Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa
File:                     38302e37352e32302e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          +I6W/g2PxnDTi07fz04EyKLPr0fXmY3FCHCPxDrLpoE=
Subject key identifier:   26:2D:43:F2:51:CD:7D:A5:09:6C:16:22:55:72:1B:CE:17:85:40:B4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       200D986AE7A6CEAB71CB7D432C0F3C0534A7910E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 02 Apr 2024 09:27:49 +0000
ROA not before:           Tue 02 Apr 2024 09:22:49 +0000
ROA not after:            Tue 01 Apr 2025 09:27:49 +0000
asID:                     206283
IP address blocks:        80.75.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:0d:98:6a:e7:a6:ce:ab:71:cb:7d:43:2c:0f:3c:05:34:a7:91:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  2 09:22:49 2024 GMT
            Not After : Apr  1 09:27:49 2025 GMT
        Subject: CN=262D43F251CD7DA5096C162255721BCE178540B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:ca:a2:d6:97:2e:30:86:ea:d0:da:99:08:
                    39:c6:4a:85:4e:7a:5c:f6:7b:6b:94:dc:72:62:16:
                    0b:b5:0c:df:89:18:cf:38:58:5c:46:17:8e:14:6b:
                    3d:73:12:47:95:02:32:10:83:cd:79:9e:64:5b:a7:
                    f1:2b:9e:df:38:a5:17:7c:3f:78:4d:fb:9f:23:85:
                    be:58:b4:c7:63:cd:e0:a0:d8:e2:89:5e:a7:6f:7b:
                    87:a1:e1:cf:1c:74:e2:4f:f9:01:8f:b6:94:bb:b5:
                    5b:3e:7e:5d:33:fa:60:a0:63:91:f5:cb:d5:b0:eb:
                    7b:9c:5e:77:a5:c0:7b:fc:63:c2:42:2b:fb:15:85:
                    9d:64:32:88:29:fe:96:27:32:ff:fc:35:f7:64:56:
                    6a:ab:fc:cd:7e:88:30:59:f8:0d:74:01:54:1a:e7:
                    51:11:d1:a5:4e:ea:e2:f8:5d:6a:ba:4d:5b:1a:b9:
                    b2:8f:aa:82:89:a2:50:33:da:4a:1e:8d:e6:26:1d:
                    f0:8f:78:3e:83:84:07:bf:d8:c8:34:d0:15:f3:d7:
                    59:0c:6c:6b:ee:8b:7c:e8:4d:a9:e1:dd:f7:a2:1f:
                    ee:b0:3f:06:bc:c2:d0:d1:bf:41:ad:a9:3c:aa:50:
                    55:83:62:10:b1:c0:f1:46:7c:cb:e8:6a:7b:3e:9d:
                    80:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2D:43:F2:51:CD:7D:A5:09:6C:16:22:55:72:1B:CE:17:85:40:B4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:5e:99:d5:04:dc:81:aa:f0:85:c7:b2:df:66:d2:cc:36:f7:
         e0:2b:52:4e:bc:85:31:a0:55:51:65:0c:2e:cc:40:03:72:37:
         54:4b:fa:1d:f2:12:43:1c:e0:a8:24:29:30:2e:ee:b3:d3:e7:
         72:56:60:88:08:b0:a2:60:df:3b:94:93:e4:ab:2d:83:3c:9d:
         3f:c3:a0:92:55:87:2e:7c:b8:5e:e7:55:d1:19:f0:e6:01:4b:
         08:2e:4b:82:ed:b5:58:4c:90:73:bd:34:f8:de:0c:0a:13:0d:
         8a:a3:a5:95:5e:1a:89:09:95:7a:8d:92:3a:68:9a:82:f3:e2:
         68:47:e9:16:6c:07:d5:c3:e6:a1:21:57:27:dc:0e:e0:f7:bf:
         e8:58:47:2d:bd:09:1c:3e:ae:08:51:a3:de:46:a0:5a:ff:a8:
         23:5b:fa:f1:a1:f1:5a:5b:5d:fe:6c:3a:4f:55:eb:90:e5:c0:
         4f:96:08:35:03:76:15:c7:4f:25:63:19:3f:94:53:d6:1d:9e:
         76:2d:35:e0:ec:20:f5:2d:1f:f1:bc:03:47:69:12:dc:25:5f:
         82:d0:f8:2b:09:3e:cc:e6:5f:42:ff:c9:06:04:66:41:8b:15:
         b6:53:ce:52:39:09:83:3c:9c:44:f9:0b:97:bc:8c:3f:e3:c0:
         bf:21:c9:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIA2Yauemzqtxy31DLA88BTSnkQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDIwOTIyNDlaFw0yNTA0MDEwOTI3NDlaMDMxMTAvBgNV
BAMTKDI2MkQ0M0YyNTFDRDdEQTUwOTZDMTYyMjU1NzIxQkNFMTc4NTQwQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUZMqi1pcuMIbq0NqZCDnGSoVO
elz2e2uU3HJiFgu1DN+JGM84WFxGF44Uaz1zEkeVAjIQg815nmRbp/Ernt84pRd8
P3hN+58jhb5YtMdjzeCg2OKJXqdve4eh4c8cdOJP+QGPtpS7tVs+fl0z+mCgY5H1
y9Ww63ucXnelwHv8Y8JCK/sVhZ1kMogp/pYnMv/8NfdkVmqr/M1+iDBZ+A10AVQa
51ER0aVO6uL4XWq6TVsaubKPqoKJolAz2koejeYmHfCPeD6DhAe/2Mg00BXz11kM
bGvui3zoTanh3feiH+6wPwa8wtDRv0GtqTyqUFWDYhCxwPFGfMvoans+nYCxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJi1D8lHNfaUJbBYiVXIbzheFQLQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzIzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
FDANBgkqhkiG9w0BAQsFAAOCAQEAMF6Z1QTcgarwhcey32bSzDb34CtSTryFMaBV
UWUMLsxAA3I3VEv6HfISQxzgqCQpMC7us9PnclZgiAiwomDfO5ST5KstgzydP8Og
klWHLny4XudV0Rnw5gFLCC5Lgu21WEyQc700+N4MChMNiqOllV4aiQmVeo2SOmia
gvPiaEfpFmwH1cPmoSFXJ9wO4Pe/6FhHLb0JHD6uCFGj3kagWv+oI1v68aHxWltd
/mw6T1XrkOXAT5YINQN2FcdPJWMZP5RT1h2edi014Owg9S0f8bwDR2kS3CVfgtD4
Kwk+zOZfQv/JBgRmQYsVtlPOUjkJgzycRPkLl7yMP+PAvyHJZA==
-----END CERTIFICATE-----