Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa
File:                     38302e37352e31382e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          8aFG6KTHOA2/RYcbuQY6pkSFfvajudKhki/37CrSoZ4=
Subject key identifier:   89:70:46:14:51:AE:00:8B:E8:8F:D4:A7:3D:76:E7:13:C0:90:D4:71
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       040AB2B84935E18C54519DD5D2DEA93B45BFCA64
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 04 Mar 2025 09:45:47 +0000
ROA not before:           Tue 04 Mar 2025 09:40:47 +0000
ROA not after:            Tue 03 Mar 2026 09:45:47 +0000
asID:                     206283
IP address blocks:        80.75.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:0a:b2:b8:49:35:e1:8c:54:51:9d:d5:d2:de:a9:3b:45:bf:ca:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  4 09:40:47 2025 GMT
            Not After : Mar  3 09:45:47 2026 GMT
        Subject: CN=8970461451AE008BE88FD4A73D76E713C090D471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d4:4b:5b:38:01:ba:15:a7:80:01:ca:d7:3b:
                    d4:1f:d8:6e:9c:e1:72:32:33:61:9b:db:ca:82:04:
                    43:1c:1a:ae:56:7d:47:dd:a1:67:50:2a:02:d0:11:
                    59:c1:ed:71:59:79:8c:cd:a7:32:d6:8c:7a:ec:9b:
                    78:fa:8e:d3:06:7a:92:2c:c8:75:1f:7d:8f:cd:22:
                    8e:7a:5d:fa:a1:a5:96:ab:a9:e4:b2:f3:64:f4:d1:
                    6e:fc:20:b4:00:a2:dc:47:88:6e:83:96:0d:49:7e:
                    40:6f:d5:ad:3c:bf:eb:01:95:2e:a8:4a:f8:16:01:
                    c7:ef:7e:97:de:31:ff:d4:07:ff:77:c4:59:64:5f:
                    0d:79:0f:80:f6:c8:18:07:f0:fc:f8:ad:95:19:33:
                    88:7f:47:b8:3d:3b:22:05:4a:92:13:6e:40:6d:96:
                    4f:a5:62:bb:6b:a4:19:5e:35:5a:50:c8:80:98:72:
                    3a:7e:dd:0f:a5:66:47:bf:c7:5c:13:85:63:86:fe:
                    db:e4:cd:15:0e:67:ed:47:39:3f:b9:c2:d9:b7:98:
                    64:e8:65:77:fb:c5:52:44:43:2b:b1:bd:d8:2c:01:
                    f3:0a:4d:05:26:26:e2:8d:d0:c7:5e:35:90:74:11:
                    e4:88:20:af:5f:1f:b5:21:72:67:91:bb:80:f3:5a:
                    c9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:70:46:14:51:AE:00:8B:E8:8F:D4:A7:3D:76:E7:13:C0:90:D4:71
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e3:00:22:83:70:da:f8:93:5e:0e:ac:ab:dc:17:cf:61:28:
         5f:f2:bb:dc:b4:c8:23:4a:bc:ff:02:a3:c8:da:64:d0:ae:cb:
         3d:9e:eb:20:9c:4c:2c:dc:e1:08:1f:ac:b6:7d:76:50:b9:39:
         b2:64:88:f0:d2:77:1b:52:de:9c:18:da:3c:ee:89:82:d6:5c:
         63:07:93:36:12:0f:0b:69:6b:b0:9f:fc:95:54:b0:8e:d2:6a:
         15:16:51:f0:70:50:15:a8:43:22:aa:51:de:92:11:b1:56:5e:
         a2:9b:70:08:71:13:79:67:54:73:94:d4:90:d9:4f:e5:2b:16:
         1d:7a:30:b1:0e:e7:4e:da:01:1f:b3:95:24:0c:06:b6:b4:fc:
         9e:c0:e5:ba:d7:d7:bb:2b:ea:c8:5e:e1:51:f5:35:2e:18:05:
         98:fa:e3:b8:77:4b:24:2b:40:40:f2:2d:cc:18:8a:c6:b7:c3:
         d0:cc:79:88:44:86:c1:b9:ae:b9:28:32:82:ef:8d:80:a6:0d:
         5c:db:4e:dc:d0:b0:99:ec:fe:1a:5e:a4:37:3b:1c:71:a1:e5:
         0a:85:17:36:87:9a:b3:af:e0:4c:17:ed:15:42:75:c9:68:ab:
         81:9e:73:28:7f:04:4b:fd:a9:a8:3f:66:94:45:c7:61:bb:90:
         15:00:91:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBAqyuEk14YxUUZ3V0t6pO0W/ymQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAzMDQwOTQwNDdaFw0yNjAzMDMwOTQ1NDdaMDMxMTAvBgNV
BAMTKDg5NzA0NjE0NTFBRTAwOEJFODhGRDRBNzNENzZFNzEzQzA5MEQ0NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ1EtbOAG6FaeAAcrXO9Qf2G6c
4XIyM2Gb28qCBEMcGq5WfUfdoWdQKgLQEVnB7XFZeYzNpzLWjHrsm3j6jtMGepIs
yHUffY/NIo56XfqhpZarqeSy82T00W78ILQAotxHiG6Dlg1JfkBv1a08v+sBlS6o
SvgWAcfvfpfeMf/UB/93xFlkXw15D4D2yBgH8Pz4rZUZM4h/R7g9OyIFSpITbkBt
lk+lYrtrpBleNVpQyICYcjp+3Q+lZke/x1wThWOG/tvkzRUOZ+1HOT+5wtm3mGTo
ZXf7xVJEQyuxvdgsAfMKTQUmJuKN0MdeNZB0EeSIIK9fH7UhcmeRu4DzWskLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiXBGFFGuAIvoj9SnPXbnE8CQ1HEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
EjANBgkqhkiG9w0BAQsFAAOCAQEAAOMAIoNw2viTXg6sq9wXz2EoX/K73LTII0q8
/wKjyNpk0K7LPZ7rIJxMLNzhCB+stn12ULk5smSI8NJ3G1LenBjaPO6JgtZcYweT
NhIPC2lrsJ/8lVSwjtJqFRZR8HBQFahDIqpR3pIRsVZeoptwCHETeWdUc5TUkNlP
5SsWHXowsQ7nTtoBH7OVJAwGtrT8nsDlutfXuyvqyF7hUfU1LhgFmPrjuHdLJCtA
QPItzBiKxrfD0Mx5iESGwbmuuSgygu+NgKYNXNtO3NCwmez+Gl6kNzsccaHlCoUX
Noeas6/gTBftFUJ1yWirgZ5zKH8ES/2pqD9mlEXHYbuQFQCRsg==
-----END CERTIFICATE-----