Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32342e302f32312d3231203d3e20313938303930.roa
File:                     38302e37352e32342e302f32312d3231203d3e20313938303930.roa (raw, json)
Hash identifier:          fuC8qLTh7jU3eGA8Pe3U2lG39Jmv912g3whIVDVN6s8=
Subject key identifier:   51:37:1E:4A:58:9F:BB:B6:34:F2:B7:4D:15:6B:B6:DD:A7:A8:E6:87
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5FA539375AB4347D6856FC7DD489EA9BE46A2975
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32342e302f32312d3231203d3e20313938303930.roa
Signing time:             Mon 26 Feb 2024 08:53:05 +0000
ROA not before:           Mon 26 Feb 2024 08:48:05 +0000
ROA not after:            Mon 24 Feb 2025 08:53:05 +0000
asID:                     198090
IP address blocks:        80.75.24.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a5:39:37:5a:b4:34:7d:68:56:fc:7d:d4:89:ea:9b:e4:6a:29:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:05 2024 GMT
            Not After : Feb 24 08:53:05 2025 GMT
        Subject: CN=51371E4A589FBBB634F2B74D156BB6DDA7A8E687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:61:b2:ef:75:1e:3d:60:cb:bd:44:06:34:6f:
                    84:6a:89:98:0a:59:a6:31:47:bf:bf:f5:d3:12:6a:
                    ac:69:e3:33:c3:d3:79:bf:78:e2:7d:2a:23:15:43:
                    dd:9b:7f:34:1c:38:99:55:68:6f:ef:f2:72:2c:bf:
                    80:5b:52:fe:4a:6e:5b:67:b2:b0:5f:8c:51:9b:07:
                    bb:c2:ba:7b:31:24:80:39:0d:31:80:53:73:0a:f6:
                    a5:42:64:40:4c:15:c7:a5:de:e7:db:8b:22:3e:fc:
                    0c:48:a6:c3:18:c2:79:86:89:45:b7:57:33:f7:0b:
                    3e:00:4b:3a:4e:21:d9:08:8b:db:45:93:5c:3c:95:
                    dc:cd:33:18:4c:ac:a7:ab:cf:c6:bd:83:c6:98:9e:
                    54:47:a4:0f:a4:4d:a6:8c:63:6c:39:74:98:14:06:
                    1a:0c:ef:2a:4f:83:94:a0:37:d0:0c:83:c0:60:84:
                    53:ac:87:87:e6:0e:c5:aa:44:b3:4e:1e:b8:07:34:
                    85:6d:29:2e:7a:73:3b:48:97:61:b2:25:cc:63:9b:
                    fe:30:eb:36:78:8f:1f:bf:e0:f9:e2:f8:4a:f0:a9:
                    13:f1:84:43:d2:9e:e4:81:2b:0b:37:f1:b0:2c:88:
                    f2:5d:c0:fd:40:62:c1:dc:f8:20:60:28:bb:04:60:
                    23:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:37:1E:4A:58:9F:BB:B6:34:F2:B7:4D:15:6B:B6:DD:A7:A8:E6:87
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32342e302f32312d3231203d3e20313938303930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:62:b3:99:6e:e8:99:81:b7:11:1a:f5:e2:d6:58:73:96:a7:
         24:4b:06:1e:99:7b:b5:af:14:72:18:ba:0f:db:eb:7e:8b:1f:
         d3:a1:6a:0d:ff:19:79:c5:29:2a:d7:01:28:7e:32:c9:14:4a:
         53:ac:d0:b7:aa:f0:3d:86:75:75:11:5c:bd:49:ad:11:d6:be:
         1d:74:65:fd:6e:aa:09:12:df:82:bf:92:ec:da:39:04:83:99:
         a3:26:86:81:ac:88:3e:c6:e4:47:d3:3d:14:27:60:8a:2f:25:
         3d:76:29:4a:95:63:25:b3:01:17:70:26:a8:be:d2:29:b3:cf:
         c7:c3:2a:bd:f6:f0:3b:8f:cf:0a:d0:0f:66:a4:95:61:8c:2b:
         c8:ed:0b:96:f5:a7:1b:15:ca:44:b8:e7:22:6a:fb:e3:78:02:
         a9:be:68:f6:b1:4d:60:7c:b8:4d:a6:30:3c:9b:05:de:f2:9b:
         75:5a:1d:8a:5f:75:3e:09:b6:63:7c:25:45:23:39:f4:34:94:
         39:51:38:59:29:7b:89:bb:42:df:1e:75:9f:11:d5:29:e4:db:
         9e:e5:ae:91:c0:bc:7a:6f:1a:12:8b:47:1c:83:77:d0:0e:4c:
         8b:81:b4:6e:65:52:81:95:f9:1d:1b:bd:d7:b2:b0:c9:36:ad:
         88:89:e1:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUX6U5N1q0NH1oVvx91Inqm+RqKXUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDVaFw0yNTAyMjQwODUzMDVaMDMxMTAvBgNV
BAMTKDUxMzcxRTRBNTg5RkJCQjYzNEYyQjc0RDE1NkJCNkREQTdBOEU2ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSYbLvdR49YMu9RAY0b4RqiZgK
WaYxR7+/9dMSaqxp4zPD03m/eOJ9KiMVQ92bfzQcOJlVaG/v8nIsv4BbUv5Kbltn
srBfjFGbB7vCunsxJIA5DTGAU3MK9qVCZEBMFcel3ufbiyI+/AxIpsMYwnmGiUW3
VzP3Cz4ASzpOIdkIi9tFk1w8ldzNMxhMrKerz8a9g8aYnlRHpA+kTaaMY2w5dJgU
BhoM7ypPg5SgN9AMg8BghFOsh4fmDsWqRLNOHrgHNIVtKS56cztIl2GyJcxjm/4w
6zZ4jx+/4Pni+ErwqRPxhEPSnuSBKws38bAsiPJdwP1AYsHc+CBgKLsEYCPNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUTceSlifu7Y08rdNFWu23aeo5ocwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzIzNDJl
MzAyZjMyMzEyZDMyMzEyMDNkM2UyMDMxMzkzODMwMzkzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1BL
GDANBgkqhkiG9w0BAQsFAAOCAQEAG2KzmW7omYG3ERr14tZYc5anJEsGHpl7ta8U
chi6D9vrfosf06FqDf8ZecUpKtcBKH4yyRRKU6zQt6rwPYZ1dRFcvUmtEda+HXRl
/W6qCRLfgr+S7No5BIOZoyaGgayIPsbkR9M9FCdgii8lPXYpSpVjJbMBF3AmqL7S
KbPPx8MqvfbwO4/PCtAPZqSVYYwryO0LlvWnGxXKRLjnImr743gCqb5o9rFNYHy4
TaYwPJsF3vKbdVodil91Pgm2Y3wlRSM59DSUOVE4WSl7ibtC3x51nxHVKeTbnuWu
kcC8em8aEotHHIN30A5Mi4G0bmVSgZX5HRu917KwyTatiInhxA==
-----END CERTIFICATE-----