Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
File:                     38322e3131382e33312e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          PGaWkvSjIHzuPUxmmqOQ4aapksPDPrIgH4KDCTXsDFo=
Subject key identifier:   16:21:0A:3A:F0:6D:CC:58:75:C8:A3:33:A5:8B:92:AC:FD:DF:05:CA
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       64A5C867C6DD7FA8EDC16C938DA55E71CC5C5FA8
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
Signing time:             Thu 04 Apr 2024 11:05:15 +0000
ROA not before:           Thu 04 Apr 2024 11:00:15 +0000
ROA not after:            Thu 03 Apr 2025 11:05:15 +0000
asID:                     16509
IP address blocks:        82.118.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:a5:c8:67:c6:dd:7f:a8:ed:c1:6c:93:8d:a5:5e:71:cc:5c:5f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:15 2024 GMT
            Not After : Apr  3 11:05:15 2025 GMT
        Subject: CN=16210A3AF06DCC5875C8A333A58B92ACFDDF05CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e5:04:70:e3:e9:dc:97:f1:66:6f:ca:62:41:
                    d0:6f:e5:17:f9:fa:55:63:36:fc:3d:67:9e:d0:c3:
                    b0:f6:09:f5:1d:79:69:46:b1:da:58:1c:61:a5:e9:
                    02:dd:e4:c3:cb:81:52:98:44:39:82:4e:ff:9e:67:
                    96:24:11:39:2f:98:76:49:c0:19:9b:93:70:e0:83:
                    96:94:4c:1f:39:2c:3e:5c:59:52:1c:22:d0:cb:7d:
                    c9:64:61:db:f7:64:87:b7:92:f9:52:0d:8a:86:1a:
                    b8:2e:78:f8:e5:16:9e:e6:95:0c:7e:83:5b:c6:1a:
                    27:74:65:c7:cf:b7:83:89:ad:45:e1:46:51:77:23:
                    f0:f9:87:4b:44:18:41:9b:0a:a2:9d:fc:96:44:a6:
                    5c:f3:f6:df:d5:84:00:d4:23:d1:dd:78:95:57:b0:
                    28:71:5b:f0:e7:f1:87:cc:a8:0c:fa:0a:28:65:1f:
                    b5:13:f2:9d:17:06:ee:54:fc:a3:08:d3:5a:dd:65:
                    af:12:0b:21:67:1c:01:d7:22:b1:05:78:7a:11:e3:
                    f8:19:fd:42:8e:eb:5d:4a:8d:61:e5:94:95:47:d0:
                    07:98:b1:7f:97:13:d4:32:82:d3:d0:22:04:37:98:
                    b8:b8:b2:79:54:f2:52:7b:30:56:ea:77:93:df:36:
                    35:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:21:0A:3A:F0:6D:CC:58:75:C8:A3:33:A5:8B:92:AC:FD:DF:05:CA
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a5:65:85:32:9e:40:b2:5e:73:5c:53:06:14:cf:2e:a0:33:
         71:a5:65:83:98:55:97:19:72:7d:6b:c4:37:72:dc:45:75:97:
         1b:91:13:75:77:e7:71:9a:9c:d3:98:31:1e:68:a0:20:ad:22:
         3e:9b:50:03:07:0e:89:34:64:3e:93:36:16:39:87:1d:f5:ec:
         e4:10:26:14:ea:7e:2d:14:3e:64:21:9c:39:f6:ca:40:1e:d7:
         6e:0f:34:e4:d3:d3:27:75:89:d0:06:57:1a:ea:c8:a8:16:64:
         83:18:7d:c5:4c:57:08:92:8e:41:0c:e3:0f:e4:34:7f:44:cf:
         7f:1b:e4:a5:30:df:44:55:af:bb:06:91:7f:1a:0c:f2:48:88:
         d6:f8:16:a5:62:f3:08:56:25:dd:77:cd:b4:c7:ec:1f:4c:35:
         96:f4:45:30:bc:72:da:e7:cc:65:5e:8c:8e:e5:d0:59:68:b5:
         e6:10:5f:8c:83:fe:80:08:c2:31:42:e3:53:87:df:22:a8:09:
         9e:b3:b8:0a:1c:0e:1f:7d:6a:20:f8:37:22:eb:08:73:d7:60:
         1b:1b:29:fd:f9:cf:94:bf:1d:f6:f0:1e:c6:75:72:7a:19:73:
         b6:cc:f5:cf:2b:c8:b2:ce:ba:3b:81:8b:ee:a3:8c:6f:74:8c:
         d9:eb:80:20
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZKXIZ8bdf6jtwWyTjaVeccxcX6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTVaFw0yNTA0MDMxMTA1MTVaMDMxMTAvBgNV
BAMTKDE2MjEwQTNBRjA2RENDNTg3NUM4QTMzM0E1OEI5MkFDRkRERjA1Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg5QRw4+ncl/Fmb8piQdBv5Rf5
+lVjNvw9Z57Qw7D2CfUdeWlGsdpYHGGl6QLd5MPLgVKYRDmCTv+eZ5YkETkvmHZJ
wBmbk3Dgg5aUTB85LD5cWVIcItDLfclkYdv3ZIe3kvlSDYqGGrguePjlFp7mlQx+
g1vGGid0ZcfPt4OJrUXhRlF3I/D5h0tEGEGbCqKd/JZEplzz9t/VhADUI9HdeJVX
sChxW/Dn8YfMqAz6CihlH7UT8p0XBu5U/KMI01rdZa8SCyFnHAHXIrEFeHoR4/gZ
/UKO611KjWHllJVH0AeYsX+XE9QygtPQIgQ3mLi4snlU8lJ7MFbqd5PfNjXZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFiEKOvBtzFh1yKMzpYuSrP3fBcowHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
HzANBgkqhkiG9w0BAQsFAAOCAQEAmKVlhTKeQLJec1xTBhTPLqAzcaVlg5hVlxly
fWvEN3LcRXWXG5ETdXfncZqc05gxHmigIK0iPptQAwcOiTRkPpM2FjmHHfXs5BAm
FOp+LRQ+ZCGcOfbKQB7Xbg805NPTJ3WJ0AZXGurIqBZkgxh9xUxXCJKOQQzjD+Q0
f0TPfxvkpTDfRFWvuwaRfxoM8kiI1vgWpWLzCFYl3XfNtMfsH0w1lvRFMLxy2ufM
ZV6MjuXQWWi15hBfjIP+gAjCMULjU4ffIqgJnrO4ChwOH31qIPg3IusIc9dgGxsp
/fnPlL8d9vAexnVyehlztsz1zyvIss66O4GL7qOMb3SM2euAIA==
-----END CERTIFICATE-----