Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa
File:                     38322e3139372e38382e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          QWQ49Z7LwqSbz7qc7nnqQ/FV5Hn+bdrzPfZHlIkLWrU=
Subject key identifier:   AE:DC:1B:01:C5:62:12:4C:66:46:46:97:F2:AD:4F:67:75:F6:EB:B5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       25B0271A9F9061E172DFB0F94F58E0ED38CE2AF4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:40:57 +0000
ROA not before:           Thu 13 Jun 2024 10:35:57 +0000
ROA not after:            Thu 12 Jun 2025 10:40:57 +0000
asID:                     47583
IP address blocks:        82.197.88.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b0:27:1a:9f:90:61:e1:72:df:b0:f9:4f:58:e0:ed:38:ce:2a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:35:57 2024 GMT
            Not After : Jun 12 10:40:57 2025 GMT
        Subject: CN=AEDC1B01C562124C66464697F2AD4F6775F6EBB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:07:ca:de:5a:8e:ed:c8:55:d9:eb:61:5e:72:
                    4c:8b:04:2a:9c:36:04:d7:44:98:00:9e:e7:c1:9e:
                    7f:7a:b7:38:fd:44:80:dc:bf:cf:e3:d9:d7:84:4e:
                    dc:dd:fa:9d:2d:37:c9:f2:db:85:ae:78:ce:46:1d:
                    c6:8f:dd:e8:37:ca:3a:4c:23:67:a3:cd:35:1d:d4:
                    6a:32:57:7f:27:7d:e8:c4:33:73:ff:47:29:b3:27:
                    75:b2:df:63:4a:27:eb:2e:c4:22:6f:96:00:94:79:
                    50:83:ca:6d:64:56:1a:ee:d7:86:2e:64:03:cd:90:
                    b7:eb:29:9a:65:3a:b2:d7:8d:8e:20:39:c8:e4:82:
                    71:de:85:1a:aa:e9:46:f1:d5:7d:99:c7:e5:01:17:
                    f3:74:bc:b7:25:65:62:81:c8:60:ec:06:ca:3f:e4:
                    d2:09:bc:4c:99:9f:64:2b:37:57:d0:a6:3d:c5:47:
                    c3:b5:23:5c:e2:6b:89:69:c5:6c:99:95:3e:e0:8d:
                    c1:c7:87:4d:a8:a8:cb:c2:a4:ff:4c:d1:8a:03:06:
                    05:be:b0:4f:09:19:98:ed:cc:b6:5b:92:5f:dc:c9:
                    73:a1:64:0f:7f:e9:3e:9f:bf:95:cc:fa:ba:c3:1e:
                    a9:33:e4:b1:95:d1:65:52:bf:5a:e8:fe:eb:f0:fe:
                    28:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DC:1B:01:C5:62:12:4C:66:46:46:97:F2:AD:4F:67:75:F6:EB:B5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e38382e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:3d:2a:b5:cc:09:53:95:73:f7:90:15:53:01:1b:a0:5a:7c:
         57:8b:80:52:6d:88:e8:26:c0:49:de:28:8b:a2:bb:7a:37:30:
         34:4d:16:72:a0:93:51:43:a3:9e:03:88:3e:c6:39:7b:32:a2:
         3a:4a:59:82:3f:e0:2a:ff:1e:17:76:16:18:ea:0b:73:08:5f:
         94:1b:a4:4d:c0:2c:2b:09:de:26:e2:e1:eb:32:2d:d6:a5:6d:
         85:20:1f:f3:9a:49:86:7a:fb:3a:cf:23:1b:eb:0a:02:cd:28:
         03:ba:e3:61:2c:9a:86:d3:53:92:28:df:08:24:ef:63:c4:a7:
         e6:71:13:ad:2e:04:34:0e:28:49:40:9a:db:90:37:5a:e6:14:
         c4:55:21:b2:aa:71:99:0e:1f:33:c2:e8:e4:9b:30:66:76:06:
         07:0b:7f:13:1c:6d:f4:a5:0f:78:dc:0f:51:9d:89:76:a7:ac:
         90:5f:f7:28:ad:4a:91:e7:44:a7:dc:c5:47:ae:a3:40:d0:45:
         c6:ad:dc:fd:2d:28:68:1f:a1:d5:c6:71:ee:5b:be:94:cb:bb:
         23:60:28:0c:22:77:c0:89:0e:b2:7e:87:72:29:5f:55:6b:5d:
         10:ab:c5:2b:26:9d:81:11:d1:37:6b:78:af:30:2b:71:6d:22:
         e0:72:0c:c7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJbAnGp+QYeFy37D5T1jg7TjOKvQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM1NTdaFw0yNTA2MTIxMDQwNTdaMDMxMTAvBgNV
BAMTKEFFREMxQjAxQzU2MjEyNEM2NjQ2NDY5N0YyQUQ0RjY3NzVGNkVCQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCB8reWo7tyFXZ62FeckyLBCqc
NgTXRJgAnufBnn96tzj9RIDcv8/j2deETtzd+p0tN8ny24WueM5GHcaP3eg3yjpM
I2ejzTUd1GoyV38nfejEM3P/RymzJ3Wy32NKJ+suxCJvlgCUeVCDym1kVhru14Yu
ZAPNkLfrKZplOrLXjY4gOcjkgnHehRqq6Ubx1X2Zx+UBF/N0vLclZWKByGDsBso/
5NIJvEyZn2QrN1fQpj3FR8O1I1zia4lpxWyZlT7gjcHHh02oqMvCpP9M0YoDBgW+
sE8JGZjtzLZbkl/cyXOhZA9/6T6fv5XM+rrDHqkz5LGV0WVSv1ro/uvw/iiZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrtwbAcViEkxmRkaX8q1PZ3X267UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1LF
WDANBgkqhkiG9w0BAQsFAAOCAQEAgz0qtcwJU5Vz95AVUwEboFp8V4uAUm2I6CbA
Sd4oi6K7ejcwNE0WcqCTUUOjngOIPsY5ezKiOkpZgj/gKv8eF3YWGOoLcwhflBuk
TcAsKwneJuLh6zIt1qVthSAf85pJhnr7Os8jG+sKAs0oA7rjYSyahtNTkijfCCTv
Y8Sn5nETrS4ENA4oSUCa25A3WuYUxFUhsqpxmQ4fM8Lo5JswZnYGBwt/Exxt9KUP
eNwPUZ2JdqeskF/3KK1KkedEp9zFR66jQNBFxq3c/S0oaB+h1cZx7lu+lMu7I2Ao
DCJ3wIkOsn6HcilfVWtdEKvFKyadgRHRN2t4rzArcW0i4HIMxw==
-----END CERTIFICATE-----