Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35312e302f32342d3332203d3e203531313637.roa
File:                     38352e3230382e35312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          yIOrIJH5uoJ0q2Gx3C1i3UWI/e0mK+c05OEqzuBExao=
Subject key identifier:   90:5F:6E:67:46:D4:C9:68:DE:79:3A:90:66:97:C4:65:14:9B:C2:18
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5972282AB80723538E9F8A355E4DC2C62456A632
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35312e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Oct 2023 13:41:52 +0000
ROA not before:           Fri 20 Oct 2023 13:36:52 +0000
ROA not after:            Fri 18 Oct 2024 13:41:52 +0000
asID:                     51167
IP address blocks:        85.208.51.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:72:28:2a:b8:07:23:53:8e:9f:8a:35:5e:4d:c2:c6:24:56:a6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:52 2023 GMT
            Not After : Oct 18 13:41:52 2024 GMT
        Subject: CN=905F6E6746D4C968DE793A906697C465149BC218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2f:c5:73:05:56:60:89:cd:b3:58:32:78:df:
                    2d:75:78:50:45:56:f2:a2:1e:70:91:56:99:44:63:
                    67:c7:58:ba:2d:3b:62:82:d8:6f:b8:76:7a:70:c8:
                    82:3f:d7:37:e8:c7:c3:c9:f1:63:bb:c4:9f:ea:52:
                    4b:af:b6:f8:11:47:f6:f7:94:61:d8:96:77:2b:69:
                    3d:b4:39:29:80:1c:94:59:2e:27:33:70:93:68:a8:
                    d6:6a:75:44:0c:9a:ff:27:6c:0e:0c:7f:07:5e:54:
                    85:86:88:93:da:ae:bf:f1:cd:50:65:82:d8:ad:21:
                    e2:ba:7f:1a:bf:e0:a7:16:83:87:ac:e1:d0:8c:cd:
                    e2:1e:c9:a0:3c:32:2b:91:5e:67:1d:df:35:9a:fa:
                    a8:7c:ec:d7:33:58:e4:23:ad:45:0f:42:26:ba:c2:
                    f2:3c:8c:3c:7c:ff:71:93:58:e8:f0:f4:9c:23:98:
                    8e:c4:c5:53:5a:75:b0:4e:13:a9:b3:63:72:f0:ef:
                    9a:26:00:7a:64:73:fe:f3:b9:bb:26:53:a6:8f:ee:
                    34:d1:47:2a:3f:4e:6b:2e:f0:85:be:8a:fb:21:9f:
                    ff:4c:5c:b8:90:1e:60:3c:e5:90:bd:e6:03:ef:b1:
                    ef:09:69:ae:05:01:96:27:21:b9:4d:6c:e6:a7:56:
                    14:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5F:6E:67:46:D4:C9:68:DE:79:3A:90:66:97:C4:65:14:9B:C2:18
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:15:47:88:3e:8f:58:b8:9a:31:88:16:b9:b8:9b:4e:2d:b3:
         ff:e8:27:0d:7a:10:a6:c2:39:f4:ca:a2:36:ab:b5:32:e4:eb:
         82:5c:8e:ab:54:a3:aa:44:07:7b:a0:58:e9:8a:2d:e5:2f:a5:
         08:53:e7:c9:d5:02:25:8f:2c:c1:cf:a8:94:cf:c8:c0:82:b3:
         d4:9a:97:89:c9:43:e9:c7:19:0b:c1:52:da:46:ab:87:19:97:
         70:e8:da:8d:0c:8d:bf:c5:cd:e4:1d:04:53:f3:8f:5c:55:a2:
         4d:a9:a7:b5:ec:0e:5a:89:d4:61:17:25:9b:c2:ee:fb:cf:c5:
         9e:0f:63:75:82:c8:57:7d:8c:10:cc:94:d1:88:d6:49:e2:8d:
         e5:a1:f2:35:ca:0b:39:3c:c8:a8:a3:d4:08:2b:57:05:57:a5:
         3f:71:9c:6e:cb:c8:77:6a:f0:3c:a0:65:53:25:85:dd:aa:04:
         6a:bd:aa:73:bf:c4:71:5c:35:8c:1b:cb:2b:8f:56:7b:f0:d1:
         cf:9f:2f:29:6b:30:29:75:67:33:8e:91:30:36:4b:14:bc:fa:
         9d:8b:a4:f9:0b:37:28:32:01:c5:44:2a:86:7d:8c:e4:3d:e2:
         80:d9:bd:b1:07:2f:a9:d1:e6:16:c9:4a:17:c0:65:b3:33:c3:
         00:46:73:c6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWXIoKrgHI1OOn4o1Xk3CxiRWpjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTJaFw0yNDEwMTgxMzQxNTJaMDMxMTAvBgNV
BAMTKDkwNUY2RTY3NDZENEM5NjhERTc5M0E5MDY2OTdDNDY1MTQ5QkMyMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3L8VzBVZgic2zWDJ43y11eFBF
VvKiHnCRVplEY2fHWLotO2KC2G+4dnpwyII/1zfox8PJ8WO7xJ/qUkuvtvgRR/b3
lGHYlncraT20OSmAHJRZLiczcJNoqNZqdUQMmv8nbA4MfwdeVIWGiJParr/xzVBl
gtitIeK6fxq/4KcWg4es4dCMzeIeyaA8MiuRXmcd3zWa+qh87NczWOQjrUUPQia6
wvI8jDx8/3GTWOjw9JwjmI7ExVNadbBOE6mzY3Lw75omAHpkc/7zubsmU6aP7jTR
Ryo/Tmsu8IW+ivshn/9MXLiQHmA85ZC95gPvse8Jaa4FAZYnIblNbOanVhQ7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkF9uZ0bUyWjeeTqQZpfEZRSbwhgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MzANBgkqhkiG9w0BAQsFAAOCAQEAQhVHiD6PWLiaMYgWubibTi2z/+gnDXoQpsI5
9MqiNqu1MuTrglyOq1SjqkQHe6BY6Yot5S+lCFPnydUCJY8swc+olM/IwIKz1JqX
iclD6ccZC8FS2karhxmXcOjajQyNv8XN5B0EU/OPXFWiTamntewOWonUYRclm8Lu
+8/Fng9jdYLIV32MEMyU0YjWSeKN5aHyNcoLOTzIqKPUCCtXBVelP3GcbsvId2rw
PKBlUyWF3aoEar2qc7/EcVw1jBvLK49We/DRz58vKWswKXVnM46RMDZLFLz6nYuk
+Qs3KDIBxUQqhn2M5D3igNm9sQcvqdHmFslKF8BlszPDAEZzxg==
-----END CERTIFICATE-----