Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa
File:                     38322e3139372e38382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          kg9dcaNcMOxz3wUpN9o2zdq1z9waGNrs2fc+OH04q/s=
Subject key identifier:   9C:D2:B1:40:B0:88:FB:2B:14:32:CD:58:07:A5:0F:B6:B2:EC:D4:F9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       286307BC5EEA22AB181408D39A34F43A474A115F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:17 +0000
ROA not before:           Thu 15 May 2025 10:41:17 +0000
ROA not after:            Thu 14 May 2026 10:46:17 +0000
asID:                     47583
IP address blocks:        82.197.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:63:07:bc:5e:ea:22:ab:18:14:08:d3:9a:34:f4:3a:47:4a:11:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:17 2025 GMT
            Not After : May 14 10:46:17 2026 GMT
        Subject: CN=9CD2B140B088FB2B1432CD5807A50FB6B2ECD4F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:73:6f:ec:d5:16:d6:c0:ec:46:fe:ca:3f:69:
                    ba:3e:bc:07:86:1a:f4:fd:10:40:3e:f5:12:85:f3:
                    89:2b:aa:3e:dc:d2:61:24:45:4b:58:33:86:ee:74:
                    7e:bc:61:95:03:b5:8d:39:2c:e5:d3:ac:a3:59:49:
                    d0:a9:47:76:ab:15:c6:ae:0f:e2:b6:6e:53:b8:83:
                    5c:17:67:59:a6:8a:f4:d2:d5:f1:12:75:32:54:c2:
                    d8:ca:3b:98:e2:ef:b6:ba:18:cb:96:a6:3a:7f:b7:
                    c0:dd:e6:f9:fe:e2:ab:75:38:cc:c4:76:84:88:f5:
                    39:1b:d2:c5:d3:aa:5b:a2:2a:e7:66:fe:51:bb:6f:
                    49:51:b9:ba:82:8d:e3:93:3b:53:95:d0:6e:94:54:
                    67:65:b5:7c:ef:f1:c8:46:bd:a1:2b:74:94:aa:3a:
                    41:ee:d2:1b:77:cf:21:04:b0:35:5b:db:b0:87:57:
                    00:fe:af:2e:06:6d:17:a5:f7:0a:d7:2d:0b:de:9e:
                    25:54:7e:03:b4:33:07:bd:13:f9:ed:f9:68:d8:14:
                    8c:29:f5:c4:fe:53:d9:7c:3d:dd:6c:35:17:4c:8d:
                    42:1d:ed:69:0b:42:b4:c6:66:2a:b7:4b:a6:36:2f:
                    37:2f:47:10:d0:c0:eb:5b:a0:c3:76:bf:11:75:8d:
                    95:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D2:B1:40:B0:88:FB:2B:14:32:CD:58:07:A5:0F:B6:B2:EC:D4:F9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6b:c0:a8:df:26:33:f1:be:ab:ed:20:e0:3d:e3:13:79:c4:4f:
         d8:5b:60:47:66:4e:20:f1:89:ad:77:4d:2f:b2:06:b0:2c:a1:
         5c:38:4f:59:d6:70:a3:97:33:d6:6f:59:88:6e:6c:41:46:5b:
         4d:3b:b6:8a:03:20:7a:16:8d:4b:ce:b7:7e:7d:0c:10:12:1e:
         7e:c1:e8:de:74:95:99:bb:c4:5f:4d:8f:8b:ca:28:18:0f:3a:
         9c:6c:6d:5d:1b:a8:c8:f6:55:2d:2e:c9:9d:da:c1:e9:dc:c8:
         9d:85:f2:3d:d5:4f:80:b6:d2:e6:c6:08:fd:25:97:d7:e2:f3:
         1c:c0:30:00:0f:30:e1:c4:56:37:a8:f6:08:12:4f:51:cf:a7:
         a0:87:3e:bf:d4:f3:1e:27:03:df:dd:59:46:69:0b:1e:a4:10:
         ab:7b:f8:a3:de:c2:79:8f:1b:ba:0c:21:ef:57:be:4d:fc:bb:
         b5:49:9d:a0:71:1f:0f:0f:4d:6a:d3:db:4f:3b:df:3d:9a:21:
         8b:ee:fb:2b:d4:4f:21:5a:d0:8e:60:de:8b:4d:fe:6a:b5:e3:
         38:97:90:6d:99:82:42:d0:a5:7c:d0:63:7c:a1:6e:f8:e6:9d:
         c0:1b:56:86:a5:0c:71:ad:81:bc:8a:25:db:00:00:14:ac:7e:
         3c:48:02:4a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKGMHvF7qIqsYFAjTmjT0OkdKEV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTdaFw0yNjA1MTQxMDQ2MTdaMDMxMTAvBgNV
BAMTKDlDRDJCMTQwQjA4OEZCMkIxNDMyQ0Q1ODA3QTUwRkI2QjJFQ0Q0RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDac2/s1RbWwOxG/so/abo+vAeG
GvT9EEA+9RKF84krqj7c0mEkRUtYM4budH68YZUDtY05LOXTrKNZSdCpR3arFcau
D+K2blO4g1wXZ1mmivTS1fESdTJUwtjKO5ji77a6GMuWpjp/t8Dd5vn+4qt1OMzE
doSI9Tkb0sXTqluiKudm/lG7b0lRubqCjeOTO1OV0G6UVGdltXzv8chGvaErdJSq
OkHu0ht3zyEEsDVb27CHVwD+ry4GbRel9wrXLQveniVUfgO0Mwe9E/nt+WjYFIwp
9cT+U9l8Pd1sNRdMjUId7WkLQrTGZiq3S6Y2LzcvRxDQwOtboMN2vxF1jZU9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnNKxQLCI+ysUMs1YB6UPtrLs1PkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1LF
WDANBgkqhkiG9w0BAQsFAAOCAQEAa8Co3yYz8b6r7SDgPeMTecRP2FtgR2ZOIPGJ
rXdNL7IGsCyhXDhPWdZwo5cz1m9ZiG5sQUZbTTu2igMgehaNS863fn0MEBIefsHo
3nSVmbvEX02Pi8ooGA86nGxtXRuoyPZVLS7JndrB6dzInYXyPdVPgLbS5sYI/SWX
1+LzHMAwAA8w4cRWN6j2CBJPUc+noIc+v9TzHicD391ZRmkLHqQQq3v4o97CeY8b
ugwh71e+Tfy7tUmdoHEfDw9NatPbTzvfPZohi+77K9RPIVrQjmDei03+arXjOJeQ
bZmCQtClfNBjfKFu+OadwBtWhqUMca2BvIol2wAAFKx+PEgCSg==
-----END CERTIFICATE-----