Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa
File:                     38302e37352e31382e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          hmQpuW7W8ABZGDbOBN8tfOAhLSgxhCmnSE46zhhxW9A=
Subject key identifier:   D5:AB:D8:B3:C1:EB:D5:9A:87:E7:E1:D9:C9:6C:70:D8:19:AB:67:EC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2149D968360E1FDA86F836E752ABE87AEA343178
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 02 Apr 2024 09:27:25 +0000
ROA not before:           Tue 02 Apr 2024 09:22:25 +0000
ROA not after:            Tue 01 Apr 2025 09:27:25 +0000
asID:                     206283
IP address blocks:        80.75.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:49:d9:68:36:0e:1f:da:86:f8:36:e7:52:ab:e8:7a:ea:34:31:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  2 09:22:25 2024 GMT
            Not After : Apr  1 09:27:25 2025 GMT
        Subject: CN=D5ABD8B3C1EBD59A87E7E1D9C96C70D819AB67EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:76:90:cf:3f:c5:a1:e0:a5:94:9e:c8:cb:92:
                    cd:ac:7e:f1:04:38:66:19:a2:94:47:0d:00:53:18:
                    f6:9a:4b:2f:29:8a:38:47:67:06:8b:14:3b:7b:c0:
                    88:68:3f:a7:c6:4e:a5:82:d4:37:69:b4:eb:56:39:
                    fd:76:47:fe:88:a4:f8:8b:97:7e:71:4d:af:c6:f3:
                    eb:08:2c:d4:22:69:a1:b6:60:ae:cb:ac:9f:f8:e1:
                    bf:39:c7:35:85:53:44:e5:dd:e1:3f:db:9c:da:4b:
                    22:39:6a:84:ff:b8:fb:38:90:35:1b:40:d8:79:91:
                    4f:4f:c7:80:98:df:99:db:c1:c0:5d:a9:45:99:6f:
                    1f:e2:98:4f:02:49:10:63:3f:aa:1a:16:30:da:9b:
                    09:c1:c2:3b:54:91:8d:c0:17:93:67:01:84:98:0b:
                    28:48:35:eb:c6:2e:27:45:ad:b0:7a:e3:e9:97:a6:
                    cf:b4:20:ad:e7:f3:61:bb:fb:e3:e8:94:bf:18:89:
                    c7:cc:8e:f7:49:c6:38:d7:b9:06:37:95:2a:89:4a:
                    fa:43:5c:57:25:e6:8b:bb:11:0e:0e:13:f5:23:46:
                    dd:c0:2f:93:c8:89:06:69:44:cb:bd:fb:1c:a4:cc:
                    c8:47:5d:d7:6c:7e:74:64:d2:b9:72:c4:db:ea:59:
                    31:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AB:D8:B3:C1:EB:D5:9A:87:E7:E1:D9:C9:6C:70:D8:19:AB:67:EC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e31382e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b0:71:5e:22:58:22:1f:36:86:8e:cd:2d:5c:3d:ec:e8:c0:
         23:f7:a0:6f:42:1a:3d:ff:f2:bd:ee:d2:63:2b:9f:9c:4e:a3:
         4a:d1:48:4c:9e:f5:67:13:86:b4:b0:26:c0:fa:0b:7b:69:ab:
         ab:1f:56:7e:79:c0:3b:f0:6a:26:a9:2f:06:67:8c:c4:78:c6:
         75:c5:e8:cf:89:10:d1:d0:1a:9c:c7:0a:fd:04:25:41:20:36:
         c7:d5:f5:74:4b:c5:2d:31:66:3a:18:26:1a:aa:a2:fa:0d:69:
         22:f4:3d:f0:d0:ed:83:1c:4c:a2:b1:0e:61:56:65:76:a5:26:
         92:48:c4:77:1d:49:23:da:0b:19:e6:8d:cd:8f:4c:30:fe:7e:
         22:e5:7a:0e:d6:74:da:90:31:58:66:43:e4:bf:01:c8:73:55:
         de:b8:ed:a1:7c:a2:6d:23:e7:76:a9:2e:f7:fd:9d:33:66:35:
         c0:68:e7:d5:c9:76:f9:6a:a1:7d:5c:da:66:41:f6:1b:37:b6:
         1b:a4:b1:25:87:2e:ec:09:88:60:5b:b9:ad:50:57:5e:82:78:
         46:ff:76:52:90:24:20:55:69:66:3e:a9:43:71:06:54:0e:53:
         47:72:e5:ff:6c:4f:56:38:70:ca:71:08:85:a5:4d:48:9d:98:
         e5:83:6e:4d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIUnZaDYOH9qG+DbnUqvoeuo0MXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDIwOTIyMjVaFw0yNTA0MDEwOTI3MjVaMDMxMTAvBgNV
BAMTKEQ1QUJEOEIzQzFFQkQ1OUE4N0U3RTFEOUM5NkM3MEQ4MTlBQjY3RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCadpDPP8Wh4KWUnsjLks2sfvEE
OGYZopRHDQBTGPaaSy8pijhHZwaLFDt7wIhoP6fGTqWC1DdptOtWOf12R/6IpPiL
l35xTa/G8+sILNQiaaG2YK7LrJ/44b85xzWFU0Tl3eE/25zaSyI5aoT/uPs4kDUb
QNh5kU9Px4CY35nbwcBdqUWZbx/imE8CSRBjP6oaFjDamwnBwjtUkY3AF5NnAYSY
CyhINevGLidFrbB64+mXps+0IK3n82G7++PolL8YicfMjvdJxjjXuQY3lSqJSvpD
XFcl5ou7EQ4OE/UjRt3AL5PIiQZpRMu9+xykzMhHXddsfnRk0rlyxNvqWTHxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1avYs8Hr1ZqH5+HZyWxw2BmrZ+wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
EjANBgkqhkiG9w0BAQsFAAOCAQEAQ7BxXiJYIh82ho7NLVw97OjAI/egb0IaPf/y
ve7SYyufnE6jStFITJ71ZxOGtLAmwPoLe2mrqx9WfnnAO/BqJqkvBmeMxHjGdcXo
z4kQ0dAanMcK/QQlQSA2x9X1dEvFLTFmOhgmGqqi+g1pIvQ98NDtgxxMorEOYVZl
dqUmkkjEdx1JI9oLGeaNzY9MMP5+IuV6DtZ02pAxWGZD5L8ByHNV3rjtoXyibSPn
dqku9/2dM2Y1wGjn1cl2+WqhfVzaZkH2Gze2G6SxJYcu7AmIYFu5rVBXXoJ4Rv92
UpAkIFVpZj6pQ3EGVA5TR3Ll/2xPVjhwynEIhaVNSJ2Y5YNuTQ==
-----END CERTIFICATE-----