Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa
File:                     38362e33382e332e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          toTKmAJJ2uBqBLv6BkPz07R/jbWOIzBv8SNZxzfQ2BE=
Subject key identifier:   EF:95:A0:90:D1:A6:5D:D5:73:83:4C:F7:EC:47:AF:30:13:B6:2C:91
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       137F761FA16D53F5AD159C74156A6C0C2E83139A
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 07 Jun 2024 09:01:55 +0000
ROA not before:           Fri 07 Jun 2024 08:56:55 +0000
ROA not after:            Fri 06 Jun 2025 09:01:55 +0000
asID:                     15419
IP address blocks:        86.38.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7f:76:1f:a1:6d:53:f5:ad:15:9c:74:15:6a:6c:0c:2e:83:13:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Jun  7 08:56:55 2024 GMT
            Not After : Jun  6 09:01:55 2025 GMT
        Subject: CN=EF95A090D1A65DD573834CF7EC47AF3013B62C91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:9e:a1:f4:95:fc:6f:77:9a:30:cd:97:4c:5e:
                    86:b8:7e:ee:f8:5d:a0:3c:4a:80:3f:25:bc:7a:e7:
                    ab:f0:62:86:fe:68:ca:e3:75:90:18:01:b3:ad:00:
                    d9:ce:34:51:55:da:9e:40:a5:69:e0:75:fc:5f:b1:
                    6d:ea:8f:9e:97:22:f9:16:06:cd:4b:9c:a2:d2:33:
                    2b:92:d3:91:fb:0f:55:25:3e:46:3a:c3:1a:ce:1a:
                    df:54:b2:a0:84:38:88:ac:9f:54:8d:83:0c:54:7a:
                    69:0d:af:1f:fd:4b:b8:a7:e8:36:82:2e:06:66:51:
                    81:99:e5:78:bf:88:f5:03:3b:cc:b2:cd:91:79:e3:
                    60:96:5e:e1:ac:f2:98:7b:7c:27:26:cd:f6:46:9a:
                    a4:bb:00:e3:a7:95:6f:b9:bb:6e:e7:7c:4b:bf:51:
                    15:03:f1:57:7f:f8:61:90:c2:14:32:18:ab:10:2c:
                    47:02:c7:0d:7e:ab:ab:41:e3:28:dc:e4:1a:33:91:
                    33:1c:85:f8:09:43:f3:62:d0:8c:f6:68:45:5f:08:
                    a3:24:9c:20:a6:70:83:a3:d1:e8:75:b1:11:3c:96:
                    fb:10:50:9f:42:2a:7a:33:62:40:09:a6:59:46:d7:
                    8e:13:52:eb:c8:86:9d:c1:76:fb:c0:de:ce:b3:a3:
                    13:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:95:A0:90:D1:A6:5D:D5:73:83:4C:F7:EC:47:AF:30:13:B6:2C:91
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:b0:75:7b:b0:08:4b:53:b2:9b:da:d8:bb:09:d6:4e:86:43:
         0d:49:ca:b8:de:be:c2:53:e6:b7:c2:f2:76:6f:90:c5:0d:81:
         24:1c:d6:65:60:17:d1:d0:97:bb:d8:cd:0c:e5:4d:ec:08:15:
         c6:47:11:04:17:e2:20:2b:57:45:d1:2c:f8:1e:a8:fb:02:95:
         b5:89:51:36:90:d8:7c:e2:92:d2:61:c9:0b:dd:41:34:8f:ec:
         2a:aa:cf:02:94:4b:34:85:cf:07:97:c4:eb:e9:b1:67:12:12:
         fe:a2:1f:64:df:61:01:48:2f:55:61:37:67:9f:ed:1b:41:5f:
         57:9c:0b:7f:ee:16:37:12:ad:cd:6b:01:bf:4a:a9:0b:8b:f2:
         76:13:ad:2b:40:57:03:d9:34:5f:99:b2:cf:be:4d:63:5b:3b:
         21:10:20:20:18:bc:06:66:16:7e:ea:b3:d7:eb:1f:60:a4:40:
         07:d3:f7:bd:00:8d:c8:a3:c9:a2:9f:0d:6c:2b:7c:c3:68:51:
         bf:f3:05:17:c9:c6:18:f5:11:91:1d:a9:b7:e2:8d:b1:e5:ff:
         a3:72:9f:1d:5b:a6:38:e4:76:51:30:15:30:f6:4a:d3:29:c1:
         06:26:44:55:70:6d:e6:e8:01:09:f7:6d:ae:c3:43:41:66:88:
         8a:c5:79:a5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUE392H6FtU/WtFZx0FWpsDC6DE5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNDA2MDcwODU2NTVaFw0yNTA2MDYwOTAxNTVaMDMxMTAvBgNV
BAMTKEVGOTVBMDkwRDFBNjVERDU3MzgzNENGN0VDNDdBRjMwMTNCNjJDOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlnqH0lfxvd5owzZdMXoa4fu74
XaA8SoA/Jbx656vwYob+aMrjdZAYAbOtANnONFFV2p5ApWngdfxfsW3qj56XIvkW
Bs1LnKLSMyuS05H7D1UlPkY6wxrOGt9UsqCEOIisn1SNgwxUemkNrx/9S7in6DaC
LgZmUYGZ5Xi/iPUDO8yyzZF542CWXuGs8ph7fCcmzfZGmqS7AOOnlW+5u27nfEu/
URUD8Vd/+GGQwhQyGKsQLEcCxw1+q6tB4yjc5BozkTMchfgJQ/Ni0Iz2aEVfCKMk
nCCmcIOj0eh1sRE8lvsQUJ9CKnozYkAJpllG144TUuvIhp3BdvvA3s6zoxPjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU75WgkNGmXdVzg0z37EevMBO2LJEwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzNjJlMzMzODJlMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzQzMTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAViYDMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsHV7sAhLU7Kb2ti7CdZOhkMNScq43r7CU+a3wvJ2
b5DFDYEkHNZlYBfR0Je72M0M5U3sCBXGRxEEF+IgK1dF0Sz4Hqj7ApW1iVE2kNh8
4pLSYckL3UE0j+wqqs8ClEs0hc8Hl8Tr6bFnEhL+oh9k32EBSC9VYTdnn+0bQV9X
nAt/7hY3Eq3NawG/SqkLi/J2E60rQFcD2TRfmbLPvk1jWzshECAgGLwGZhZ+6rPX
6x9gpEAH0/e9AI3Io8minw1sK3zDaFG/8wUXycYY9RGRHam34o2x5f+jcp8dW6Y4
5HZRMBUw9krTKcEGJkRVcG3m6AEJ922uw0NBZoiKxXml
-----END CERTIFICATE-----