Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3232382e302f32322d3234203d3e203437353833.roa
File:                     38352e33312e3232382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          IVKGyLpkdTZEVc2SHMuJszNz+7tVexPfRAjiNeR1ThM=
Subject key identifier:   48:D9:33:BE:74:0B:41:AD:13:17:2C:96:55:BF:25:24:FC:73:EC:31
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4D94760F157BE8784EEC1430740763460650A30F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3232382e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 18 Aug 2023 06:43:36 +0000
ROA not before:           Fri 18 Aug 2023 06:38:36 +0000
ROA not after:            Fri 16 Aug 2024 06:43:36 +0000
asID:                     47583
IP address blocks:        85.31.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:94:76:0f:15:7b:e8:78:4e:ec:14:30:74:07:63:46:06:50:a3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 18 06:38:36 2023 GMT
            Not After : Aug 16 06:43:36 2024 GMT
        Subject: CN=48D933BE740B41AD13172C9655BF2524FC73EC31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1e:ba:49:53:2c:42:78:f6:4d:d8:a1:38:fb:
                    9a:2f:e8:3b:34:64:f8:5b:46:ea:8b:b1:a7:6f:68:
                    62:07:a9:a0:7c:db:dc:16:2c:53:13:26:f7:fc:f8:
                    89:55:bd:12:09:03:40:70:55:cf:71:b1:bc:98:8c:
                    ad:96:4e:73:61:d2:42:97:f6:ff:72:6f:c1:02:e4:
                    33:1f:65:4b:d0:3e:98:99:95:c1:da:eb:90:17:61:
                    4c:5a:2f:bf:31:f6:c8:32:8c:b2:fc:80:f1:7f:08:
                    68:e1:32:1f:01:70:c3:b6:04:44:1b:97:7f:67:18:
                    f0:62:70:47:95:80:c5:79:b5:12:f5:5d:6c:b7:b6:
                    3e:7b:82:99:3d:b0:59:96:6b:dd:d5:b2:8a:41:a9:
                    03:55:33:12:df:15:35:73:39:ac:65:90:93:12:8f:
                    ff:97:aa:83:a0:8f:33:cd:02:0b:13:a7:92:99:1a:
                    30:1c:36:07:e3:25:79:08:ae:c7:d4:90:ec:52:ea:
                    d9:64:6a:5c:81:11:db:96:04:7c:c1:f7:4a:a5:92:
                    81:1e:4a:2a:05:41:af:a7:8d:df:5b:54:13:6f:2e:
                    f7:2f:7e:dc:c2:fa:0d:de:6d:bf:84:84:82:a0:10:
                    85:e6:10:d7:a6:fc:20:39:55:55:5f:92:4c:58:fd:
                    53:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D9:33:BE:74:0B:41:AD:13:17:2C:96:55:BF:25:24:FC:73:EC:31
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3232382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:f0:c4:a5:2f:da:77:e6:a8:41:a3:50:87:a1:f7:a9:41:f1:
         b0:cb:0a:e0:b7:a4:3d:71:22:43:08:cd:8a:26:d4:69:31:b4:
         8f:43:a1:97:c0:ca:9f:99:18:e5:31:0a:1b:3d:2b:0e:5f:f2:
         ec:5b:b4:15:b4:7f:03:45:01:e9:2f:e8:ab:f2:0e:c5:be:5d:
         b2:37:3c:ec:cc:f2:f9:ee:66:a5:1d:32:cb:a6:46:d7:0f:45:
         86:fd:e5:95:e4:49:0f:2f:97:5f:8f:fd:db:2e:b2:6b:3b:05:
         92:6a:ff:57:2c:a6:d7:34:f9:5b:f3:89:80:6c:d1:9e:f9:50:
         d5:d2:2d:4c:da:42:04:d3:1a:d3:98:b0:b4:96:84:1c:7b:9d:
         94:1a:37:8f:eb:d2:d7:e8:14:e6:a4:6e:e8:5e:4b:60:aa:42:
         cf:de:8c:28:1b:74:be:63:d4:51:5a:51:8a:8e:0b:82:2a:5b:
         8e:53:c3:6b:92:db:55:c7:3f:cd:d7:ce:ab:06:1f:37:ac:44:
         2f:d2:82:12:e0:30:53:b3:62:cc:ce:be:97:ad:38:1e:9c:ec:
         a4:cc:69:0a:05:0c:ed:6a:d6:c9:1e:3d:45:e6:de:bf:53:04:
         82:35:42:be:9a:08:3e:12:98:c1:00:93:9b:0c:bf:ce:f8:16:
         74:b1:86:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTZR2DxV76HhO7BQwdAdjRgZQow8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MTgwNjM4MzZaFw0yNDA4MTYwNjQzMzZaMDMxMTAvBgNV
BAMTKDQ4RDkzM0JFNzQwQjQxQUQxMzE3MkM5NjU1QkYyNTI0RkM3M0VDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7HrpJUyxCePZN2KE4+5ov6Ds0
ZPhbRuqLsadvaGIHqaB829wWLFMTJvf8+IlVvRIJA0BwVc9xsbyYjK2WTnNh0kKX
9v9yb8EC5DMfZUvQPpiZlcHa65AXYUxaL78x9sgyjLL8gPF/CGjhMh8BcMO2BEQb
l39nGPBicEeVgMV5tRL1XWy3tj57gpk9sFmWa93VsopBqQNVMxLfFTVzOaxlkJMS
j/+XqoOgjzPNAgsTp5KZGjAcNgfjJXkIrsfUkOxS6tlkalyBEduWBHzB90qlkoEe
SioFQa+njd9bVBNvLvcvftzC+g3ebb+EhIKgEIXmENem/CA5VVVfkkxY/VOdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSNkzvnQLQa0TFyyWVb8lJPxz7DEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMjM4
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlUf
5DANBgkqhkiG9w0BAQsFAAOCAQEAcvDEpS/ad+aoQaNQh6H3qUHxsMsK4LekPXEi
QwjNiibUaTG0j0Ohl8DKn5kY5TEKGz0rDl/y7Fu0FbR/A0UB6S/oq/IOxb5dsjc8
7Mzy+e5mpR0yy6ZG1w9Fhv3lleRJDy+XX4/92y6yazsFkmr/Vyym1zT5W/OJgGzR
nvlQ1dItTNpCBNMa05iwtJaEHHudlBo3j+vS1+gU5qRu6F5LYKpCz96MKBt0vmPU
UVpRio4LgipbjlPDa5LbVcc/zdfOqwYfN6xEL9KCEuAwU7NizM6+l604HpzspMxp
CgUM7WrWyR49Rebev1MEgjVCvpoIPhKYwQCTmwy/zvgWdLGGvA==
-----END CERTIFICATE-----