Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa
File:                     38342e33382e3235342e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier:          9kep0y5iWWXIJpO3TiiRho2v0RZ/t5nwkbbRFjNIkHc=
Subject key identifier:   DB:87:A3:B4:84:18:48:B2:49:6D:79:CD:C6:29:25:74:5F:26:9F:53
Certificate issuer:       /CN=05bbdb629fdd0f1c33bfb1ac7cf44121bc5e6ead
Certificate serial:       0566A16A715EE20DBCB426304BBAFB4309F9039B
Authority key identifier: 05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa
Signing time:             Tue 10 Dec 2024 17:53:48 +0000
ROA not before:           Tue 10 Dec 2024 17:48:48 +0000
ROA not after:            Tue 09 Dec 2025 17:53:48 +0000
asID:                     64267
IP address blocks:        84.38.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:66:a1:6a:71:5e:e2:0d:bc:b4:26:30:4b:ba:fb:43:09:f9:03:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bbdb629fdd0f1c33bfb1ac7cf44121bc5e6ead
        Validity
            Not Before: Dec 10 17:48:48 2024 GMT
            Not After : Dec  9 17:53:48 2025 GMT
        Subject: CN=DB87A3B4841848B2496D79CDC62925745F269F53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:2d:34:3e:3a:25:6c:c4:75:cf:32:32:d9:
                    38:0c:50:c9:77:a3:1d:b9:2e:d4:ac:f6:af:e4:f4:
                    8f:c2:9d:a7:3c:0b:10:66:72:83:55:9f:cb:c3:9a:
                    73:bf:d1:7b:18:52:30:79:da:e3:e7:cb:b5:e5:3a:
                    10:d2:81:25:c0:62:86:ec:e2:e2:00:a0:9d:dc:38:
                    d9:9e:6a:ad:96:09:8b:99:26:8f:27:e2:53:a2:97:
                    92:42:a2:ed:e7:60:df:1e:64:6f:58:b7:e3:e9:a1:
                    8e:31:65:f9:4a:ca:ac:2c:7f:7c:f2:34:16:9d:58:
                    08:9a:d9:4b:80:39:ce:00:39:d7:b2:bc:87:01:74:
                    91:20:09:7f:46:11:80:31:51:37:2f:60:42:29:36:
                    87:ae:28:5f:d6:8d:d9:fc:ce:6f:0d:8e:95:ab:18:
                    f5:3f:26:d3:86:71:fc:1b:6c:ff:00:dc:19:03:e1:
                    d4:ed:c9:1c:ea:c2:33:72:28:13:43:78:dc:48:1e:
                    6c:34:8a:c9:71:14:5f:6a:c0:ff:5b:c8:ac:3b:c4:
                    28:ec:8e:81:59:a4:22:46:4a:4f:da:0c:9a:05:a8:
                    09:61:7c:ce:3c:9f:04:dd:1e:e8:a7:87:ba:e8:cd:
                    af:61:ad:a5:cd:f0:74:d5:7c:2c:a7:11:de:39:ed:
                    11:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:87:A3:B4:84:18:48:B2:49:6D:79:CD:C6:29:25:74:5F:26:9F:53
            X509v3 Authority Key Identifier:
                keyid:05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:4a:77:11:97:1b:2f:6a:0e:21:f5:d0:74:6c:eb:87:df:bc:
