Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32312d3231203d3e203437353833.roa
File:                     38352e33312e3233322e302f32312d3231203d3e203437353833.roa (raw, json)
Hash identifier:          BnhpQOP6MbMfBmz5+LmDY5tlYB0uNrIFJXT5AyhDaco=
Subject key identifier:   46:E9:77:B5:60:9E:1C:71:1B:55:0E:76:DC:F3:0F:84:96:67:32:15
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1D78F0A0DB19AA453A839A0B14F59716C1826309
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32312d3231203d3e203437353833.roa
Signing time:             Tue 08 Aug 2023 08:19:00 +0000
ROA not before:           Tue 08 Aug 2023 08:14:00 +0000
ROA not after:            Tue 06 Aug 2024 08:19:00 +0000
asID:                     47583
IP address blocks:        85.31.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:78:f0:a0:db:19:aa:45:3a:83:9a:0b:14:f5:97:16:c1:82:63:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug  8 08:14:00 2023 GMT
            Not After : Aug  6 08:19:00 2024 GMT
        Subject: CN=46E977B5609E1C711B550E76DCF30F8496673215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6f:07:60:4a:0f:a9:63:f5:c9:a7:52:30:1e:
                    38:e9:80:ab:a2:ae:47:5e:dd:52:e2:80:40:c7:6d:
                    5f:74:85:f8:1c:85:08:ea:89:cb:b5:13:47:5f:4b:
                    52:82:1d:93:30:5c:05:d1:99:7b:ed:2a:18:66:b5:
                    87:97:0f:f1:85:6d:17:ef:b3:41:9a:29:6e:3b:a4:
                    14:2b:0e:5d:93:e0:8c:8d:28:a1:83:85:5d:a0:be:
                    6f:72:63:ae:df:a9:e0:50:6d:af:08:ac:09:db:92:
                    00:61:2e:d3:57:d1:2f:37:45:26:f6:5b:21:51:c1:
                    16:d1:12:03:3e:6c:24:7a:7f:54:47:af:8b:75:de:
                    a4:78:93:05:74:52:db:6b:cf:5e:10:a5:f9:e4:a5:
                    40:5b:30:c0:a2:90:24:aa:11:14:05:94:a6:02:79:
                    06:dc:23:a7:7b:44:76:9c:ca:8b:53:2c:fc:c9:d6:
                    28:86:25:39:90:88:db:3b:a9:fa:48:28:29:66:ca:
                    09:3b:f7:94:aa:cf:b1:dd:5f:7c:68:04:77:05:49:
                    6d:a4:4e:93:ed:90:a4:b9:92:7e:b8:73:8d:02:88:
                    ed:b2:f2:dc:c9:16:78:3b:5e:84:c5:c7:41:20:88:
                    76:75:07:23:46:a4:a5:86:1a:d0:0d:71:64:f6:1c:
                    d4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E9:77:B5:60:9E:1C:71:1B:55:0E:76:DC:F3:0F:84:96:67:32:15
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32312d3231203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:0b:f7:13:79:00:8f:0d:3a:18:8d:31:fa:92:59:b5:10:43:
         cb:2e:0f:0c:da:d1:6b:30:b8:69:cc:28:30:48:54:70:e5:5b:
         b1:52:27:f7:3f:1c:28:6c:8c:f1:6f:de:7f:29:7d:5b:f3:2e:
         92:cd:e2:e6:eb:96:5c:6a:f5:06:9d:ee:18:75:a1:65:3f:12:
         29:1a:94:4d:40:23:08:04:04:e7:d9:2e:17:9d:6b:41:74:76:
         a3:cc:fe:cc:cb:4d:9e:94:23:7f:25:70:4f:c1:64:13:60:9c:
         4b:1b:1d:41:43:ef:b2:88:78:bc:93:4f:0f:a5:4f:c8:97:3e:
         d5:78:d6:24:8b:09:47:33:b6:c8:80:4f:93:c6:be:f6:98:c0:
         50:00:ea:ee:e8:62:82:f4:6b:60:29:2a:65:2a:65:06:05:32:
         93:66:44:0d:53:52:4f:37:b2:1b:ab:b7:68:a6:05:5e:3e:e5:
         5f:f5:d4:2f:65:b9:8a:6b:74:7f:d9:3a:07:e1:6f:0f:24:a8:
         07:67:b2:58:74:13:06:a0:5c:d7:ea:82:c3:c3:50:92:0d:c7:
         44:55:d4:ca:fd:32:1d:2d:32:85:24:32:05:be:3d:2c:8d:9b:
         8d:0d:5b:c4:85:5d:ac:7b:f8:d9:4a:18:e6:df:14:d3:1b:8c:
         39:24:a3:32
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHXjwoNsZqkU6g5oLFPWXFsGCYwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MDgwODE0MDBaFw0yNDA4MDYwODE5MDBaMDMxMTAvBgNV
BAMTKDQ2RTk3N0I1NjA5RTFDNzExQjU1MEU3NkRDRjMwRjg0OTY2NzMyMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCebwdgSg+pY/XJp1IwHjjpgKui
rkde3VLigEDHbV90hfgchQjqicu1E0dfS1KCHZMwXAXRmXvtKhhmtYeXD/GFbRfv
s0GaKW47pBQrDl2T4IyNKKGDhV2gvm9yY67fqeBQba8IrAnbkgBhLtNX0S83RSb2
WyFRwRbREgM+bCR6f1RHr4t13qR4kwV0Uttrz14QpfnkpUBbMMCikCSqERQFlKYC
eQbcI6d7RHacyotTLPzJ1iiGJTmQiNs7qfpIKClmygk795Sqz7HdX3xoBHcFSW2k
TpPtkKS5kn64c40CiO2y8tzJFng7XoTFx0EgiHZ1ByNGpKWGGtANcWT2HNQFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURul3tWCeHHEbVQ523PMPhJZnMhUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMzMy
MmUzMDJmMzIzMTJkMzIzMTIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1Uf
6DANBgkqhkiG9w0BAQsFAAOCAQEAEQv3E3kAjw06GI0x+pJZtRBDyy4PDNrRazC4
acwoMEhUcOVbsVIn9z8cKGyM8W/efyl9W/Muks3i5uuWXGr1Bp3uGHWhZT8SKRqU
TUAjCAQE59kuF51rQXR2o8z+zMtNnpQjfyVwT8FkE2CcSxsdQUPvsoh4vJNPD6VP
yJc+1XjWJIsJRzO2yIBPk8a+9pjAUADq7uhigvRrYCkqZSplBgUyk2ZEDVNSTzey
G6u3aKYFXj7lX/XUL2W5imt0f9k6B+FvDySoB2eyWHQTBqBc1+qCw8NQkg3HRFXU
yv0yHS0yhSQyBb49LI2bjQ1bxIVdrHv42UoY5t8U0xuMOSSjMg==
-----END CERTIFICATE-----