Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203430303231.roa
File:                     38362e34382e31362e302f32302d3332203d3e203430303231.roa (raw, json)
Hash identifier:          mmoeJr/HexLzQyJA51raF4LZxPKE8p4fDEYihCkWTSk=
Subject key identifier:   93:CC:76:CD:CD:6B:3D:25:41:4B:8D:DA:B8:14:1D:A5:B1:CD:7F:F8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6777961D14621E7523D0D3A3843DFF826D05D25B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203430303231.roa
Signing time:             Mon 26 Feb 2024 08:53:06 +0000
ROA not before:           Mon 26 Feb 2024 08:48:06 +0000
ROA not after:            Mon 24 Feb 2025 08:53:06 +0000
asID:                     40021
IP address blocks:        86.48.16.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:77:96:1d:14:62:1e:75:23:d0:d3:a3:84:3d:ff:82:6d:05:d2:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:06 2024 GMT
            Not After : Feb 24 08:53:06 2025 GMT
        Subject: CN=93CC76CDCD6B3D25414B8DDAB8141DA5B1CD7FF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:80:5f:e1:27:7f:9f:ce:29:e0:11:25:25:3f:
                    57:75:c4:2e:8d:a8:cf:aa:b8:b6:8d:cf:9d:cd:ee:
                    ea:6d:0d:50:7f:11:64:1d:17:5e:19:2d:19:39:8e:
                    cc:04:dd:d1:3c:ec:72:9b:ff:58:7b:0a:ae:02:fd:
                    e8:9f:e1:43:47:e1:a3:2b:7c:d2:05:2d:2e:09:26:
                    09:92:db:80:ca:8f:f4:ea:ef:57:0d:a2:25:7e:fc:
                    14:35:d3:96:64:e8:32:9e:ab:df:2e:58:3e:5b:be:
                    0a:d7:c0:94:18:5d:c9:4d:ba:c6:20:03:cd:12:25:
                    1b:1c:d4:95:f0:67:14:eb:c8:d6:5b:a2:0e:f2:dc:
                    b6:3b:76:8d:ef:e0:93:51:c8:6f:9e:cb:17:56:e7:
                    3e:c8:27:fa:2e:72:c2:a8:84:92:49:b6:df:55:50:
                    e7:7c:98:97:97:d9:0a:07:f7:5f:93:d7:73:e2:f7:
                    7b:8c:74:77:65:82:19:ed:cd:02:45:e9:25:7b:8f:
                    ab:b0:e5:e4:e9:2c:be:8a:59:19:5d:a4:9c:87:b9:
                    2e:ff:42:a8:6e:45:31:98:5c:31:1b:39:3a:4d:5f:
                    39:23:10:ce:67:f9:00:77:4a:9c:5a:80:33:d0:62:
                    db:a9:e8:7c:b5:fb:9c:48:62:ed:e4:73:db:62:bd:
                    03:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CC:76:CD:CD:6B:3D:25:41:4B:8D:DA:B8:14:1D:A5:B1:CD:7F:F8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1b:9a:7a:fc:75:23:ff:b8:77:28:f7:b3:94:ed:a0:39:48:39:
         0b:c8:21:bb:8d:c2:95:6f:13:02:c8:ad:49:d1:a7:3c:09:8b:
         4a:63:bc:21:6f:04:78:c1:99:04:f4:ae:bc:e7:5b:cc:bd:27:
         73:4e:ef:9a:17:52:9d:03:3e:02:85:01:8a:cc:7b:42:fe:b6:
         30:8d:ff:23:37:24:18:b0:ad:68:c4:67:fe:4e:9d:db:8d:80:
         8f:7b:67:83:f2:0b:d2:e1:5e:90:e4:da:7d:7d:45:15:64:67:
         ca:3d:cf:b4:0a:d5:3c:06:07:21:c0:d7:cc:0a:80:d6:0c:bc:
         e3:ce:2c:7c:5e:a1:15:d4:a2:63:9a:98:23:88:9e:8d:87:fc:
         4c:e5:6d:6e:96:68:17:c7:78:9d:82:0f:a7:3c:6f:58:4d:ea:
         79:dc:c6:dd:a1:f5:12:95:26:0d:f7:33:10:22:2a:04:35:b3:
         f1:7b:61:64:87:67:47:01:89:d6:4e:b7:95:e1:ec:08:17:cc:
         4e:29:46:b8:c8:c7:8d:7e:30:80:ff:eb:2b:43:1f:83:2d:05:
         c9:33:f5:66:d3:dd:ac:0b:d9:ba:78:b1:cf:2d:93:9d:27:39:
         a5:37:26:f0:cc:6b:c7:81:5e:ef:c2:b2:0c:07:ac:95:a7:d2:
         8e:37:33:c2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZ3eWHRRiHnUj0NOjhD3/gm0F0lswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDZaFw0yNTAyMjQwODUzMDZaMDMxMTAvBgNV
BAMTKDkzQ0M3NkNEQ0Q2QjNEMjU0MTRCOEREQUI4MTQxREE1QjFDRDdGRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4gF/hJ3+fzingESUlP1d1xC6N
qM+quLaNz53N7uptDVB/EWQdF14ZLRk5jswE3dE87HKb/1h7Cq4C/eif4UNH4aMr
fNIFLS4JJgmS24DKj/Tq71cNoiV+/BQ105Zk6DKeq98uWD5bvgrXwJQYXclNusYg
A80SJRsc1JXwZxTryNZbog7y3LY7do3v4JNRyG+eyxdW5z7IJ/oucsKohJJJtt9V
UOd8mJeX2QoH91+T13Pi93uMdHdlghntzQJF6SV7j6uw5eTpLL6KWRldpJyHuS7/
QqhuRTGYXDEbOTpNXzkjEM5n+QB3SpxagDPQYtup6Hy1+5xIYu3kc9tivQOjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUk8x2zc1rPSVBS43auBQdpbHNf/gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzNjJl
MzAyZjMyMzAyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARWMBAw
DQYJKoZIhvcNAQELBQADggEBABuaevx1I/+4dyj3s5TtoDlIOQvIIbuNwpVvEwLI
rUnRpzwJi0pjvCFvBHjBmQT0rrznW8y9J3NO75oXUp0DPgKFAYrMe0L+tjCN/yM3
JBiwrWjEZ/5OnduNgI97Z4PyC9LhXpDk2n19RRVkZ8o9z7QK1TwGByHA18wKgNYM
vOPOLHxeoRXUomOamCOIno2H/EzlbW6WaBfHeJ2CD6c8b1hN6nncxt2h9RKVJg33
MxAiKgQ1s/F7YWSHZ0cBidZOt5Xh7AgXzE4pRrjIx41+MID/6ytDH4MtBckz9WbT
3awL2bp4sc8tk50nOaU3JvDMa8eBXu/CsgwHrJWn0o43M8I=
-----END CERTIFICATE-----