Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32342d3234203d3e203234383531.roa
File:                     38312e32372e39362e302f32342d3234203d3e203234383531.roa (raw, json)
Hash identifier:          AxjB2UplZG/ICjMvplH+2BPAurHWXKTfYIpW/z8Q05Y=
Subject key identifier:   58:FF:51:73:49:4D:EB:17:6D:C8:9D:90:B2:E8:5B:60:92:72:D3:4B
Certificate issuer:       /CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
Certificate serial:       70944F98239512ED790E7A8BFB5F573A40A791A0
Authority key identifier: A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32342d3234203d3e203234383531.roa
Signing time:             Mon 25 Dec 2023 12:05:08 +0000
ROA not before:           Mon 25 Dec 2023 12:00:08 +0000
ROA not after:            Mon 23 Dec 2024 12:05:08 +0000
asID:                     24851
IP address blocks:        81.27.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:94:4f:98:23:95:12:ed:79:0e:7a:8b:fb:5f:57:3a:40:a7:91:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6c509ba48e5b50494572e05c45c58e7e16d87fb
        Validity
            Not Before: Dec 25 12:00:08 2023 GMT
            Not After : Dec 23 12:05:08 2024 GMT
        Subject: CN=58FF5173494DEB176DC89D90B2E85B609272D34B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:90:01:55:b4:d3:c3:2f:f5:c9:01:d5:06:ff:
                    1a:cf:c0:fa:a0:97:a4:c2:45:e8:27:55:07:7c:76:
                    94:86:39:90:b1:6f:93:65:75:83:c0:ba:43:f2:ef:
                    f3:57:7e:50:91:35:a4:43:69:7d:d4:53:99:ef:d1:
                    36:a1:02:ff:62:10:25:78:0d:3e:26:04:bd:1c:00:
                    17:ad:b8:7c:4f:fb:89:df:34:17:c1:aa:68:4b:d8:
                    dc:b8:45:b0:3a:8a:fd:d2:54:7b:be:e4:36:2e:e1:
                    61:43:cc:84:67:35:cb:60:0c:64:1a:05:53:89:5e:
                    a3:28:82:c0:98:ed:2f:42:05:81:80:f9:d7:c5:a5:
                    60:22:9d:df:7b:1a:48:a6:e4:94:a2:68:5b:cb:9c:
                    61:36:54:2f:b7:35:c6:cd:b8:2f:cd:f3:9f:73:46:
                    3d:1b:eb:13:8f:fc:70:15:01:60:e4:9e:06:7d:f3:
                    72:e4:79:ea:f1:28:8d:d7:db:31:f5:68:6f:66:db:
                    fe:e0:6a:83:48:b0:15:08:e8:b4:61:75:04:dc:21:
                    3c:96:bf:81:b2:16:c2:51:13:7a:39:1e:5e:45:10:
                    22:69:dd:9f:79:d7:50:f9:cc:88:42:a8:f3:0a:f3:
                    29:0c:fb:c5:03:5a:8b:3a:31:49:d5:0c:ac:e0:07:
                    4c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FF:51:73:49:4D:EB:17:6D:C8:9D:90:B2:E8:5B:60:92:72:D3:4B
            X509v3 Authority Key Identifier:
                keyid:A6:C5:09:BA:48:E5:B5:04:94:57:2E:05:C4:5C:58:E7:E1:6D:87:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/A6C509BA48E5B50494572E05C45C58E7E16D87FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/psUJukjltQSUVy4FxFxY5-Fth_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c8bb446-91c0-4138-a33a-b47865de55c5/1/38312e32372e39362e302f32342d3234203d3e203234383531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:78:ab:c7:45:e4:3a:17:b9:61:81:f4:97:12:6d:15:39:dc:
