Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa
File:                     38302e3139302e37322e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          L40N8DSHcG/NEcRZFguYQxJ7+UQMx74Ykvk7k0Dxkp0=
Subject key identifier:   18:CF:96:D1:89:C2:50:15:D6:D4:59:2B:59:7B:0E:AA:96:26:99:22
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6120CB3306AB6BB14D193D5CF49F55EB0BF5112B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa
Signing time:             Tue 19 Mar 2024 10:03:14 +0000
ROA not before:           Tue 19 Mar 2024 09:58:14 +0000
ROA not after:            Tue 18 Mar 2025 10:03:14 +0000
asID:                     40021
IP address blocks:        80.190.72.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:20:cb:33:06:ab:6b:b1:4d:19:3d:5c:f4:9f:55:eb:0b:f5:11:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 19 09:58:14 2024 GMT
            Not After : Mar 18 10:03:14 2025 GMT
        Subject: CN=18CF96D189C25015D6D4592B597B0EAA96269922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f5:92:cb:e1:d9:b6:a9:a1:a0:1b:36:f4:7a:
                    35:b7:38:38:1c:cf:36:7c:50:8c:12:f4:34:9f:13:
                    61:24:86:03:d5:92:de:d2:ff:bd:27:62:29:63:42:
                    e1:1b:d2:4f:9f:af:7e:35:cf:cd:7b:c4:98:c2:ec:
                    c1:5b:b5:98:d1:0a:69:c6:d6:65:c5:a0:f5:bb:f7:
                    ad:ea:46:e5:69:b0:52:0c:06:fb:cf:b1:66:a6:d5:
                    ae:0b:fd:db:c8:d5:8c:d2:4e:9c:d2:a5:8b:ba:eb:
                    bd:5e:bf:3a:04:67:a3:35:03:f5:b1:06:67:44:4c:
                    56:72:d0:3d:58:e9:7e:34:67:c7:aa:6d:14:67:c9:
                    a7:bb:f0:68:03:fa:1f:d7:13:dd:db:ce:88:db:f6:
                    80:c0:ae:a5:f7:35:19:0c:45:ac:58:d2:a9:4b:7c:
                    6a:2c:3d:4d:d1:f4:4b:d8:87:98:1b:4d:1a:bc:42:
                    b8:9f:14:e6:6c:05:47:fe:40:0c:f5:3c:36:81:40:
                    25:2b:c2:b9:75:f1:d3:cb:d3:00:53:48:a1:ba:17:
                    d0:76:47:f0:cd:22:c0:3e:63:6f:d7:49:1a:17:b1:
                    c0:57:50:a3:24:73:b7:f3:a8:97:3d:b2:ff:8e:bd:
                    6d:f5:b0:b9:6d:6f:b5:a6:57:c9:91:42:7e:88:0b:
                    66:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:CF:96:D1:89:C2:50:15:D6:D4:59:2B:59:7B:0E:AA:96:26:99:22
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.190.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:48:8f:5b:57:b8:48:aa:06:11:cc:2d:b7:c2:8e:e1:73:3c:
         e3:a7:81:fa:ff:04:bc:14:11:0c:7d:0e:96:bf:b8:a9:2c:15:
         f1:cf:04:42:86:15:a8:14:a7:32:ca:83:dd:b3:37:c5:a9:ca:
         0f:ff:58:7d:ef:51:16:91:fb:3b:4d:86:2a:7b:27:60:8f:40:
         f6:d4:5d:dc:73:a2:80:a6:87:55:b0:ef:91:5f:84:02:1e:d1:
         cd:f0:5b:4a:9b:08:0d:43:96:02:2a:be:94:6f:51:e7:d5:0d:
         5b:dd:9e:cb:0c:d3:1f:ba:39:a1:48:81:b8:0e:13:0d:53:25:
         78:ca:63:6c:06:43:e9:dd:f6:10:ab:46:40:b6:16:fd:ef:c6:
         c4:b4:35:a4:34:ca:1d:62:ec:cd:87:09:eb:d9:8c:bc:73:4f:
         f5:c6:68:64:d7:73:3d:58:fc:21:97:d3:c0:93:42:26:a4:3d:
         12:a2:fa:c1:3e:f0:5e:bb:be:18:d4:d2:c6:7b:e5:73:77:04:
         08:7f:c1:ea:9b:e7:48:93:65:6f:bf:c9:91:95:9d:0b:86:cc:
         e6:89:12:60:a7:54:52:e9:8e:f8:74:67:ed:c5:9e:38:ae:96:
         55:f0:8c:b5:4a:68:4e:a6:7d:58:2f:66:9e:f6:f7:19:a9:b6:
         37:35:db:3e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYSDLMwara7FNGT1c9J9V6wv1ESswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMTkwOTU4MTRaFw0yNTAzMTgxMDAzMTRaMDMxMTAvBgNV
BAMTKDE4Q0Y5NkQxODlDMjUwMTVENkQ0NTkyQjU5N0IwRUFBOTYyNjk5MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM9ZLL4dm2qaGgGzb0ejW3ODgc
zzZ8UIwS9DSfE2EkhgPVkt7S/70nYiljQuEb0k+fr341z817xJjC7MFbtZjRCmnG
1mXFoPW7963qRuVpsFIMBvvPsWam1a4L/dvI1YzSTpzSpYu6671evzoEZ6M1A/Wx
BmdETFZy0D1Y6X40Z8eqbRRnyae78GgD+h/XE93bzojb9oDArqX3NRkMRaxY0qlL
fGosPU3R9EvYh5gbTRq8QrifFOZsBUf+QAz1PDaBQCUrwrl18dPL0wBTSKG6F9B2
R/DNIsA+Y2/XSRoXscBXUKMkc7fzqJc9sv+OvW31sLltb7WmV8mRQn6IC2aDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGM+W0YnCUBXW1FkrWXsOqpYmmSIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzEzOTMwMmUzNzMy
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1C+
SDANBgkqhkiG9w0BAQsFAAOCAQEAjkiPW1e4SKoGEcwtt8KO4XM846eB+v8EvBQR
DH0Olr+4qSwV8c8EQoYVqBSnMsqD3bM3xanKD/9Yfe9RFpH7O02GKnsnYI9A9tRd
3HOigKaHVbDvkV+EAh7RzfBbSpsIDUOWAiq+lG9R59UNW92eywzTH7o5oUiBuA4T
DVMleMpjbAZD6d32EKtGQLYW/e/GxLQ1pDTKHWLszYcJ69mMvHNP9cZoZNdzPVj8
IZfTwJNCJqQ9EqL6wT7wXru+GNTSxnvlc3cECH/B6pvnSJNlb7/JkZWdC4bM5okS
YKdUUumO+HRn7cWeOK6WVfCMtUpoTqZ9WC9mnvb3Gam2NzXbPg==
-----END CERTIFICATE-----