Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3230382e32302e302f32322d3332203d3e203531313637.roa
File:                     38322e3230382e32302e302f32322d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ek3HnXciylXbQyyV8QzCNAzXlDwn9juCLP8sicZWl2w=
Subject key identifier:   83:D5:CD:E1:18:94:F4:9E:FE:37:1A:8D:12:4D:19:45:12:CB:68:17
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       17791EE1A7DC35443F164B5FE84AA70A6603B34A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3230382e32302e302f32322d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:05 +0000
ROA not before:           Mon 26 Feb 2024 08:48:05 +0000
ROA not after:            Mon 24 Feb 2025 08:53:05 +0000
asID:                     51167
IP address blocks:        82.208.20.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:79:1e:e1:a7:dc:35:44:3f:16:4b:5f:e8:4a:a7:0a:66:03:b3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:05 2024 GMT
            Not After : Feb 24 08:53:05 2025 GMT
        Subject: CN=83D5CDE11894F49EFE371A8D124D194512CB6817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:44:3b:02:22:2a:a6:12:6d:26:61:ee:76:02:
                    1b:06:91:83:49:f7:e3:b0:9d:2c:6c:ae:f9:fb:a2:
                    ed:d9:dc:97:6f:c3:97:db:cd:56:53:66:f5:50:ac:
                    71:ec:df:6f:43:70:bb:f1:f6:1e:83:76:29:73:43:
                    ed:e3:59:01:8a:29:13:27:70:2c:d1:3e:b2:85:78:
                    32:46:2a:75:b6:22:6c:57:ad:02:57:f5:ae:1d:a7:
                    4b:ee:0c:0d:fb:0d:0b:43:7b:32:79:2d:68:83:1a:
                    ad:0d:96:53:53:18:7c:6d:d2:15:ae:18:b5:0c:8f:
                    7d:4c:e5:7e:08:7f:ec:a5:d0:45:89:d7:40:1d:75:
                    77:0f:eb:91:4e:d0:b8:86:84:1c:0c:01:b4:df:07:
                    86:e2:b1:79:b9:53:5e:1b:b1:d7:0f:18:36:c4:f4:
                    55:7c:63:f1:f2:20:10:e9:c4:55:54:e8:dd:b0:d0:
                    fa:da:7e:9f:db:b7:a4:c2:be:0b:e1:cc:2f:6f:91:
                    68:ce:71:ea:89:1d:ae:49:dd:5e:1e:c7:02:3e:28:
                    fb:f3:21:df:07:55:76:43:4a:a7:d1:4e:90:d4:a9:
                    6d:bc:0a:0c:30:ef:2d:de:ae:df:74:6f:8f:cb:cd:
                    39:bb:dd:46:66:30:7e:ba:99:53:57:f1:89:98:36:
                    57:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D5:CD:E1:18:94:F4:9E:FE:37:1A:8D:12:4D:19:45:12:CB:68:17
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3230382e32302e302f32322d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.208.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:16:41:50:d5:6b:93:92:ed:26:84:79:4b:eb:16:6a:86:b5:
         71:66:aa:28:4e:33:fd:72:91:d1:6c:68:45:56:03:1a:b2:9f:
         87:d1:d6:8d:68:c4:6f:55:c3:7c:f9:7c:6f:9f:a0:e6:14:79:
         9d:17:af:66:96:1a:f2:92:e0:c6:bd:9e:7f:8a:89:20:c0:29:
         18:8d:1f:c7:bb:95:ad:50:bd:c0:c6:52:a8:ae:e2:88:b8:99:
         60:76:53:73:7e:df:a1:62:fc:68:4e:b3:98:8c:08:55:2e:70:
         e1:f1:ab:7d:f0:f5:78:73:08:b1:7d:14:a9:1f:0e:78:7c:be:
         d1:7b:6c:ec:2a:e7:95:fe:f0:c3:d9:06:77:3a:0a:48:98:4f:
         b9:36:6c:ad:ef:62:88:ab:e2:d5:61:85:7a:65:c5:64:37:c4:
         6f:5b:de:be:f6:22:a1:8f:66:24:f1:4e:16:ce:a1:de:1b:ed:
         f1:43:68:0d:b8:e5:c8:d1:0d:80:1a:87:26:52:ce:24:be:e7:
         c2:bb:47:0d:49:52:54:26:19:4e:01:a6:28:1f:e1:09:f3:c3:
         0a:c7:14:b3:1a:9b:53:d4:67:52:a2:a8:1d:00:d3:ee:59:21:
         ca:dd:97:1e:90:e8:57:00:c6:35:ef:8f:f7:75:5e:4b:3a:2b:
         ca:ab:d0:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF3ke4afcNUQ/Fktf6EqnCmYDs0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDVaFw0yNTAyMjQwODUzMDVaMDMxMTAvBgNV
BAMTKDgzRDVDREUxMTg5NEY0OUVGRTM3MUE4RDEyNEQxOTQ1MTJDQjY4MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRDsCIiqmEm0mYe52AhsGkYNJ
9+OwnSxsrvn7ou3Z3Jdvw5fbzVZTZvVQrHHs329DcLvx9h6DdilzQ+3jWQGKKRMn
cCzRPrKFeDJGKnW2ImxXrQJX9a4dp0vuDA37DQtDezJ5LWiDGq0NllNTGHxt0hWu
GLUMj31M5X4If+yl0EWJ10AddXcP65FO0LiGhBwMAbTfB4bisXm5U14bsdcPGDbE
9FV8Y/HyIBDpxFVU6N2w0Prafp/bt6TCvgvhzC9vkWjOceqJHa5J3V4exwI+KPvz
Id8HVXZDSqfRTpDUqW28Cgww7y3ert90b4/LzTm73UZmMH66mVNX8YmYNle7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUg9XN4RiU9J7+NxqNEk0ZRRLLaBcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzIzMDM4MmUzMjMw
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlLQ
FDANBgkqhkiG9w0BAQsFAAOCAQEAKRZBUNVrk5LtJoR5S+sWaoa1cWaqKE4z/XKR
0WxoRVYDGrKfh9HWjWjEb1XDfPl8b5+g5hR5nRevZpYa8pLgxr2ef4qJIMApGI0f
x7uVrVC9wMZSqK7iiLiZYHZTc37foWL8aE6zmIwIVS5w4fGrffD1eHMIsX0UqR8O
eHy+0Xts7Crnlf7ww9kGdzoKSJhPuTZsre9iiKvi1WGFemXFZDfEb1vevvYioY9m
JPFOFs6h3hvt8UNoDbjlyNENgBqHJlLOJL7nwrtHDUlSVCYZTgGmKB/hCfPDCscU
sxqbU9RnUqKoHQDT7lkhyt2XHpDoVwDGNe+P93VeSzoryqvQqQ==
-----END CERTIFICATE-----