5:6f:a7:64:f8:65:49:b7:ba:d9:dc:15:dc:3c:02:
         a4:be:31:dc:e2:cf:d4:51:ee:64:9f:70:36:5e:9b:bf:de:f8:
         fe:ba:19:84:a2:20:39:58:cb:aa:fd:7e:2f:d5:70:ac:29:65:
         98:67:18:52:08:8d:6a:5a:2d:9d:f5:a4:32:f9:b8:27:5c:f7:
         2e:66:8f:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKsRbZEgFyVhjFkHfyRGvzYlLNWIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNTA0MjMwOTQ5MDRaFw0yNjA0MjIwOTU0MDRaMDMxMTAvBgNV
BAMTKDRCNTY1NEQzMEY1NDBENTQwRjg4OTUxN0Y1OTM5MzlGQkY2RjNBMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi4RU+dwxHRbPxuL6Wk4HpiO5L
1TA5Arg2mjxvpHp0ygzVxIVe1gyCvqTzmDYndkD+T7XuqkwLoI1Mhh4tJ86zgyDw
bSBVeGiCFWnYStEP24Qu8b7PInJt8SHX513F+11pa6xcRaMXL6SpMpqKczJiVSC3
sIfdRXenbG6eu9KU3txF1txW4Ht79hB85xzDV2MiilHKUzb5Lw9EJQoHPPe7IE5z
nv8EzHzbIFrkZgQE4kTogzm0r+3prSGpfiVxAnB8eXVj+IVXtidDmWscRwwKbjjx
TQh994Mod/+uQDQa6T0ZdjiTdM9w2/Lbq86RgQw8E5p/ycuWdnhLK71u+8lxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUS1ZU0w9UDVQPiJUX9ZOTn79vOhswHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzOTM1MmUzMTM4MzQyZTM5
MzIyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNTM0MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcO4
XDANBgkqhkiG9w0BAQsFAAOCAQEAbX1qdJ9EJoKOSpdQx9kCfNcmt3hzieyAMmwG
YcLocptXmATEu/m0PpcAjx13jrG2lsfVlSYivEhCnuAx+0UVJ572lub1LLqiYXQF
7CuHnOL10/1XnBDzzmFpSEHXLBp6V6V28EHwK8lnXG21z4vz24U3BG56gtMo6xZ5
0IfJ3m92KMbSMgII7pq8tR2KEngAtLKwcMVMX5loyky+B4xCoI1q7ppVggGBNMeF
wvkeeeYO4neBh46ltW+nZPhlSbe62dwV3DwCpL4x3OLP1FHuZJ9wNl6bv974/roZ
hKIgOVjLqv1+L9VwrCllmGcYUgiNalotnfWkMvm4J1z3LmaP0Q==
-----END CERTIFICATE-----