Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
File:                     38322e3131382e32342e302f32342d3234203d3e203537323338.roa (raw, json)
Hash identifier:          yHUUbA/9hblpTHPoaoME6Nct3lciAAyCO2zFTSgPxxo=
Subject key identifier:   39:7E:6E:72:71:E6:1C:7B:93:41:49:76:E1:3A:48:E6:FE:1D:87:00
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       373D9F37E8823D86473A29D46E3DD3FA49EDDF3B
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
Signing time:             Thu 04 Apr 2024 11:05:14 +0000
ROA not before:           Thu 04 Apr 2024 11:00:14 +0000
ROA not after:            Thu 03 Apr 2025 11:05:14 +0000
asID:                     57238
IP address blocks:        82.118.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:3d:9f:37:e8:82:3d:86:47:3a:29:d4:6e:3d:d3:fa:49:ed:df:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:14 2024 GMT
            Not After : Apr  3 11:05:14 2025 GMT
        Subject: CN=397E6E7271E61C7B93414976E13A48E6FE1D8700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f6:f1:e2:48:3b:83:f5:0e:b5:b0:3e:a3:c9:
                    84:67:dc:1f:68:ad:ca:cf:62:19:39:3b:1d:1e:3d:
                    bc:7b:4b:eb:27:0a:34:93:03:37:54:26:b1:db:0e:
                    3c:b3:4c:ac:03:71:f5:06:d7:91:63:9e:e0:e6:d6:
                    05:c8:07:28:1a:22:b9:dd:ec:84:92:61:76:20:00:
                    09:95:62:08:fe:64:56:7c:44:3a:bf:c6:05:c9:f7:
                    98:8b:eb:53:48:bc:d9:33:ca:33:12:a9:ab:00:35:
                    81:ed:f4:43:32:3a:4d:ab:05:42:a6:cd:5e:58:eb:
                    5a:8d:dd:00:92:eb:ee:61:de:06:78:84:6d:86:81:
                    6a:b0:43:29:fa:ec:d1:5d:e8:91:0a:bd:4a:e6:91:
                    12:80:0d:76:d4:24:a1:50:b2:cc:e4:78:32:28:9e:
                    fe:a7:29:1a:fa:0d:5e:ff:cb:a6:72:c6:c4:5a:cd:
                    e1:99:47:54:7e:74:97:f3:a0:dc:11:a7:00:8a:41:
                    c3:6f:82:c7:41:5a:52:b6:05:7a:97:8e:c4:01:34:
                    fd:ea:a7:cf:46:4a:cb:ee:81:1f:30:56:fe:2c:47:
                    35:37:ab:87:2a:20:c0:e6:bd:fe:d6:93:64:0e:77:
                    92:26:c2:84:95:e8:82:fd:65:4c:d3:2b:6a:4f:61:
                    48:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7E:6E:72:71:E6:1C:7B:93:41:49:76:E1:3A:48:E6:FE:1D:87:00
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ac:e1:4b:8b:5a:b8:95:c1:c6:5f:5e:8f:99:e0:02:22:f0:
         24:2f:b9:64:d6:e3:f2:03:eb:e8:c2:40:cf:f7:d0:87:49:84:
         b5:7d:84:b9:34:f7:52:cc:81:29:f4:c8:62:85:2f:7d:67:91:
         c8:88:cb:d3:3a:a2:71:53:96:e8:02:8b:f0:e1:98:58:5f:00:
         14:6a:95:9f:65:e7:9f:84:e9:ba:91:b5:c1:99:96:2b:86:f7:
         8f:1d:a3:d9:cb:05:15:b4:02:cb:d4:da:b1:9b:55:96:45:48:
         fe:43:c1:d6:f0:48:fa:4d:29:69:8e:08:d7:6d:0b:e9:0b:9b:
         66:69:00:87:87:c3:8e:28:41:0c:23:4a:fa:8a:64:34:e5:26:
         99:c2:22:23:dc:99:f2:88:f7:12:be:d6:6b:d0:da:f4:11:b8:
         8c:fe:a8:a4:78:20:5c:90:61:0b:e5:1c:3d:f3:b6:51:2f:32:
         b8:a6:5d:1b:73:5c:60:e7:ee:93:b6:98:9a:cf:4f:0e:ee:a8:
         49:63:bb:a6:cc:51:3a:f0:14:fa:9e:f2:58:db:89:5c:7f:9a:
         b3:d5:05:b2:86:87:df:e7:50:72:2d:33:b7:93:ca:3f:87:b4:
         9a:63:04:41:82:49:14:73:f5:f2:5b:91:65:67:38:a3:bb:71:
         b6:6d:04:c2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNz2fN+iCPYZHOinUbj3T+knt3zswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTRaFw0yNTA0MDMxMTA1MTRaMDMxMTAvBgNV
BAMTKDM5N0U2RTcyNzFFNjFDN0I5MzQxNDk3NkUxM0E0OEU2RkUxRDg3MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC29vHiSDuD9Q61sD6jyYRn3B9o
rcrPYhk5Ox0ePbx7S+snCjSTAzdUJrHbDjyzTKwDcfUG15FjnuDm1gXIBygaIrnd
7ISSYXYgAAmVYgj+ZFZ8RDq/xgXJ95iL61NIvNkzyjMSqasANYHt9EMyOk2rBUKm
zV5Y61qN3QCS6+5h3gZ4hG2GgWqwQyn67NFd6JEKvUrmkRKADXbUJKFQsszkeDIo
nv6nKRr6DV7/y6ZyxsRazeGZR1R+dJfzoNwRpwCKQcNvgsdBWlK2BXqXjsQBNP3q
p89GSsvugR8wVv4sRzU3q4cqIMDmvf7Wk2QOd5ImwoSV6IL9ZUzTK2pPYUinAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOX5ucnHmHHuTQUl24TpI5v4dhwAwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
GDANBgkqhkiG9w0BAQsFAAOCAQEAq6zhS4tauJXBxl9ej5ngAiLwJC+5ZNbj8gPr
6MJAz/fQh0mEtX2EuTT3UsyBKfTIYoUvfWeRyIjL0zqicVOW6AKL8OGYWF8AFGqV
n2Xnn4TpupG1wZmWK4b3jx2j2csFFbQCy9TasZtVlkVI/kPB1vBI+k0paY4I120L
6QubZmkAh4fDjihBDCNK+opkNOUmmcIiI9yZ8oj3Er7Wa9Da9BG4jP6opHggXJBh
C+UcPfO2US8yuKZdG3NcYOfuk7aYms9PDu6oSWO7psxROvAU+p7yWNuJXH+as9UF
soaH3+dQci0zt5PKP4e0mmMEQYJJFHP18luRZWc4o7txtm0Ewg==
-----END CERTIFICATE-----