Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa
File:                     38342e33382e3235342e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier:          1WONVzUvQAYkI1a3ovduzbwEoyrgnZ81tXvTC/tDsB8=
Subject key identifier:   FA:B2:28:57:61:83:84:F4:57:CF:DC:33:60:32:9E:D6:B5:D3:FC:E1
Certificate issuer:       /CN=05bbdb629fdd0f1c33bfb1ac7cf44121bc5e6ead
Certificate serial:       104A6C6222829CA70A651DBF4D7B7B49C39EBCF8
Authority key identifier: 05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa
Signing time:             Tue 09 Jan 2024 17:36:43 +0000
ROA not before:           Tue 09 Jan 2024 17:31:43 +0000
ROA not after:            Tue 07 Jan 2025 17:36:43 +0000
asID:                     64267
IP address blocks:        84.38.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:4a:6c:62:22:82:9c:a7:0a:65:1d:bf:4d:7b:7b:49:c3:9e:bc:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bbdb629fdd0f1c33bfb1ac7cf44121bc5e6ead
        Validity
            Not Before: Jan  9 17:31:43 2024 GMT
            Not After : Jan  7 17:36:43 2025 GMT
        Subject: CN=FAB22857618384F457CFDC3360329ED6B5D3FCE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:02:8e:31:1f:c5:1b:f1:ef:39:86:75:30:29:
                    23:74:d9:c6:ac:19:ed:da:0c:7a:2e:d1:e0:50:13:
                    9b:33:0f:5c:74:79:5f:b7:38:46:79:a9:b1:e8:a6:
                    cf:2c:fe:36:07:c5:9a:59:31:82:cd:bf:ae:fe:c1:
                    c5:fc:c3:ae:94:87:41:a3:c8:27:ff:2a:62:9d:da:
                    60:58:02:82:94:08:32:4f:67:5d:25:41:cf:2f:1b:
                    4c:15:c6:0b:07:88:ea:85:c4:33:17:31:cf:ba:77:
                    a9:19:30:db:22:bf:f6:0a:e8:a3:47:9c:38:8f:97:
                    90:bb:3f:3d:ab:2e:bb:7f:3c:ca:58:41:15:0f:1b:
                    4c:d0:a1:37:e9:89:4c:bf:f3:3b:6a:0a:90:53:e8:
                    a2:44:ce:b1:15:5c:19:20:1b:90:74:17:3d:6f:aa:
                    c6:2a:35:9b:2f:39:3c:47:88:a2:b9:7e:99:df:e0:
                    ac:19:88:23:7c:73:84:01:87:1a:77:e5:ad:03:04:
                    9c:12:32:8c:70:94:41:04:57:36:85:11:d4:e9:bf:
                    8b:4a:b1:69:e8:ad:0f:f7:94:9d:3f:92:8c:4a:04:
                    9b:a4:b0:91:51:0e:19:c2:4c:31:ab:92:d1:5b:ee:
                    5c:ec:34:85:5c:30:ab:7e:2c:3d:53:11:c2:d4:73:
                    38:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B2:28:57:61:83:84:F4:57:CF:DC:33:60:32:9E:D6:B5:D3:FC:E1
            X509v3 Authority Key Identifier:
                keyid:05:BB:DB:62:9F:DD:0F:1C:33:BF:B1:AC:7C:F4:41:21:BC:5E:6E:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/05BBDB629FDD0F1C33BFB1AC7CF44121BC5E6EAD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbvbYp_dDxwzv7GsfPRBIbxebq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/93f083b7-7818-4ccf-8663-9191f8a8616a/0/38342e33382e3235342e302f32342d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:88:d4:24:8c:16:ad:1c:61:3e:50:49:96:c4:c7:ad:78:37:
