Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa
File:                     38342e33392e3134342e302f32322d3234203d3e203630363634.roa (raw, json)
Hash identifier:          HEZpOn0F4kXYYp0sFTXbp7hbZVEOrDWVj9P9HAqqOy4=
Subject key identifier:   17:C8:4B:95:53:6F:2E:F5:DC:A6:4A:08:F4:A9:44:C6:9E:E2:F8:4E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0B502568E1226594562B905463DE1B1384BA50F2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa
Signing time:             Fri 23 May 2025 17:46:27 +0000
ROA not before:           Fri 23 May 2025 17:41:27 +0000
ROA not after:            Fri 22 May 2026 17:46:27 +0000
asID:                     60664
IP address blocks:        84.39.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:50:25:68:e1:22:65:94:56:2b:90:54:63:de:1b:13:84:ba:50:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 23 17:41:27 2025 GMT
            Not After : May 22 17:46:27 2026 GMT
        Subject: CN=17C84B95536F2EF5DCA64A08F4A944C69EE2F84E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:1d:92:2a:b6:cd:d7:49:96:f0:00:3d:12:
                    f9:f7:43:8c:6c:00:8d:d2:cc:8c:a3:76:9b:b3:a7:
                    d6:14:01:ec:9a:8c:71:3e:51:14:f0:89:b4:38:53:
                    8c:51:d9:ab:1a:7b:0d:bf:f7:f6:fd:0b:86:7b:52:
                    2e:d8:28:aa:a7:b7:e9:00:40:22:5d:06:6f:41:9d:
                    29:bc:0b:7a:3e:70:59:9d:54:01:60:2a:f9:e7:d2:
                    cb:af:77:e9:c7:91:11:4d:62:8c:f8:04:8d:f9:20:
                    b3:f9:fa:23:9d:e8:29:c1:fc:29:c1:ec:7f:bc:f0:
                    0a:98:9d:e0:13:d4:0c:4e:0a:1d:77:82:ae:59:05:
                    c5:6f:0d:e4:03:e0:5f:b6:e4:4d:c2:fd:70:36:22:
                    87:07:e7:3c:15:56:ff:ac:eb:e3:0f:c7:1a:4e:2f:
                    e4:e0:fb:0d:ca:82:5a:dc:ae:a0:5a:e8:98:29:19:
                    f0:25:bd:df:20:33:a7:4c:5d:c4:57:a0:c8:76:30:
                    10:6c:05:7b:de:54:1d:29:54:38:f9:f7:79:7d:88:
                    63:d4:7c:5e:f1:b8:cc:02:47:69:ff:f6:0f:2f:50:
                    6d:bf:ff:57:b3:a1:6c:82:68:64:cf:e8:19:10:1f:
                    3a:23:1b:06:2e:e5:ec:4f:b0:52:7f:50:72:3c:38:
                    24:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C8:4B:95:53:6F:2E:F5:DC:A6:4A:08:F4:A9:44:C6:9E:E2:F8:4E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:2c:fc:bb:99:c8:95:22:de:33:1a:11:6d:02:04:86:02:11:
         f6:7b:8d:28:27:62:40:eb:7d:4e:35:a1:ab:be:99:d1:4e:27:
         58:36:e0:e4:b5:24:67:fd:d9:57:dc:6c:fb:3f:25:a3:ba:07:
         4a:f7:13:41:2d:06:05:57:59:73:3c:00:e2:27:3d:6e:87:ee:
         b3:42:c5:6a:14:31:80:58:b0:e3:ca:bd:b0:c3:40:0b:e0:7a:
         20:b6:e3:6f:38:1f:22:45:44:63:3f:9f:a4:ba:6b:50:2b:18:
         21:b8:7a:7f:36:37:6e:3b:de:b9:88:37:04:f5:5c:61:f2:84:
         c8:f1:ed:6d:0b:5e:5c:01:a8:11:c6:c7:2c:a9:d1:85:ab:2a:
         3b:59:50:c6:4c:06:52:9a:bf:8b:2d:4e:db:6c:9e:2b:00:97:
         8a:ab:0a:7f:53:1f:6d:46:88:1d:56:8a:71:12:26:14:f3:46:
         ac:80:2f:70:dd:6c:3a:9e:bb:1c:2a:ab:f7:ed:73:e8:2b:64:
         28:64:1d:9c:7a:6c:49:56:e7:52:f4:81:58:02:16:fd:c7:2f:
         12:86:92:37:41:97:1c:e0:f5:d1:dd:b4:64:65:3f:e9:5e:69:
         20:af:94:3f:e6:6a:b9:7f:a3:ca:7f:67:ec:54:54:75:10:a5:
         e4:4e:bd:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC1AlaOEiZZRWK5BUY94bE4S6UPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjMxNzQxMjdaFw0yNjA1MjIxNzQ2MjdaMDMxMTAvBgNV
BAMTKDE3Qzg0Qjk1NTM2RjJFRjVEQ0E2NEEwOEY0QTk0NEM2OUVFMkY4NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iB2SKrbN10mW8AA9Evn3Q4xs
AI3SzIyjdpuzp9YUAeyajHE+URTwibQ4U4xR2asaew2/9/b9C4Z7Ui7YKKqnt+kA
QCJdBm9BnSm8C3o+cFmdVAFgKvnn0suvd+nHkRFNYoz4BI35ILP5+iOd6CnB/CnB
7H+88AqYneAT1AxOCh13gq5ZBcVvDeQD4F+25E3C/XA2IocH5zwVVv+s6+MPxxpO
L+Tg+w3KglrcrqBa6JgpGfAlvd8gM6dMXcRXoMh2MBBsBXveVB0pVDj593l9iGPU
fF7xuMwCR2n/9g8vUG2//1ezoWyCaGTP6BkQHzojGwYu5exPsFJ/UHI8OCSLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUF8hLlVNvLvXcpkoI9KlExp7i+E4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzYzMDM2MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlQn
kDANBgkqhkiG9w0BAQsFAAOCAQEAWiz8u5nIlSLeMxoRbQIEhgIR9nuNKCdiQOt9
TjWhq76Z0U4nWDbg5LUkZ/3ZV9xs+z8lo7oHSvcTQS0GBVdZczwA4ic9bofus0LF
ahQxgFiw48q9sMNAC+B6ILbjbzgfIkVEYz+fpLprUCsYIbh6fzY3bjveuYg3BPVc
YfKEyPHtbQteXAGoEcbHLKnRhasqO1lQxkwGUpq/iy1O22yeKwCXiqsKf1MfbUaI
HVaKcRImFPNGrIAvcN1sOp67HCqr9+1z6CtkKGQdnHpsSVbnUvSBWAIW/ccvEoaS
N0GXHOD10d20ZGU/6V5pIK+UP+ZquX+jyn9n7FRUdRCl5E69Rw==
-----END CERTIFICATE-----