Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32382e302f32342d3234203d3e2031323339.roa
File:                     38322e3131382e32382e302f32342d3234203d3e2031323339.roa (raw, json)
Hash identifier:          lnJq/BGtFSC1oiOk4jZusKnSicu69jMEkgn3nqSVumA=
Subject key identifier:   6E:A4:F1:F4:E5:D4:97:57:02:0C:91:29:54:74:7E:C2:36:D8:6A:78
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       17BBF59EDF3EE86DBA9105CD6284734EFF8E316F
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32382e302f32342d3234203d3e2031323339.roa
Signing time:             Tue 16 Apr 2024 13:32:23 +0000
ROA not before:           Tue 16 Apr 2024 13:27:23 +0000
ROA not after:            Tue 15 Apr 2025 13:32:23 +0000
asID:                     1239
IP address blocks:        82.118.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:bb:f5:9e:df:3e:e8:6d:ba:91:05:cd:62:84:73:4e:ff:8e:31:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 16 13:27:23 2024 GMT
            Not After : Apr 15 13:32:23 2025 GMT
        Subject: CN=6EA4F1F4E5D49757020C912954747EC236D86A78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:78:6c:b0:78:65:51:57:f0:50:6b:15:de:05:
                    55:26:84:e0:c8:cc:5f:b7:df:26:21:6c:5e:dd:98:
                    16:06:81:c4:3c:f4:34:50:45:b8:ef:7a:a8:c7:20:
                    05:c8:44:f0:c3:0b:ba:c7:37:9c:b0:fd:58:39:2b:
                    d0:cf:1d:9c:28:67:44:76:3c:c4:a1:a2:09:2a:21:
                    26:e7:60:a9:a4:ac:4b:41:57:7a:02:29:0f:e1:4f:
                    30:ab:ce:62:c2:8a:78:72:fb:df:d5:d6:09:6a:39:
                    19:73:07:43:b7:50:2c:87:fd:38:77:a4:75:40:bf:
                    63:58:23:05:cf:d9:2b:ce:15:29:50:0a:c3:6a:7e:
                    6e:6e:bb:13:a9:89:4b:25:69:e2:8e:27:66:7d:99:
                    fa:29:13:78:a2:6a:6e:82:2a:2b:7c:c7:1d:aa:0b:
                    ae:5e:88:66:2e:b8:b7:f2:49:9d:e8:4c:cf:ad:78:
                    fb:8a:18:09:74:23:45:08:e7:6f:44:10:50:e8:c9:
                    c3:1f:d7:6b:25:1a:a9:fa:61:23:e0:68:fd:45:1e:
                    46:4c:9a:83:d1:ed:89:3f:1b:d8:a6:d0:79:66:10:
                    29:67:18:b9:1f:4f:35:b4:cd:61:e3:f0:23:31:e4:
                    2d:71:18:0e:57:06:ee:f5:47:db:72:38:83:ba:fe:
                    80:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A4:F1:F4:E5:D4:97:57:02:0C:91:29:54:74:7E:C2:36:D8:6A:78
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32382e302f32342d3234203d3e2031323339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:06:9b:b8:de:0b:3d:cf:81:1f:8a:c7:f1:b0:7d:df:f4:27:
         3d:f9:73:05:3d:a4:d9:ec:6d:d9:ec:7b:9e:83:b5:7e:b7:67:
         11:f8:37:ef:d4:62:29:93:82:e1:60:b6:d6:63:98:19:fd:a8:
         ea:e0:80:ec:08:34:9c:2f:a4:07:bc:e3:de:4c:7f:aa:d1:a1:
         1a:4b:ad:81:0d:c3:43:fd:2e:fe:13:7c:61:36:63:ca:7d:9a:
         81:3a:45:28:dc:e7:d6:c6:5e:80:68:06:c3:67:1a:5e:42:ca:
         a1:62:4f:04:58:b1:98:82:4f:eb:3f:e5:75:1b:6e:c3:94:81:
         e5:03:9f:5f:82:4c:88:2c:66:1a:7c:37:b6:79:f4:67:55:da:
         6c:7d:3f:67:a3:5c:be:58:81:4f:53:ac:6e:ed:df:c6:39:29:
         51:6b:8d:45:52:bc:4a:26:ab:0d:1b:a6:dc:76:9a:95:b7:aa:
         fa:e8:8a:e5:2e:51:e0:7d:62:24:9b:5b:e1:41:7c:c0:4d:f1:
         56:31:ab:5b:22:ad:52:72:5b:47:9e:97:23:f9:18:f6:03:d3:
         b4:c1:b0:de:26:7b:f5:39:dd:b7:ea:a1:21:aa:6d:7f:47:23:
         d3:a3:cb:49:d9:90:24:a1:aa:ce:1f:11:73:96:1e:c5:ed:4d:
         53:05:ea:7c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUF7v1nt8+6G26kQXNYoRzTv+OMW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MTYxMzI3MjNaFw0yNTA0MTUxMzMyMjNaMDMxMTAvBgNV
BAMTKDZFQTRGMUY0RTVENDk3NTcwMjBDOTEyOTU0NzQ3RUMyMzZEODZBNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGeGyweGVRV/BQaxXeBVUmhODI
zF+33yYhbF7dmBYGgcQ89DRQRbjveqjHIAXIRPDDC7rHN5yw/Vg5K9DPHZwoZ0R2
PMShogkqISbnYKmkrEtBV3oCKQ/hTzCrzmLCinhy+9/V1glqORlzB0O3UCyH/Th3
pHVAv2NYIwXP2SvOFSlQCsNqfm5uuxOpiUslaeKOJ2Z9mfopE3iiam6CKit8xx2q
C65eiGYuuLfySZ3oTM+tePuKGAl0I0UI529EEFDoycMf12slGqn6YSPgaP1FHkZM
moPR7Yk/G9im0HlmEClnGLkfTzW0zWHj8CMx5C1xGA5XBu71R9tyOIO6/oCfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbqTx9OXUl1cCDJEpVHR+wjbYangwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMjMzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSdhww
DQYJKoZIhvcNAQELBQADggEBAMUGm7jeCz3PgR+Kx/Gwfd/0Jz35cwU9pNnsbdns
e56DtX63ZxH4N+/UYimTguFgttZjmBn9qOrggOwINJwvpAe8495Mf6rRoRpLrYEN
w0P9Lv4TfGE2Y8p9moE6RSjc59bGXoBoBsNnGl5CyqFiTwRYsZiCT+s/5XUbbsOU
geUDn1+CTIgsZhp8N7Z59GdV2mx9P2ejXL5YgU9TrG7t38Y5KVFrjUVSvEomqw0b
ptx2mpW3qvroiuUuUeB9YiSbW+FBfMBN8VYxq1sirVJyW0eelyP5GPYD07TBsN4m
e/U53bfqoSGqbX9HI9Ojy0nZkCShqs4fEXOWHsXtTVMF6nw=
-----END CERTIFICATE-----