         67:96:ff:6a:9b:a3:82:35:0f:f9:43:1a:fa:8b:a0:ea:82:32:
         3d:19:9a:5e:4a:32:08:3c:0a:aa:b4:7c:8b:62:4d:82:91:eb:
         77:c2:30:2a:15:49:1f:25:7b:35:36:89:1a:f5:f6:d3:2d:a0:
         2e:a5:f5:71:9b:69:69:80:86:19:d3:b0:cb:c7:0d:65:16:1a:
         00:bf:2e:22:c3:b5:88:8b:a8:09:dd:19:f3:09:02:b8:e9:f1:
         29:7c:5e:e7:2e:f3:f3:d4:73:45:94:7d:89:39:4e:09:2f:a4:
         e5:cc:a9:ea:57:15:81:9a:09:10:c4:4b:44:43:f4:b4:78:dc:
         36:dd:f2:07:94:75:38:fe:ed:5c:8d:fb:8e:ee:79:6a:9d:71:
         07:71:13:33:9c:66:f5:00:3d:60:6f:63:ab:f5:21:06:ee:7f:
         6f:a2:d2:d5:e4:aa:05:4c:ce:bf:d3:a9:67:6a:9c:d8:62:eb:
         a4:db:d0:36:3c:ba:cc:ef:72:44:a8:3d:57:1f:0f:2e:8c:7b:
         a2:da:ac:0e:fe:5f:c2:a5:22:ce:b3:04:4e:20:97:e5:29:26:
         66:2c:5d:b5:bc:ba:c4:c2:05:60:c6:0e:17:da:7e:f7:b3:74:
         d9:02:8a:51
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBWahanFe4g28tCYwS7r7Qwn5A5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDViYmRiNjI5ZmRkMGYxYzMzYmZiMWFjN2NmNDQxMjFi
YzVlNmVhZDAeFw0yNDEyMTAxNzQ4NDhaFw0yNTEyMDkxNzUzNDhaMDMxMTAvBgNV
BAMTKERCODdBM0I0ODQxODQ4QjI0OTZENzlDREM2MjkyNTc0NUYyNjlGNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfi00PjolbMR1zzIy2TgMUMl3
ox25LtSs9q/k9I/Cnac8CxBmcoNVn8vDmnO/0XsYUjB52uPny7XlOhDSgSXAYobs
4uIAoJ3cONmeaq2WCYuZJo8n4lOil5JCou3nYN8eZG9Yt+PpoY4xZflKyqwsf3zy
NBadWAia2UuAOc4AOdeyvIcBdJEgCX9GEYAxUTcvYEIpNoeuKF/Wjdn8zm8NjpWr
GPU/JtOGcfwbbP8A3BkD4dTtyRzqwjNyKBNDeNxIHmw0islxFF9qwP9byKw7xCjs
joFZpCJGSk/aDJoFqAlhfM48nwTdHuinh7roza9hraXN8HTVfCynEd457RG7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU24ejtIQYSLJJbXnNxikldF8mn1MwHwYDVR0j
BBgwFoAUBbvbYp/dDxwzv7GsfPRBIbxebq0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTNmMDgzYjctNzgxOC00Y2NmLTg2NjMtOTE5MWY4YTg2
MTZhLzAvMDVCQkRCNjI5RkREMEYxQzMzQkZCMUFDN0NGNDQxMjFCQzVFNkVBRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JidmJZcF9kRHh3enY3R3NmUFJCSWJ4
ZWJxMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTNmMDgzYjct
NzgxOC00Y2NmLTg2NjMtOTE5MWY4YTg2MTZhLzAvMzgzNDJlMzMzODJlMzIzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzNDMyMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQm
/jANBgkqhkiG9w0BAQsFAAOCAQEAf0p3EZcbL2oOIfXQdGzrh9+8Z5b/apujgjUP
+UMa+oug6oIyPRmaXkoyCDwKqrR8i2JNgpHrd8IwKhVJHyV7NTaJGvX20y2gLqX1
cZtpaYCGGdOwy8cNZRYaAL8uIsO1iIuoCd0Z8wkCuOnxKXxe5y7z89RzRZR9iTlO
CS+k5cyp6lcVgZoJEMRLREP0tHjcNt3yB5R1OP7tXI37ju55ap1xB3ETM5xm9QA9
YG9jq/UhBu5/b6LS1eSqBUzOv9OpZ2qc2GLrpNvQNjy6zO9yRKg9Vx8PLox7otqs
Dv5fwqUizrMETiCX5SkmZixdtby6xMIFYMYOF9p+97N02QKKUQ==
-----END CERTIFICATE-----