Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa
File:                     38312e31372e39362e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier:          e2ScMoYNCiJCPhf4Ex7rP0YREMFw4F+2HcvFyXCKbEU=
Subject key identifier:   65:18:8F:E1:37:4D:9C:55:E2:75:6E:97:45:3F:5E:65:AE:31:03:68
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1A49CC38E84E04DF7AF698104B4F2B997CCEAAA4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa
Signing time:             Thu 04 Apr 2024 20:35:17 +0000
ROA not before:           Thu 04 Apr 2024 20:30:17 +0000
ROA not after:            Thu 03 Apr 2025 20:35:17 +0000
asID:                     51167
IP address blocks:        81.17.96.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:49:cc:38:e8:4e:04:df:7a:f6:98:10:4b:4f:2b:99:7c:ce:aa:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  4 20:30:17 2024 GMT
            Not After : Apr  3 20:35:17 2025 GMT
        Subject: CN=65188FE1374D9C55E2756E97453F5E65AE310368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a7:16:58:eb:09:86:78:83:90:91:81:b7:b4:
                    e8:38:80:de:c7:15:88:2a:cc:20:39:ca:11:f1:08:
                    45:1a:0b:af:54:88:61:ea:09:a8:de:fe:1e:33:6d:
                    4a:9c:5c:3c:13:47:80:89:a2:50:37:14:50:bf:76:
                    ee:bb:db:80:68:f9:13:f7:70:0b:dd:16:f6:ea:9f:
                    95:a2:3f:18:d6:45:e5:f5:a0:86:c7:84:4a:7f:40:
                    43:33:6f:57:cf:bb:da:4f:a2:b5:eb:7c:6e:b8:17:
                    89:7c:d4:bd:81:b6:e6:4f:67:44:6e:b8:ec:02:69:
                    5e:50:00:34:c5:de:ab:c5:8c:76:d7:cf:f1:f2:fe:
                    36:51:63:48:b4:7d:a3:0c:ab:12:b7:ab:cd:0b:de:
                    6e:a9:4b:9e:d8:c1:66:5a:a6:cb:ab:4d:b6:5b:92:
                    30:fc:e5:aa:5f:ad:02:24:b7:61:68:b4:20:69:1b:
                    85:76:95:03:a7:48:92:74:b9:bc:f2:0b:38:13:19:
                    bd:0b:be:ca:f3:02:9b:a4:10:14:f3:5b:68:43:62:
                    8f:80:2c:76:86:ac:a0:3f:7a:bb:6f:ab:68:86:f9:
                    55:50:04:68:93:0e:12:3f:5f:68:36:a1:85:96:89:
                    99:f8:3f:ac:5b:43:69:f5:ac:9d:82:f8:75:42:5b:
                    f5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:18:8F:E1:37:4D:9C:55:E2:75:6E:97:45:3F:5E:65:AE:31:03:68
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38312e31372e39362e302f32312d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.17.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:bd:30:19:99:08:14:ba:63:20:be:9e:2b:47:64:5d:b2:9e:
         c4:0e:09:d4:5c:56:29:e5:9f:66:a2:c6:74:14:84:87:69:6d:
         09:bb:37:8e:09:a0:d5:90:5f:9d:1e:1e:8d:a6:35:df:d8:60:
         bc:0f:71:e4:c7:86:25:01:61:30:18:0d:b3:c1:0b:21:b3:96:
         bd:e1:d7:e9:cd:de:78:bc:a7:93:33:71:92:f5:fb:db:f7:bf:
         2e:59:4d:03:c2:9e:48:85:4b:af:28:9a:0d:82:47:ce:c7:e9:
         14:6c:14:b2:bf:94:81:18:d7:3f:67:f0:e0:1e:cc:f9:2a:84:
         73:3b:dc:b6:7c:a9:30:6b:4b:e0:3c:d5:0d:a4:b7:26:37:fc:
         7d:f0:10:96:11:6e:65:c3:29:ee:1b:74:ac:2b:11:c8:8d:fc:
         74:a2:17:a7:95:f0:34:9d:e0:54:18:b8:f0:4c:3a:56:a4:04:
         b4:26:c8:be:ac:d8:65:c0:4c:cd:95:6f:10:aa:86:f2:e3:86:
         e3:4b:f2:9d:2f:02:8a:ff:d7:eb:7d:67:9d:67:25:65:75:eb:
         54:2b:04:61:97:2d:fe:f6:57:5d:d1:d7:0d:6c:ba:04:74:95:
         3f:0a:fd:ce:33:c6:ad:da:c9:5f:58:2c:ad:78:2e:2f:c8:ea:
         6a:2d:13:cf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGknMOOhOBN969pgQS08rmXzOqqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDQyMDMwMTdaFw0yNTA0MDMyMDM1MTdaMDMxMTAvBgNV
BAMTKDY1MTg4RkUxMzc0RDlDNTVFMjc1NkU5NzQ1M0Y1RTY1QUUzMTAzNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSpxZY6wmGeIOQkYG3tOg4gN7H
FYgqzCA5yhHxCEUaC69UiGHqCaje/h4zbUqcXDwTR4CJolA3FFC/du6724Bo+RP3
cAvdFvbqn5WiPxjWReX1oIbHhEp/QEMzb1fPu9pPorXrfG64F4l81L2BtuZPZ0Ru
uOwCaV5QADTF3qvFjHbXz/Hy/jZRY0i0faMMqxK3q80L3m6pS57YwWZapsurTbZb
kjD85apfrQIkt2FotCBpG4V2lQOnSJJ0ubzyCzgTGb0LvsrzApukEBTzW2hDYo+A
LHaGrKA/ertvq2iG+VVQBGiTDhI/X2g2oYWWiZn4P6xbQ2n1rJ2C+HVCW/XTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZRiP4TdNnFXidW6XRT9eZa4xA2gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMTJlMzEzNzJlMzkzNjJl
MzAyZjMyMzEyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANREWAw
DQYJKoZIhvcNAQELBQADggEBADW9MBmZCBS6YyC+nitHZF2ynsQOCdRcVinln2ai
xnQUhIdpbQm7N44JoNWQX50eHo2mNd/YYLwPceTHhiUBYTAYDbPBCyGzlr3h1+nN
3ni8p5MzcZL1+9v3vy5ZTQPCnkiFS68omg2CR87H6RRsFLK/lIEY1z9n8OAezPkq
hHM73LZ8qTBrS+A81Q2ktyY3/H3wEJYRbmXDKe4bdKwrEciN/HSiF6eV8DSd4FQY
uPBMOlakBLQmyL6s2GXATM2VbxCqhvLjhuNL8p0vAor/1+t9Z51nJWV161QrBGGX
Lf72V13R1w1sugR0lT8K/c4zxq3ayV9YLK14Li/I6motE88=
-----END CERTIFICATE-----