Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa
File:                     38312e32372e39362e302f32302d3230203d3e203234383531.roa (raw, json)
Hash identifier:          SZH3jMeIkhMicVTHR8DTiaVXKtl6on4Bjt8aT/3rGBY=
Subject key identifier:   F5:E3:91:DB:F6:48:B0:D6:31:AC:6B:C1:06:A1:A8:27:71:7B:20:E4
Certificate issuer:       /CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
Certificate serial:       221D0D1B9B63F858C5F82AE0A6B8F5A17104D2C5
Authority key identifier: A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa
Signing time:             Mon 25 Dec 2023 12:05:08 +0000
ROA not before:           Mon 25 Dec 2023 12:00:08 +0000
ROA not after:            Mon 23 Dec 2024 12:05:08 +0000
asID:                     24851
IP address blocks:        81.27.96.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:1d:0d:1b:9b:63:f8:58:c5:f8:2a:e0:a6:b8:f5:a1:71:04:d2:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
        Validity
            Not Before: Dec 25 12:00:08 2023 GMT
            Not After : Dec 23 12:05:08 2024 GMT
        Subject: CN=F5E391DBF648B0D631AC6BC106A1A827717B20E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:07:62:f0:5f:18:19:75:90:91:c6:0a:25:
                    86:4c:ff:45:3e:ba:bc:4e:ae:a5:81:04:db:0a:f5:
                    fb:ed:79:1c:69:8a:b9:2a:7b:2a:8c:52:bf:4b:ce:
                    44:ee:b2:22:45:8d:f4:6b:1f:b9:bb:b7:ce:eb:87:
                    11:64:03:94:c3:ec:43:32:79:df:86:ab:8a:bb:90:
                    06:b7:29:c5:42:d8:2d:ee:71:a8:d9:21:cd:73:2a:
                    c9:3b:63:c5:cf:a8:fb:23:4b:cd:a7:45:92:1c:2b:
                    48:29:be:71:3e:6e:4f:ab:19:fe:e3:1c:aa:15:c2:
                    f8:6d:45:3c:c0:11:66:ac:b5:5a:6d:1a:61:3c:6a:
                    b8:98:a2:76:8e:3f:01:0a:7a:71:96:be:bc:d9:7a:
                    53:30:b4:ed:0c:09:8a:44:7b:9c:48:47:70:53:e2:
                    83:cf:48:79:95:54:4a:00:9e:46:20:a8:3c:93:da:
                    11:ff:9d:6d:dd:3e:57:eb:0e:d0:30:87:72:83:00:
                    f1:5d:94:a0:aa:48:12:0a:3d:a7:a3:0b:ce:18:18:
                    d0:60:1e:bf:d3:f4:aa:ee:e9:23:b0:5d:f3:26:27:
                    fd:fa:55:8e:88:ad:c4:ac:83:21:b6:41:0a:b6:40:
                    e3:ca:a8:08:c3:bd:db:83:82:79:4a:50:41:8d:2b:
                    24:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E3:91:DB:F6:48:B0:D6:31:AC:6B:C1:06:A1:A8:27:71:7B:20:E4
            X509v3 Authority Key Identifier:
                keyid:A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32302d3230203d3e203234383531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         68:ec:1c:8c:20:78:fd:a7:1e:fb:79:dc:48:99:e1:53:a0:9a:
