Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e203530313034.roa
File:                     38322e3131382e32372e302f32342d3234203d3e203530313034.roa (raw, json)
Hash identifier:          ir9An+p3aGyV421jQACQTagn5T7Oboh/DBxezU72HtU=
Subject key identifier:   87:D9:9D:D0:91:DB:4D:91:84:9C:E8:21:BB:92:82:E9:8C:BB:AA:39
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       1E192728874D88EBC6ED68A8E98846079CCFF5E0
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e203530313034.roa
Signing time:             Thu 04 Apr 2024 14:41:08 +0000
ROA not before:           Thu 04 Apr 2024 14:36:08 +0000
ROA not after:            Thu 03 Apr 2025 14:41:08 +0000
asID:                     50104
IP address blocks:        82.118.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:19:27:28:87:4d:88:eb:c6:ed:68:a8:e9:88:46:07:9c:cf:f5:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 14:36:08 2024 GMT
            Not After : Apr  3 14:41:08 2025 GMT
        Subject: CN=87D99DD091DB4D91849CE821BB9282E98CBBAA39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c2:36:a5:93:42:c0:b5:4b:cf:c6:68:41:8c:
                    2b:06:a8:42:54:65:d2:04:55:08:fa:39:fe:e9:2a:
                    48:67:d7:34:50:03:a9:a4:19:2b:40:49:dd:44:6b:
                    37:ee:07:4b:02:74:91:a2:54:bc:1e:42:44:c5:bc:
                    20:71:d6:f9:8f:e3:43:e5:c2:86:36:ec:96:ab:02:
                    d9:88:1a:4d:db:5e:76:d3:b8:80:c1:62:dc:d4:75:
                    a7:62:26:1f:14:17:88:6d:47:68:9a:e6:b0:dd:aa:
                    7e:9a:ff:fd:d0:34:cb:de:e8:9f:36:59:7d:2a:bf:
                    74:f6:40:1a:16:d8:c5:06:7d:ce:27:82:44:ee:6d:
                    29:fa:c5:59:dd:df:7d:b0:94:5a:81:06:29:2e:c9:
                    21:29:1e:d3:3f:b1:28:dc:26:a1:79:ae:0a:2c:1f:
                    1b:b8:0f:f8:b8:2a:06:84:c0:30:fa:e7:4b:e0:9a:
                    d1:0f:cf:21:32:40:5d:99:6d:9c:76:24:3c:38:48:
                    75:bc:96:76:5c:59:6f:c5:8a:0e:22:e7:31:d7:84:
                    57:87:d9:dd:3e:00:df:d5:a6:dd:08:2c:e7:6b:a3:
                    20:97:85:00:c0:66:b9:b9:06:f2:83:ea:3b:a5:36:
                    0c:01:67:48:d3:eb:01:bd:7a:fc:55:e2:53:a7:46:
                    0a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D9:9D:D0:91:DB:4D:91:84:9C:E8:21:BB:92:82:E9:8C:BB:AA:39
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e203530313034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:fd:18:84:ac:06:05:ba:6c:f6:e4:c8:cb:9b:66:61:24:24:
         7d:a6:20:9c:ae:de:86:7c:71:6e:e7:36:cb:4b:85:a3:9c:e8:
         64:c7:16:9e:46:98:6b:74:7b:c4:2e:46:f8:e8:9c:7a:21:39:
         20:d2:55:2a:14:91:4f:2c:7f:c9:13:a7:00:bc:bf:eb:3a:27:
         df:35:21:65:ac:5d:b4:e1:d5:43:9d:43:d9:46:f1:4b:1d:1f:
         cd:73:d1:fc:a3:73:25:1f:ee:57:89:8e:5c:78:f2:c5:3f:d5:
         c7:4d:31:b8:05:f1:93:96:27:49:e2:a4:66:4e:17:de:0b:4e:
         da:3a:a3:f5:6e:8f:74:d7:cd:a0:37:d9:10:04:d6:97:13:b4:
         04:d7:92:30:10:1e:74:ae:1d:d2:12:17:c1:8f:d5:2d:48:f7:
         47:db:9d:b6:3e:46:c1:a9:af:bf:e5:57:31:88:ff:49:01:49:
         82:79:24:d1:d9:01:9a:cd:23:c1:e5:d7:a5:d0:b7:9c:8c:1d:
         78:7b:1d:aa:70:71:25:a7:9f:c6:de:b4:16:3d:2f:8c:7d:b5:
         94:15:f1:d7:8b:30:e5:1e:de:cc:9d:b0:8e:9f:69:8a:12:38:
         bb:4f:a5:1d:f9:cd:db:c4:c2:58:39:66:db:e5:25:b5:5d:d4:
         b8:d6:b0:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHhknKIdNiOvG7Wio6YhGB5zP9eAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxNDM2MDhaFw0yNTA0MDMxNDQxMDhaMDMxMTAvBgNV
BAMTKDg3RDk5REQwOTFEQjREOTE4NDlDRTgyMUJCOTI4MkU5OENCQkFBMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDwjalk0LAtUvPxmhBjCsGqEJU
ZdIEVQj6Of7pKkhn1zRQA6mkGStASd1EazfuB0sCdJGiVLweQkTFvCBx1vmP40Pl
woY27JarAtmIGk3bXnbTuIDBYtzUdadiJh8UF4htR2ia5rDdqn6a//3QNMve6J82
WX0qv3T2QBoW2MUGfc4ngkTubSn6xVnd332wlFqBBikuySEpHtM/sSjcJqF5rgos
Hxu4D/i4KgaEwDD650vgmtEPzyEyQF2ZbZx2JDw4SHW8lnZcWW/Fig4i5zHXhFeH
2d0+AN/Vpt0ILOdroyCXhQDAZrm5BvKD6julNgwBZ0jT6wG9evxV4lOnRgqPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUh9md0JHbTZGEnOghu5KC6Yy7qjkwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDMxMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
GzANBgkqhkiG9w0BAQsFAAOCAQEAbv0YhKwGBbps9uTIy5tmYSQkfaYgnK7ehnxx
buc2y0uFo5zoZMcWnkaYa3R7xC5G+OiceiE5INJVKhSRTyx/yROnALy/6zon3zUh
ZaxdtOHVQ51D2UbxSx0fzXPR/KNzJR/uV4mOXHjyxT/Vx00xuAXxk5YnSeKkZk4X
3gtO2jqj9W6PdNfNoDfZEATWlxO0BNeSMBAedK4d0hIXwY/VLUj3R9udtj5Gwamv
v+VXMYj/SQFJgnkk0dkBms0jweXXpdC3nIwdeHsdqnBxJaefxt60Fj0vjH21lBXx
14sw5R7ezJ2wjp9pihI4u0+lHfnN28TCWDlm2+UltV3UuNawig==
-----END CERTIFICATE-----