Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32322e302f32342d3234203d3e20323038343238.roa
File:                     38302e37352e32322e302f32342d3234203d3e20323038343238.roa (raw, json)
Hash identifier:          uiPMZMkPci4anKfehGwafWAbZV+RwJJqKWpDMajPAK0=
Subject key identifier:   5E:08:BF:04:3A:8B:41:1C:67:63:2B:8E:1C:9D:A6:19:50:9F:30:D2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1413A5BDAC8DAFEA2CA789E0FCC0A22930B80159
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32322e302f32342d3234203d3e20323038343238.roa
Signing time:             Tue 02 Apr 2024 09:28:16 +0000
ROA not before:           Tue 02 Apr 2024 09:23:16 +0000
ROA not after:            Tue 01 Apr 2025 09:28:16 +0000
asID:                     208428
IP address blocks:        80.75.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:13:a5:bd:ac:8d:af:ea:2c:a7:89:e0:fc:c0:a2:29:30:b8:01:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  2 09:23:16 2024 GMT
            Not After : Apr  1 09:28:16 2025 GMT
        Subject: CN=5E08BF043A8B411C67632B8E1C9DA619509F30D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:46:b2:34:f9:c2:98:ea:20:79:20:e0:87:46:
                    29:75:27:6e:fa:5e:e9:be:41:fd:9a:2c:12:d8:84:
                    99:0e:2a:90:2e:5e:da:c0:25:47:6d:91:5e:97:98:
                    f3:01:e7:3b:7d:59:1f:e6:1e:2c:cd:16:6c:7d:5d:
                    88:e7:a0:53:8f:90:92:3a:de:89:24:45:b2:7d:88:
                    8c:cc:0f:d2:2a:f3:51:1b:91:4b:75:19:6e:de:e3:
                    4b:60:fc:0b:c8:60:75:ac:96:2d:14:50:43:e2:2f:
                    f7:b6:d7:b8:da:35:05:c8:5f:2c:51:57:67:9e:75:
                    9b:b6:21:f6:7b:23:ff:e9:2c:56:3f:f9:3b:e4:5c:
                    d2:79:77:73:89:92:f7:49:76:05:21:c3:fe:12:27:
                    76:66:6b:53:6a:a5:6e:12:df:63:f8:98:3b:03:ec:
                    be:03:f9:f4:e8:04:c1:43:49:01:ff:dd:3e:4d:9a:
                    63:e2:9e:76:f4:dc:0e:ec:50:92:3c:71:38:72:38:
                    12:a4:f7:cb:69:3e:20:18:c8:26:77:c9:07:a7:ca:
                    58:8a:2a:62:a8:73:c2:a1:99:ec:2b:01:dc:13:cd:
                    08:d0:e8:2e:f1:96:c4:41:99:2e:68:b9:5b:f9:b5:
                    60:7e:33:b7:52:ba:07:be:35:a6:ff:fd:03:0e:a6:
                    78:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:08:BF:04:3A:8B:41:1C:67:63:2B:8E:1C:9D:A6:19:50:9F:30:D2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32322e302f32342d3234203d3e20323038343238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:4d:55:90:e7:60:d4:67:1d:f4:45:94:09:f8:56:4a:d4:d0:
         ea:3c:e1:b1:06:08:3a:95:63:de:ce:38:e4:44:8d:89:79:73:
         48:e4:ec:8c:5c:9c:69:89:1d:cc:ac:0b:81:c9:4e:32:86:03:
         0e:7e:79:6b:af:5a:e0:8f:4d:f2:4d:7e:25:13:91:7c:12:ef:
         dd:3a:80:3e:bc:c5:49:12:75:f1:35:86:83:d3:70:64:8e:94:
         b4:9e:ad:34:e9:8a:cd:a9:5f:c9:35:4a:79:dd:36:59:c1:8a:
         b8:cc:63:d9:4f:92:f0:5d:cc:50:bb:8c:49:43:6d:33:ad:61:
         e6:b0:61:74:df:e3:cd:49:80:09:6e:3a:46:4a:97:cc:b0:3f:
         e4:34:d7:0c:16:a3:e1:a3:6f:e2:20:cf:63:d0:af:ab:40:79:
         e7:5c:0c:b3:d9:37:8f:ae:ef:d5:03:aa:53:95:ee:26:57:a9:
         ca:ed:04:44:23:15:11:97:54:13:eb:24:a4:4a:a1:8c:4c:25:
         f5:be:09:49:45:bf:ca:01:79:fc:f3:92:af:8c:08:85:a0:68:
         2a:ca:d4:91:18:32:80:b8:3c:87:34:bc:1a:2c:24:80:a0:d6:
         b9:6d:fe:1c:8a:49:5a:1a:39:da:8f:c6:b6:d6:5a:53:d8:29:
         07:d1:53:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFBOlvayNr+osp4ng/MCiKTC4AVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA0MDIwOTIzMTZaFw0yNTA0MDEwOTI4MTZaMDMxMTAvBgNV
BAMTKDVFMDhCRjA0M0E4QjQxMUM2NzYzMkI4RTFDOURBNjE5NTA5RjMwRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDRrI0+cKY6iB5IOCHRil1J276
Xum+Qf2aLBLYhJkOKpAuXtrAJUdtkV6XmPMB5zt9WR/mHizNFmx9XYjnoFOPkJI6
3okkRbJ9iIzMD9Iq81EbkUt1GW7e40tg/AvIYHWsli0UUEPiL/e217jaNQXIXyxR
V2eedZu2IfZ7I//pLFY/+TvkXNJ5d3OJkvdJdgUhw/4SJ3Zma1NqpW4S32P4mDsD
7L4D+fToBMFDSQH/3T5NmmPinnb03A7sUJI8cThyOBKk98tpPiAYyCZ3yQenyliK
KmKoc8KhmewrAdwTzQjQ6C7xlsRBmS5ouVv5tWB+M7dSuge+Nab//QMOpniDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXgi/BDqLQRxnYyuOHJ2mGVCfMNIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzIzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzODM0MzIzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
FjANBgkqhkiG9w0BAQsFAAOCAQEAWk1VkOdg1Gcd9EWUCfhWStTQ6jzhsQYIOpVj
3s445ESNiXlzSOTsjFycaYkdzKwLgclOMoYDDn55a69a4I9N8k1+JRORfBLv3TqA
PrzFSRJ18TWGg9NwZI6UtJ6tNOmKzalfyTVKed02WcGKuMxj2U+S8F3MULuMSUNt
M61h5rBhdN/jzUmACW46RkqXzLA/5DTXDBaj4aNv4iDPY9Cvq0B551wMs9k3j67v
1QOqU5XuJlepyu0ERCMVEZdUE+skpEqhjEwl9b4JSUW/ygF5/POSr4wIhaBoKsrU
kRgygLg8hzS8GiwkgKDWuW3+HIpJWho52o/GttZaU9gpB9FTPQ==
-----END CERTIFICATE-----