         3a:3f:c7:96:77:74:b8:b6:bb:c3:7c:aa:ad:9b:0c:92:b0:05:
         7b:a0:c1:d5:92:a8:dd:3b:1f:ec:a7:95:7d:80:2c:86:52:03:
         b3:2c:28:19:51:2e:e0:26:9e:d2:f3:55:25:fb:15:7c:7e:e7:
         bd:9f:72:c5:7d:88:2b:88:ce:c4:71:74:28:40:2b:5b:8d:fa:
         57:54:7b:50:a1:52:1e:6b:31:dd:7f:12:f4:45:e0:53:06:60:
         7d:50:90:d8:24:e3:5d:38:2e:44:54:ea:4e:b0:f6:95:89:06:
         3c:34:8e:da:00:5e:c1:fc:80:8a:74:98:73:55:11:ac:ff:fe:
         0a:82:27:87:6c:fa:8d:ac:39:13:9a:9c:da:5a:04:c8:37:0a:
         2c:37:a9:ed:8c:49:3b:39:9a:e9:63:a8:e0:95:e0:50:29:7e:
         ff:a4:96:ba:f9:e5:98:03:cf:e9:62:fe:50:98:95:2d:82:fd:
         4a:37:1f:82:71:f7:7a:a9:76:26:68:a6:14:9c:6b:a7:73:60:
         48:ff:32:c2:9c:33:35:b1:5e:cd:4b:64:1c:c6:f6:c4:35:a7:
         a4:e0:c3:68:0d:a7:ab:18:54:31:45:3c:27:b9:6b:d4:f6:d5:
         b4:14:be:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEEpsYiKCnKcKZR2/TXt7ScOevPgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDViYmRiNjI5ZmRkMGYxYzMzYmZiMWFjN2NmNDQxMjFi
YzVlNmVhZDAeFw0yNDAxMDkxNzMxNDNaFw0yNTAxMDcxNzM2NDNaMDMxMTAvBgNV
BAMTKEZBQjIyODU3NjE4Mzg0RjQ1N0NGREMzMzYwMzI5RUQ2QjVEM0ZDRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjAo4xH8Ub8e85hnUwKSN02cas
Ge3aDHou0eBQE5szD1x0eV+3OEZ5qbHops8s/jYHxZpZMYLNv67+wcX8w66Uh0Gj
yCf/KmKd2mBYAoKUCDJPZ10lQc8vG0wVxgsHiOqFxDMXMc+6d6kZMNsiv/YK6KNH
nDiPl5C7Pz2rLrt/PMpYQRUPG0zQoTfpiUy/8ztqCpBT6KJEzrEVXBkgG5B0Fz1v
qsYqNZsvOTxHiKK5fpnf4KwZiCN8c4QBhxp35a0DBJwSMoxwlEEEVzaFEdTpv4tK
sWnorQ/3lJ0/koxKBJuksJFRDhnCTDGrktFb7lzsNIVcMKt+LD1TEcLUczjtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+rIoV2GDhPRXz9wzYDKe1rXT/OEwHwYDVR0j
BBgwFoAUBbvbYp/dDxwzv7GsfPRBIbxebq0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTNmMDgzYjctNzgxOC00Y2NmLTg2NjMtOTE5MWY4YTg2
MTZhLzAvMDVCQkRCNjI5RkREMEYxQzMzQkZCMUFDN0NGNDQxMjFCQzVFNkVBRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JidmJZcF9kRHh3enY3R3NmUFJCSWJ4
ZWJxMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTNmMDgzYjct
NzgxOC00Y2NmLTg2NjMtOTE5MWY4YTg2MTZhLzAvMzgzNDJlMzMzODJlMzIzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzNDMyMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQm
/jANBgkqhkiG9w0BAQsFAAOCAQEAAIjUJIwWrRxhPlBJlsTHrXg3Oj/Hlnd0uLa7
w3yqrZsMkrAFe6DB1ZKo3Tsf7KeVfYAshlIDsywoGVEu4Cae0vNVJfsVfH7nvZ9y
xX2IK4jOxHF0KEArW436V1R7UKFSHmsx3X8S9EXgUwZgfVCQ2CTjXTguRFTqTrD2
lYkGPDSO2gBewfyAinSYc1URrP/+CoInh2z6jaw5E5qc2loEyDcKLDep7YxJOzma
6WOo4JXgUCl+/6SWuvnlmAPP6WL+UJiVLYL9SjcfgnH3eql2JmimFJxrp3NgSP8y
wpwzNbFezUtkHMb2xDWnpODDaA2nqxhUMUU8J7lr1PbVtBS+vQ==
-----END CERTIFICATE-----