         81:f1:ad:22:21:9c:0a:3b:10:ec:08:35:67:ea:93:67:aa:ee:
         6d:8c:3f:44:d0:2c:1d:5c:95:d0:36:dd:41:80:7b:23:2b:f9:
         80:ab:c0:0d:da:17:e5:60:3e:86:27:aa:c0:37:80:d9:e1:a5:
         2c:ed:e1:1b:bc:e8:16:51:a0:5f:08:c8:97:aa:51:31:a6:7b:
         56:bf:c5:cb:13:6e:8e:f3:ea:bc:8b:72:82:61:cd:13:08:7b:
         8a:b4:71:a0:72:aa:28:12:b0:61:95:a0:0b:9e:a3:ab:1e:92:
         37:3f:05:5a:46:5b:bf:de:d5:56:ef:be:a5:2e:ab:d5:5a:3f:
         29:28:f9:4c:e2:db:e0:25:44:ab:ac:26:bc:9c:44:f9:b6:b1:
         c8:b4:02:96:09:62:7b:34:83:d4:ab:c7:41:d3:f5:e1:a1:5a:
         cb:54:77:32:c1:91:fe:cf:15:74:6f:e6:43:27:3d:3a:7c:56:
         a5:3e:b0:49:16:f2:2e:58:ec:43:47:fc:ab:9b:29:f3:50:46:
         d8:14:e3:20:a1:0d:29:73:14:bd:8a:c1:6f:43:00:ce:b2:47:
         97:ca:27:5d:7c:2f:71:d3:1e:e5:91:bd:fe:97:b6:58:1a:4f:
         da:27:0b:79
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcJRPmCOVEu15DnqL+19XOkCnkaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTZjNTA5YmE0OGU1YjUwNDk0NTcyZTA1YzQ1YzU4ZTdl
MTZkODdmYjAeFw0yMzEyMjUxMjAwMDhaFw0yNDEyMjMxMjA1MDhaMDMxMTAvBgNV
BAMTKDU4RkY1MTczNDk0REVCMTc2REM4OUQ5MEIyRTg1QjYwOTI3MkQzNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvkAFVtNPDL/XJAdUG/xrPwPqg
l6TCRegnVQd8dpSGOZCxb5NldYPAukPy7/NXflCRNaRDaX3UU5nv0TahAv9iECV4
DT4mBL0cABetuHxP+4nfNBfBqmhL2Ny4RbA6iv3SVHu+5DYu4WFDzIRnNctgDGQa
BVOJXqMogsCY7S9CBYGA+dfFpWAind97Gkim5JSiaFvLnGE2VC+3NcbNuC/N859z
Rj0b6xOP/HAVAWDkngZ983LkeerxKI3X2zH1aG9m2/7gaoNIsBUI6LRhdQTcITyW
v4GyFsJRE3o5Hl5FECJp3Z9511D5zIhCqPMK8ykM+8UDWos6MUnVDKzgB0y3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWP9Rc0lN6xdtyJ2QsuhbYJJy00swHwYDVR0j
BBgwFoAUpsUJukjltQSUVy4FxFxY5+Fth/swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYtOTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1
NWM1LzEvQTZDNTA5QkE0OEU1QjUwNDk0NTcyRTA1QzQ1QzU4RTdFMTZEODdGQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3BzVUp1a2psdFFTVVZ5NEZ4RnhZNS1G
dGhfcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGM4YmI0NDYt
OTFjMC00MTM4LWEzM2EtYjQ3ODY1ZGU1NWM1LzEvMzgzMTJlMzIzNzJlMzkzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzQzODM1MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABRG2Aw
DQYJKoZIhvcNAQELBQADggEBAFF4q8dF5DoXuWGB9JcSbRU53IHxrSIhnAo7EOwI
NWfqk2eq7m2MP0TQLB1cldA23UGAeyMr+YCrwA3aF+VgPoYnqsA3gNnhpSzt4Ru8
6BZRoF8IyJeqUTGme1a/xcsTbo7z6ryLcoJhzRMIe4q0caByqigSsGGVoAueo6se
kjc/BVpGW7/e1VbvvqUuq9VaPyko+Uzi2+AlRKusJrycRPm2sci0ApYJYns0g9Sr
x0HT9eGhWstUdzLBkf7PFXRv5kMnPTp8VqU+sEkW8i5Y7ENH/KubKfNQRtgU4yCh
DSlzFL2KwW9DAM6yR5fKJ118L3HTHuWRvf6XtlgaT9onC3k=
-----END CERTIFICATE-----