Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38382e38362e33322e302f31392d3234203d3e203630363634.roa
File:                     38382e38362e33322e302f31392d3234203d3e203630363634.roa (raw, json)
Hash identifier:          LVPbSEroHlCz+aMZEKEwVTtz3sE6KJddK3JeT/EDvSY=
Subject key identifier:   73:E0:45:A0:54:17:81:86:5C:F9:B5:E4:9A:CA:C9:D8:1A:57:CE:52
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0CFB2F61096104D4BCB850E4D8072AA5B3438F10
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38382e38362e33322e302f31392d3234203d3e203630363634.roa
Signing time:             Fri 21 Jul 2023 16:42:42 +0000
ROA not before:           Fri 21 Jul 2023 16:37:42 +0000
ROA not after:            Fri 19 Jul 2024 16:42:42 +0000
asID:                     60664
IP address blocks:        88.86.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:fb:2f:61:09:61:04:d4:bc:b8:50:e4:d8:07:2a:a5:b3:43:8f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 21 16:37:42 2023 GMT
            Not After : Jul 19 16:42:42 2024 GMT
        Subject: CN=73E045A0541781865CF9B5E49ACAC9D81A57CE52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f6:bf:b9:82:b6:d9:5f:6f:8e:79:01:8b:ef:
                    54:7a:d3:c7:70:5d:f0:0d:49:09:b8:0b:94:e5:ff:
                    68:cc:89:23:48:cd:3f:80:49:4a:8a:0e:dc:a3:ef:
                    bb:1d:df:0f:f3:67:f5:79:2f:13:82:45:78:c8:c0:
                    cc:5e:d1:31:d7:a1:12:3b:9d:fe:f7:db:76:11:75:
                    24:1c:ba:1a:09:c5:9a:98:e9:d7:c7:25:e6:c2:32:
                    f7:87:d1:9c:3a:78:5d:90:7b:69:ba:44:99:ef:ff:
                    36:81:66:5d:f0:6e:b1:59:2f:72:68:e8:6e:43:e1:
                    8e:9e:47:6b:86:4d:62:a4:c8:28:d2:9b:f1:6a:bc:
                    c2:6a:87:57:b8:60:cc:88:64:ba:a3:0f:3e:ee:23:
                    e1:c6:b0:8a:c9:43:dd:61:f0:94:f6:3b:d5:a5:8f:
                    b6:74:49:95:d3:1e:a0:8f:6d:bb:45:3f:b3:f7:89:
                    90:12:88:57:13:02:a5:a1:10:5d:7c:31:b1:38:f0:
                    b2:bc:79:b7:14:f3:db:e2:25:01:6b:8d:be:b8:aa:
                    af:b8:a9:6c:bf:1f:8b:d1:f3:c2:fa:98:0e:a2:d5:
                    74:b7:52:0c:f2:4f:f8:86:2b:6f:c8:45:63:9e:e0:
                    27:f1:db:b7:82:aa:65:d2:85:51:7a:ad:89:9d:88:
                    e3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:E0:45:A0:54:17:81:86:5C:F9:B5:E4:9A:CA:C9:D8:1A:57:CE:52
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38382e38362e33322e302f31392d3234203d3e203630363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.86.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6d:df:5e:e2:17:93:96:f7:09:18:fc:d2:c9:fb:33:48:64:a8:
         70:79:6b:e1:5d:eb:7b:f0:f1:b6:c3:7c:3e:12:ad:d5:4a:d0:
         2f:89:9b:cb:f7:24:fa:4c:ab:61:77:61:07:43:19:d4:9c:0b:
         2c:70:9c:6e:68:f4:3f:2b:9d:6f:19:f7:87:4e:f6:4e:41:6f:
         ca:b4:89:53:93:b9:0d:28:d8:e9:eb:84:22:27:82:95:32:ee:
         9d:c4:3c:d9:da:af:b0:b5:d4:d2:d8:7e:85:49:15:11:41:96:
         60:0f:4f:a7:22:4a:26:8f:e2:70:9f:12:0e:ed:97:b7:30:5e:
         b9:d4:b2:c4:16:b1:4b:06:7b:e5:eb:05:09:e6:62:f2:64:78:
         c1:1c:11:46:ae:4b:bb:7c:2a:e4:b3:37:6e:55:68:11:cf:52:
         12:e9:aa:60:be:ba:f9:e1:50:0a:a4:88:31:68:dc:5c:06:fe:
         50:25:b2:36:45:ab:a1:12:53:3e:ea:43:49:16:a4:0b:34:48:
         9c:0f:f8:43:f0:ef:0f:8a:5b:ae:e8:c5:2b:24:21:17:5e:55:
         b6:0e:f1:d9:ee:9e:de:b9:57:2f:35:20:0e:e2:d0:06:c2:04:
         80:15:5f:6c:30:b2:8b:cc:88:d0:7c:ce:a8:3f:c5:f9:e9:f3:
         5d:67:11:27
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDPsvYQlhBNS8uFDk2AcqpbNDjxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA3MjExNjM3NDJaFw0yNDA3MTkxNjQyNDJaMDMxMTAvBgNV
BAMTKDczRTA0NUEwNTQxNzgxODY1Q0Y5QjVFNDlBQ0FDOUQ4MUE1N0NFNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr9r+5grbZX2+OeQGL71R608dw
XfANSQm4C5Tl/2jMiSNIzT+ASUqKDtyj77sd3w/zZ/V5LxOCRXjIwMxe0THXoRI7
nf7323YRdSQcuhoJxZqY6dfHJebCMveH0Zw6eF2Qe2m6RJnv/zaBZl3wbrFZL3Jo
6G5D4Y6eR2uGTWKkyCjSm/FqvMJqh1e4YMyIZLqjDz7uI+HGsIrJQ91h8JT2O9Wl
j7Z0SZXTHqCPbbtFP7P3iZASiFcTAqWhEF18MbE48LK8ebcU89viJQFrjb64qq+4
qWy/H4vR88L6mA6i1XS3UgzyT/iGK2/IRWOe4Cfx27eCqmXShVF6rYmdiOPZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUc+BFoFQXgYZc+bXkmsrJ2BpXzlIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzODJlMzgzNjJlMzMzMjJl
MzAyZjMxMzkyZDMyMzQyMDNkM2UyMDM2MzAzNjM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAVYViAw
DQYJKoZIhvcNAQELBQADggEBAG3fXuIXk5b3CRj80sn7M0hkqHB5a+Fd63vw8bbD
fD4SrdVK0C+Jm8v3JPpMq2F3YQdDGdScCyxwnG5o9D8rnW8Z94dO9k5Bb8q0iVOT
uQ0o2OnrhCIngpUy7p3EPNnar7C11NLYfoVJFRFBlmAPT6ciSiaP4nCfEg7tl7cw
XrnUssQWsUsGe+XrBQnmYvJkeMEcEUauS7t8KuSzN25VaBHPUhLpqmC+uvnhUAqk
iDFo3FwG/lAlsjZFq6ESUz7qQ0kWpAs0SJwP+EPw7w+KW67oxSskIRdeVbYO8dnu
nt65Vy81IA7i0AbCBIAVX2wwsovMiNB8zqg/xfnp811nESc=
-----END CERTIFICATE-----