         1e:70:6c:b4:25:88:a7:2f:d1:70:3e:a7:5b:cb:41:c3:d9:6a:
         15:32:6f:eb:92:3a:ed:e7:d3:bb:28:50:1b:81:7a:56:08:ce:
         e2:b0:18:75:46:f4:67:bc:15:43:7c:44:9a:48:40:28:1b:74:
         35:62:00:4d:82:1a:d1:17:e5:29:57:a4:50:30:12:65:f3:0b:
         c0:e6:5a:0b:28:da:a5:e3:62:ee:bb:3e:f2:47:82:e8:c9:bb:
         3e:bf:5b:79:01:78:fa:86:d5:86:0b:e4:88:ef:89:59:00:d3:
         b1:69:20:e5:7a:6e:bf:ec:ed:e9:00:7b:4f:a4:ef:ac:40:1e:
         5b:7f:26:d5:3a:3e:0e:24:ee:0a:6b:f3:7e:d8:02:04:0a:7c:
         c2:db:de:25:77:39:8b:0c:a8:70:51:4e:96:5b:ff:bc:15:bd:
         67:84:67:3b:b6:a9:64:cb:b8:56:01:50:83:54:c2:3f:2f:be:
         ba:99:b0:04:79:29:a4:93:5f:1a:32:d1:33:45:1a:c8:87:cd:
         68:63:e3:66:a8:56:57:6f:e8:07:b9:ba:69:3f:27:07:9a:ef:
         1c:2d:70:cb:cc:8a:9f:10:7f:e4:c6:d7:ad:43:df:1e:88:90:
         a4:95:0d:0c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIh0NG5tj+FjF+Crgprj1oXEE0sUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTZjNTA5YmE0OGU1YjUwNDk0NTcyZTA1YzQ1YzU4ZTdl
MTZkODdmYjAeFw0yMzEyMjUxMjAwMDhaFw0yNDEyMjMxMjA1MDhaMDMxMTAvBgNV
BAMTKEY1RTM5MURCRjY0OEIwRDYzMUFDNkJDMTA2QTFBODI3NzE3QjIwRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwGQdi8F8YGXWQkcYKJYZM/0U+
urxOrqWBBNsK9fvteRxpirkqeyqMUr9LzkTusiJFjfRrH7m7t87rhxFkA5TD7EMy
ed+Gq4q7kAa3KcVC2C3ucajZIc1zKsk7Y8XPqPsjS82nRZIcK0gpvnE+bk+rGf7j
HKoVwvhtRTzAEWastVptGmE8ariYonaOPwEKenGWvrzZelMwtO0MCYpEe5xIR3BT
4oPPSHmVVEoAnkYgqDyT2hH/nW3dPlfrDtAwh3KDAPFdlKCqSBIKPaejC84YGNBg
Hr/T9Kru6SOwXfMmJ/36VY6IrcSsgyG2QQq2QOPKqAjDvduDgnlKUEGNKyRTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU9eOR2/ZIsNYxrGvBBqGoJ3F7IOQwHwYDVR0j
BBgwFoAUpsUJukjltQSUVy4FxFxY5+Fth/swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYtOTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1
NWM1LzEvQTZDNTA5QkE0OEU1QjUwNDk0NTcyRTA1QzQ1QzU4RTdFMTZEODdGQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3BzVUp1a2psdFFTVVZ5NEZ4RnhZNS1G
dGhfcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYt
OTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1NWM1LzEvMzgzMTJlMzIzNzJlMzkzNjJl
MzAyZjMyMzAyZDMyMzAyMDNkM2UyMDMyMzQzODM1MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARRG2Aw
DQYJKoZIhvcNAQELBQADggEBAGjsHIwgeP2nHvt53EiZ4VOgmh5wbLQliKcv0XA+
p1vLQcPZahUyb+uSOu3n07soUBuBelYIzuKwGHVG9Ge8FUN8RJpIQCgbdDViAE2C
GtEX5SlXpFAwEmXzC8DmWgso2qXjYu67PvJHgujJuz6/W3kBePqG1YYL5IjviVkA
07FpIOV6br/s7ekAe0+k76xAHlt/JtU6Pg4k7gpr837YAgQKfMLb3iV3OYsMqHBR
TpZb/7wVvWeEZzu2qWTLuFYBUINUwj8vvrqZsAR5KaSTXxoy0TNFGsiHzWhj42ao
Vldv6Ae5umk/Jwea7xwtcMvMip8Qf+TG161D3x6IkKSVDQw=
-----END CERTIFICATE-----