Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38302e302f32312d3231203d3e203437353833.roa
File:                     38322e3139372e38302e302f32312d3231203d3e203437353833.roa (raw, json)
Hash identifier:          07uoPb+Gqh0OXqKGvOZhD8E7S7AHlaLHV8H3PyVSZAI=
Subject key identifier:   23:D2:4C:15:88:FC:3E:06:EA:21:0E:99:5E:C7:F6:D7:9E:7A:D1:89
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       58E9FDDFF10088EB64C7BE0433B92435873D362C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38302e302f32312d3231203d3e203437353833.roa
Signing time:             Wed 31 Jan 2024 12:06:58 +0000
ROA not before:           Wed 31 Jan 2024 12:01:58 +0000
ROA not after:            Wed 29 Jan 2025 12:06:58 +0000
asID:                     47583
IP address blocks:        82.197.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e9:fd:df:f1:00:88:eb:64:c7:be:04:33:b9:24:35:87:3d:36:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 31 12:01:58 2024 GMT
            Not After : Jan 29 12:06:58 2025 GMT
        Subject: CN=23D24C1588FC3E06EA210E995EC7F6D79E7AD189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:da:59:17:77:76:19:16:4b:00:78:77:34:52:
                    51:ae:5d:c0:86:9c:05:da:3a:0f:50:04:1e:90:29:
                    eb:84:d2:7e:27:0b:8f:88:06:a6:d6:53:27:69:72:
                    6d:ab:66:fd:bf:07:49:e7:d7:0d:6b:c2:3d:2d:bc:
                    31:36:17:26:5a:51:66:96:84:05:3d:79:f2:51:1d:
                    42:bc:d5:1f:72:14:a3:21:f3:b9:d7:63:10:3e:3c:
                    fb:6b:00:2c:2a:b3:62:8e:4c:f0:c5:69:b0:1c:87:
                    e1:10:b8:a2:a2:7e:90:01:39:d8:06:60:9e:9e:6c:
                    20:39:68:84:d2:4e:e3:90:fc:de:0f:e7:f8:75:39:
                    cd:06:22:5e:00:ce:1b:6b:ee:28:4e:81:17:6e:34:
                    82:cc:57:b1:2f:a8:24:30:50:98:9a:2d:83:87:20:
                    1b:3b:ce:81:bb:74:0b:bb:f4:b5:f2:51:2c:b9:7c:
                    1d:4a:4e:c4:fd:43:23:2a:2b:e2:86:f8:24:d4:50:
                    8d:a4:e1:55:97:a9:45:73:d9:df:8a:9a:72:ef:29:
                    92:56:40:e4:94:dd:d5:62:4e:3e:9a:fe:18:98:85:
                    8a:96:12:96:b8:77:fd:7e:c0:13:e6:a2:1d:6f:0b:
                    6c:4d:7c:92:e3:70:dd:a5:d3:c5:38:cf:e0:d6:aa:
                    4c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D2:4C:15:88:FC:3E:06:EA:21:0E:99:5E:C7:F6:D7:9E:7A:D1:89
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38302e302f32312d3231203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:cb:04:24:e7:63:fe:35:33:9f:ab:ed:cd:a6:e8:51:d6:b3:
         fb:a6:2f:a0:99:c2:e8:ba:c0:98:df:4d:1e:7d:d0:04:e8:98:
         95:62:7a:8e:0b:dd:5b:7c:74:5b:5b:24:ae:d9:4e:02:c6:96:
         eb:6d:7d:b2:96:45:96:fa:c6:dc:7c:c5:97:a9:9c:42:4f:74:
         b7:55:ae:53:75:9c:6e:a4:3a:5c:71:d7:a0:d6:54:c8:8c:8b:
         30:b4:ba:6b:0f:95:d5:f8:f2:ca:90:42:3d:be:ec:e7:a2:98:
         e7:6e:f2:06:c6:13:ab:73:57:09:99:1c:a0:a1:f7:e2:d3:a1:
         bc:94:12:8e:84:c4:be:b8:e2:f0:26:cb:a1:c8:d5:70:81:80:
         b8:c8:66:ba:17:8f:a9:c1:18:06:4a:af:6d:70:b9:b0:24:0c:
         81:91:2e:a4:9e:00:60:db:b4:9b:2e:e5:67:c0:d7:10:3b:37:
         f9:c5:e1:23:52:db:1a:cf:19:f2:e1:f0:14:f6:64:e5:a3:4e:
         ad:6f:9d:11:f2:5e:78:29:67:97:dc:b1:a9:27:9a:ed:ab:15:
         0d:4d:d8:cf:a1:48:54:32:03:98:40:4c:19:f3:79:07:f8:aa:
         16:40:97:25:f1:7d:e0:5e:19:00:18:fc:76:e2:16:03:d8:a0:
         92:5d:25:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWOn93/EAiOtkx74EM7kkNYc9NiwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMzExMjAxNThaFw0yNTAxMjkxMjA2NThaMDMxMTAvBgNV
BAMTKDIzRDI0QzE1ODhGQzNFMDZFQTIxMEU5OTVFQzdGNkQ3OUU3QUQxODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS2lkXd3YZFksAeHc0UlGuXcCG
nAXaOg9QBB6QKeuE0n4nC4+IBqbWUydpcm2rZv2/B0nn1w1rwj0tvDE2FyZaUWaW
hAU9efJRHUK81R9yFKMh87nXYxA+PPtrACwqs2KOTPDFabAch+EQuKKifpABOdgG
YJ6ebCA5aITSTuOQ/N4P5/h1Oc0GIl4Azhtr7ihOgRduNILMV7EvqCQwUJiaLYOH
IBs7zoG7dAu79LXyUSy5fB1KTsT9QyMqK+KG+CTUUI2k4VWXqUVz2d+KmnLvKZJW
QOSU3dViTj6a/hiYhYqWEpa4d/1+wBPmoh1vC2xNfJLjcN2l08U4z+DWqkzNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUI9JMFYj8PgbqIQ6ZXsf215560YkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzODMw
MmUzMDJmMzIzMTJkMzIzMTIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1LF
UDANBgkqhkiG9w0BAQsFAAOCAQEAdssEJOdj/jUzn6vtzaboUdaz+6YvoJnC6LrA
mN9NHn3QBOiYlWJ6jgvdW3x0W1skrtlOAsaW6219spZFlvrG3HzFl6mcQk90t1Wu
U3WcbqQ6XHHXoNZUyIyLMLS6aw+V1fjyypBCPb7s56KY527yBsYTq3NXCZkcoKH3
4tOhvJQSjoTEvrji8CbLocjVcIGAuMhmuhePqcEYBkqvbXC5sCQMgZEupJ4AYNu0
my7lZ8DXEDs3+cXhI1LbGs8Z8uHwFPZk5aNOrW+dEfJeeClnl9yxqSea7asVDU3Y
z6FIVDIDmEBMGfN5B/iqFkCXJfF94F4ZABj8duIWA9igkl0lMw==
-----END CERTIFICATE-----