Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3231203d3e203437353833.roa
File:                     38322e3139372e38382e302f32312d3231203d3e203437353833.roa (raw, json)
Hash identifier:          ec/MXgLL7PTmUoTe4ddCqvtv0edm6ZzoYN+tgbaQ440=
Subject key identifier:   99:9D:18:1D:DD:A3:90:EE:51:A9:E9:AB:77:8A:43:8D:D6:A9:44:A0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       293FFA872A6438CD3E167F889A65799EFE86DA5D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3231203d3e203437353833.roa
Signing time:             Wed 31 Jan 2024 12:07:08 +0000
ROA not before:           Wed 31 Jan 2024 12:02:08 +0000
ROA not after:            Wed 29 Jan 2025 12:07:08 +0000
asID:                     47583
IP address blocks:        82.197.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:3f:fa:87:2a:64:38:cd:3e:16:7f:88:9a:65:79:9e:fe:86:da:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 31 12:02:08 2024 GMT
            Not After : Jan 29 12:07:08 2025 GMT
        Subject: CN=999D181DDDA390EE51A9E9AB778A438DD6A944A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:83:50:f3:f4:ff:4c:1d:b6:6e:67:9b:2f:e4:
                    71:e7:c3:e5:13:c9:ce:da:79:f7:fe:60:c9:b4:ea:
                    4a:88:34:ab:8a:81:76:10:68:68:a0:12:88:03:51:
                    55:de:b2:52:7b:53:a8:b2:73:9a:ad:cc:f2:70:27:
                    a1:3c:22:69:aa:fa:b9:e6:cc:86:cd:d0:34:2b:42:
                    44:52:86:ba:69:57:d3:d5:09:b9:24:31:75:f0:0b:
                    a3:64:22:2b:ab:60:06:8d:11:10:e2:67:1b:94:29:
                    2c:ae:10:2a:b1:77:bd:ec:8b:e8:8e:6d:06:19:48:
                    d4:d3:3a:69:40:69:b7:49:87:64:22:38:49:ef:f4:
                    ac:52:88:d3:0f:e1:ee:b9:8b:f3:10:46:22:30:cc:
                    9e:78:6d:e6:f6:07:e6:fd:d1:42:c3:c4:2b:9a:d6:
                    1a:55:1e:2f:a6:dc:9f:5d:4c:5c:89:0b:5d:69:53:
                    69:7e:a2:b2:de:83:4d:a5:bd:6c:31:f0:64:1b:98:
                    39:7c:5b:6c:df:b9:2d:b6:2b:b8:f9:82:7d:89:f6:
                    07:3e:35:9b:c5:e3:5a:31:fc:ee:e4:5e:90:5c:c4:
                    05:f5:4c:91:08:88:e6:ef:71:ad:1f:50:29:a3:b0:
                    71:46:d7:d6:1c:32:12:33:cf:4f:40:5a:a2:60:bd:
                    4e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:9D:18:1D:DD:A3:90:EE:51:A9:E9:AB:77:8A:43:8D:D6:A9:44:A0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3231203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:96:0c:9a:73:5b:a2:df:04:0c:b3:b7:24:81:b6:c6:d2:af:
         d5:c6:35:17:5e:2e:aa:7b:54:1b:fb:62:56:1c:f3:e3:89:4a:
         08:77:ee:84:c5:99:a0:7f:af:4f:c3:44:ec:e4:9d:61:d9:59:
         18:d5:90:f6:77:66:6e:b2:5e:f7:da:6e:78:01:87:66:a2:2d:
         1b:16:c4:2b:e9:7e:f6:aa:14:0c:7a:01:e8:b1:5c:ab:0b:fc:
         d2:e2:c6:fc:da:4c:54:49:ed:81:4e:e8:f0:e9:d2:04:01:b8:
         77:5c:d7:f3:7a:07:3b:7e:31:d0:48:ff:54:f4:81:1e:47:4f:
         48:5e:e6:87:db:50:cf:2d:c2:e6:1a:b0:f3:26:0b:9e:7b:ab:
         de:ce:b0:12:9c:02:5a:23:7b:70:b0:0c:5d:97:61:d5:ab:0f:
         1d:41:2c:9c:20:b2:68:21:26:27:79:d8:c6:9b:13:41:5c:82:
         9c:c7:4b:f2:58:b2:4c:78:b8:d7:d6:26:ae:15:c5:b9:9e:d5:
         73:3b:7a:2f:5f:52:f4:a0:3a:85:2b:93:0e:2b:6d:e1:40:d8:
         28:f4:f7:64:ac:f6:98:21:7c:36:97:7f:1b:fe:5d:a9:4d:fb:
         35:61:55:b3:40:e6:c1:a2:df:c8:74:c2:20:3e:62:e3:ae:d6:
         45:65:62:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKT/6hypkOM0+Fn+ImmV5nv6G2l0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMzExMjAyMDhaFw0yNTAxMjkxMjA3MDhaMDMxMTAvBgNV
BAMTKDk5OUQxODFERERBMzkwRUU1MUE5RTlBQjc3OEE0MzhERDZBOTQ0QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjg1Dz9P9MHbZuZ5sv5HHnw+UT
yc7aeff+YMm06kqINKuKgXYQaGigEogDUVXeslJ7U6iyc5qtzPJwJ6E8Immq+rnm
zIbN0DQrQkRShrppV9PVCbkkMXXwC6NkIiurYAaNERDiZxuUKSyuECqxd73si+iO
bQYZSNTTOmlAabdJh2QiOEnv9KxSiNMP4e65i/MQRiIwzJ54beb2B+b90ULDxCua
1hpVHi+m3J9dTFyJC11pU2l+orLeg02lvWwx8GQbmDl8W2zfuS22K7j5gn2J9gc+
NZvF41ox/O7kXpBcxAX1TJEIiObvca0fUCmjsHFG19YcMhIzz09AWqJgvU5XAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmZ0YHd2jkO5Rqemrd4pDjdapRKAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzODM4
MmUzMDJmMzIzMTJkMzIzMTIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1LF
WDANBgkqhkiG9w0BAQsFAAOCAQEAPZYMmnNbot8EDLO3JIG2xtKv1cY1F14uqntU
G/tiVhzz44lKCHfuhMWZoH+vT8NE7OSdYdlZGNWQ9ndmbrJe99pueAGHZqItGxbE
K+l+9qoUDHoB6LFcqwv80uLG/NpMVEntgU7o8OnSBAG4d1zX83oHO34x0Ej/VPSB
HkdPSF7mh9tQzy3C5hqw8yYLnnur3s6wEpwCWiN7cLAMXZdh1asPHUEsnCCyaCEm
J3nYxpsTQVyCnMdL8liyTHi419YmrhXFuZ7Vczt6L19S9KA6hSuTDitt4UDYKPT3
ZKz2mCF8Npd/G/5dqU37NWFVs0DmwaLfyHTCID5i467WRWViRA==
-----END CERTIFICATE-----