Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203531313637.roa
File:                     38362e34382e31362e302f32302d3332203d3e203531313637.roa (raw, json)
Hash identifier:          9Mo0goyR9oLE9qm8SipKLmlolvlVVIqee0NQnIfzr/g=
Subject key identifier:   8B:88:9D:38:21:6B:4F:9C:04:8B:11:21:D2:DE:E6:AE:FF:CD:EA:13
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       18E91A7210E41D88D215BF5042224A79DDFD564B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203531313637.roa
Signing time:             Fri 21 Jul 2023 07:19:53 +0000
ROA not before:           Fri 21 Jul 2023 07:14:53 +0000
ROA not after:            Fri 19 Jul 2024 07:19:53 +0000
asID:                     51167
IP address blocks:        86.48.16.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:e9:1a:72:10:e4:1d:88:d2:15:bf:50:42:22:4a:79:dd:fd:56:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 21 07:14:53 2023 GMT
            Not After : Jul 19 07:19:53 2024 GMT
        Subject: CN=8B889D38216B4F9C048B1121D2DEE6AEFFCDEA13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5e:d3:f0:df:33:6c:65:ef:1c:ec:a4:63:1a:
                    16:6d:c4:2d:b4:60:7d:ab:8e:ae:16:f3:d4:fe:de:
                    a1:36:66:07:aa:23:a3:40:db:fa:af:7a:9f:f4:82:
                    dd:10:ce:a6:81:82:a4:07:8a:38:a3:f8:a3:7d:71:
                    15:23:02:02:24:3f:8e:d7:6a:9d:b4:d4:0c:c5:92:
                    90:65:e7:c3:1d:08:5d:81:ca:5a:e0:ac:9d:51:51:
                    a7:2d:f9:ff:ba:9d:1b:f1:6e:8a:49:1f:5f:98:a6:
                    04:78:19:ca:9c:c5:a5:39:1a:a5:6f:f5:7a:f0:74:
                    31:d5:e7:f7:da:15:a9:f3:b2:d6:3a:2a:25:93:f1:
                    ff:3c:62:5e:0f:fb:75:23:5f:3a:ab:04:06:db:d5:
                    50:a6:7d:14:8c:10:78:e3:b9:ba:55:bf:68:87:f2:
                    5e:65:af:7e:d5:fa:cc:c1:80:22:56:7e:ec:4b:06:
                    dd:58:55:0c:ba:cc:05:45:9f:13:3a:90:23:3a:04:
                    d1:d1:00:9f:49:e6:97:56:44:07:a5:7c:f4:c7:1a:
                    90:ac:36:6d:ca:07:1f:db:59:4e:72:d4:d1:e1:d8:
                    97:d1:1b:34:be:3a:18:e9:bf:42:3e:6f:16:3d:af:
                    c1:0c:de:95:ac:a1:86:c0:d6:2c:e6:d5:35:77:ba:
                    79:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:88:9D:38:21:6B:4F:9C:04:8B:11:21:D2:DE:E6:AE:FF:CD:EA:13
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31362e302f32302d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         44:22:9a:17:47:d5:55:ed:89:66:59:fc:37:30:25:71:4d:37:
         af:98:5f:c6:77:6c:57:05:4b:ae:b2:35:d3:a7:35:a3:81:64:
         0b:2c:6f:56:a2:81:6f:cf:18:b7:d9:22:4a:28:06:94:20:f5:
         8b:e3:d1:8c:cd:05:85:30:e4:f8:e3:db:dc:e1:27:1b:1e:bd:
         75:d2:d9:ce:44:78:ef:5d:86:73:3e:61:db:20:75:c6:91:79:
         21:ac:d3:05:72:56:db:1d:cf:45:f4:5e:33:86:10:34:76:70:
         09:4e:aa:4b:b1:35:78:1b:13:bc:97:36:77:0e:f1:a9:8b:63:
         3d:01:47:62:c2:da:97:ec:99:96:06:7a:13:cb:96:35:de:24:
         48:cd:3a:8a:8d:23:c9:74:68:42:3c:d6:55:c2:8f:9f:d8:5f:
         6f:d9:41:59:bd:82:8e:16:df:d5:e7:bf:e9:11:d8:15:c0:68:
         14:bd:d0:e5:96:12:a8:e5:c4:b7:bb:30:8b:7f:2b:0a:20:d1:
         bc:b5:28:77:66:33:42:d8:56:9d:0a:0b:fd:ba:36:fe:2b:84:
         96:9e:0e:ab:ff:06:54:0c:32:71:5d:6e:6d:fd:cd:77:cc:9f:
         86:90:f6:36:db:ea:9b:01:e5:08:23:78:d6:53:9b:c4:9f:de:
         25:6f:fb:7b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGOkachDkHYjSFb9QQiJKed39VkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA3MjEwNzE0NTNaFw0yNDA3MTkwNzE5NTNaMDMxMTAvBgNV
BAMTKDhCODg5RDM4MjE2QjRGOUMwNDhCMTEyMUQyREVFNkFFRkZDREVBMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsXtPw3zNsZe8c7KRjGhZtxC20
YH2rjq4W89T+3qE2ZgeqI6NA2/qvep/0gt0QzqaBgqQHijij+KN9cRUjAgIkP47X
ap201AzFkpBl58MdCF2BylrgrJ1RUact+f+6nRvxbopJH1+YpgR4GcqcxaU5GqVv
9XrwdDHV5/faFanzstY6KiWT8f88Yl4P+3UjXzqrBAbb1VCmfRSMEHjjubpVv2iH
8l5lr37V+szBgCJWfuxLBt1YVQy6zAVFnxM6kCM6BNHRAJ9J5pdWRAelfPTHGpCs
Nm3KBx/bWU5y1NHh2JfRGzS+Ohjpv0I+bxY9r8EM3pWsoYbA1izm1TV3unlpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUi4idOCFrT5wEixEh0t7mrv/N6hMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzNjJl
MzAyZjMyMzAyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARWMBAw
DQYJKoZIhvcNAQELBQADggEBAEQimhdH1VXtiWZZ/DcwJXFNN6+YX8Z3bFcFS66y
NdOnNaOBZAssb1aigW/PGLfZIkooBpQg9Yvj0YzNBYUw5Pjj29zhJxsevXXS2c5E
eO9dhnM+YdsgdcaReSGs0wVyVtsdz0X0XjOGEDR2cAlOqkuxNXgbE7yXNncO8amL
Yz0BR2LC2pfsmZYGehPLljXeJEjNOoqNI8l0aEI81lXCj5/YX2/ZQVm9go4W39Xn
v+kR2BXAaBS90OWWEqjlxLe7MIt/Kwog0by1KHdmM0LYVp0KC/26Nv4rhJaeDqv/
BlQMMnFdbm39zXfMn4aQ9jbb6psB5QgjeNZTm8Sf3iVv+3s=
-----END CERTIFICATE-----