Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa
File:                     38322e3139372e36342e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          b3HYxSq08kUXyudgqCMShVnddLOihiWGOit/giYgUDc=
Subject key identifier:   AE:21:64:E7:8F:9C:79:14:F2:F6:EE:47:9B:3D:13:BB:A2:E7:81:D5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6BF3D79393106BAB81F3C19C058BCCD01C179816
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa
Signing time:             Tue 18 Feb 2025 11:45:44 +0000
ROA not before:           Tue 18 Feb 2025 11:40:44 +0000
ROA not after:            Tue 17 Feb 2026 11:45:44 +0000
asID:                     40021
IP address blocks:        82.197.64.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:f3:d7:93:93:10:6b:ab:81:f3:c1:9c:05:8b:cc:d0:1c:17:98:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 18 11:40:44 2025 GMT
            Not After : Feb 17 11:45:44 2026 GMT
        Subject: CN=AE2164E78F9C7914F2F6EE479B3D13BBA2E781D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d8:d0:e9:43:99:d9:bb:08:ba:21:63:fc:a6:
                    e7:8e:71:0e:c9:6e:32:39:6d:ae:e6:c5:cf:b3:79:
                    77:bd:23:e3:00:95:c6:c8:57:2d:53:88:0a:ac:1f:
                    8e:02:a0:71:6e:d8:b7:ad:88:7c:48:45:80:c3:e0:
                    c1:36:52:ed:b3:6b:8c:04:56:e8:16:16:5b:c7:64:
                    37:cd:62:a1:46:0c:95:ec:47:8f:bf:79:51:4c:69:
                    ab:c0:c8:28:18:02:d0:ed:9c:7b:e9:48:6b:2a:8f:
                    68:0d:e2:7e:61:ef:5d:39:5a:3c:f6:73:7d:a4:a7:
                    21:b8:56:e1:30:b8:4d:58:aa:0e:08:41:2d:09:51:
                    fe:13:da:ef:06:a8:29:5e:8b:16:36:0f:fa:db:57:
                    b8:8e:ee:e3:69:3c:80:af:f7:c4:25:22:cf:81:df:
                    31:eb:a4:c1:9c:33:2d:11:ab:b5:02:bb:c9:0e:d4:
                    6b:4a:4c:9c:ed:73:4b:3a:c1:b7:3e:c8:18:e7:bd:
                    51:1d:39:ad:4c:0b:c6:a9:32:5b:01:4a:ae:0c:a5:
                    d0:2d:84:87:58:70:03:30:a7:e4:d4:2c:27:44:fa:
                    e1:90:2e:56:95:ec:08:e6:c7:e2:60:69:6f:c7:8e:
                    71:ba:1c:fc:ab:5e:27:d0:32:ec:7c:c8:a7:ea:3e:
                    c7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:21:64:E7:8F:9C:79:14:F2:F6:EE:47:9B:3D:13:BB:A2:E7:81:D5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:59:4e:40:00:27:5d:e4:3d:da:69:3c:95:a3:ff:e0:25:
         6c:56:9b:ae:7d:d7:8e:f5:ba:30:d5:64:ed:e2:01:f5:42:48:
         cd:86:fb:0f:3f:8a:1e:8b:c3:85:cb:5d:8a:1c:f4:1c:42:9f:
         15:08:37:d7:36:52:4f:87:be:53:95:4d:4f:8d:c7:81:3c:69:
         49:52:35:e0:5d:1f:a6:40:d9:08:dd:6a:dd:f8:e2:d1:68:c1:
         05:44:4d:0e:2b:eb:1a:75:5e:2a:87:1b:ab:23:fe:93:52:3e:
         bc:5c:4b:6a:7c:18:ac:99:10:c9:05:cb:c9:1c:02:43:42:3a:
         8a:b9:4e:82:60:31:34:45:12:85:41:07:4c:cf:b8:3f:a9:1b:
         3d:b9:2b:9f:8c:40:a2:79:ce:62:ae:63:61:bc:6e:42:11:ef:
         81:7c:29:fd:fc:3a:78:24:d0:58:a1:f0:b0:45:1d:89:f9:56:
         3d:5f:77:3f:fe:c7:27:a9:94:f9:0a:94:6b:fb:7a:8d:c9:29:
         a4:25:a0:be:0e:b1:9b:78:e8:83:99:b2:bd:76:31:8c:5a:31:
         36:c6:5d:1b:16:a5:be:aa:00:91:50:b0:e4:c2:62:25:a9:a4:
         49:df:c4:93:e3:b4:38:fd:79:f4:63:30:e4:e7:1f:65:d3:b8:
         98:3f:c2:d4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa/PXk5MQa6uB88GcBYvM0BwXmBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAyMTgxMTQwNDRaFw0yNjAyMTcxMTQ1NDRaMDMxMTAvBgNV
BAMTKEFFMjE2NEU3OEY5Qzc5MTRGMkY2RUU0NzlCM0QxM0JCQTJFNzgxRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK2NDpQ5nZuwi6IWP8pueOcQ7J
bjI5ba7mxc+zeXe9I+MAlcbIVy1TiAqsH44CoHFu2LetiHxIRYDD4ME2Uu2za4wE
VugWFlvHZDfNYqFGDJXsR4+/eVFMaavAyCgYAtDtnHvpSGsqj2gN4n5h7105Wjz2
c32kpyG4VuEwuE1Yqg4IQS0JUf4T2u8GqCleixY2D/rbV7iO7uNpPICv98QlIs+B
3zHrpMGcMy0Rq7UCu8kO1GtKTJztc0s6wbc+yBjnvVEdOa1MC8apMlsBSq4MpdAt
hIdYcAMwp+TULCdE+uGQLlaV7Ajmx+JgaW/HjnG6HPyrXifQMux8yKfqPsejAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUriFk54+ceRTy9u5Hmz0Tu6LngdUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzNjM0
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlLF
QDANBgkqhkiG9w0BAQsFAAOCAQEAPKBZTkAAJ13kPdppPJWj/+AlbFabrn3XjvW6
MNVk7eIB9UJIzYb7Dz+KHovDhctdihz0HEKfFQg31zZST4e+U5VNT43HgTxpSVI1
4F0fpkDZCN1q3fji0WjBBURNDivrGnVeKocbqyP+k1I+vFxLanwYrJkQyQXLyRwC
Q0I6irlOgmAxNEUShUEHTM+4P6kbPbkrn4xAonnOYq5jYbxuQhHvgXwp/fw6eCTQ
WKHwsEUdiflWPV93P/7HJ6mU+QqUa/t6jckppCWgvg6xm3jog5myvXYxjFoxNsZd
GxalvqoAkVCw5MJiJamkSd/Ek+O0OP159GMw5OcfZdO4mD/C1A==
-----END CERTIFICATE-----