Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa
File:                     38342e33392e3134342e302f32322d3234203d3e203630363634.roa (raw, json)
Hash identifier:          IkNAkZcEvgf2Qmj+6M3BD6Cb5EVuY5H87ONnQMEKS9E=
Subject key identifier:   43:60:B0:2E:5F:11:AB:F3:B9:3B:57:65:BC:AF:5F:E8:6A:4C:56:22
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A4718B0309C8DD2B7FD5790A6001E375D52FEBE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa
Signing time:             Fri 21 Jun 2024 17:04:02 +0000
ROA not before:           Fri 21 Jun 2024 16:59:02 +0000
ROA not after:            Fri 20 Jun 2025 17:04:02 +0000
asID:                     60664
IP address blocks:        84.39.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:47:18:b0:30:9c:8d:d2:b7:fd:57:90:a6:00:1e:37:5d:52:fe:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 21 16:59:02 2024 GMT
            Not After : Jun 20 17:04:02 2025 GMT
        Subject: CN=4360B02E5F11ABF3B93B5765BCAF5FE86A4C5622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e2:9e:04:12:77:c2:a3:24:ed:1d:c6:5c:cf:
                    09:18:1d:e6:c1:b1:ad:d1:6c:61:dc:5c:6a:f8:86:
                    84:86:a5:64:ac:f9:32:b2:20:ab:3e:8a:39:67:ce:
                    d2:1d:4a:95:f0:f4:d4:af:fe:58:12:25:3e:18:d7:
                    dd:0f:26:bf:cf:15:7f:7a:2b:b3:6e:8a:67:a7:8e:
                    5c:b0:8c:87:4b:ed:1e:c5:83:9d:05:30:49:66:38:
                    4a:3a:67:98:d8:35:67:be:59:e7:d4:e4:35:25:d9:
                    9e:69:70:95:a4:7c:7a:98:43:7c:9d:74:a2:66:7b:
                    a5:40:23:5d:20:6c:46:aa:75:fb:6e:b1:e0:d3:e0:
                    a9:10:38:98:3c:dc:5a:cb:6e:8a:91:73:c8:19:91:
                    ef:98:32:0d:30:eb:3b:6a:43:26:4a:21:0c:cc:ea:
                    01:b5:5d:71:de:0c:fb:c8:20:99:53:ca:34:02:bf:
                    f5:23:34:a0:84:cd:78:1b:79:09:c8:8e:83:fa:33:
                    74:7a:70:05:4c:34:de:ff:92:62:67:25:9c:4c:46:
                    23:54:89:e5:47:85:bb:10:0a:61:c8:8c:72:e1:bf:
                    8b:72:08:5a:8f:b3:ff:e5:4d:37:88:ed:6d:2c:0c:
                    29:39:86:7c:41:41:94:a3:6e:30:99:e1:c3:c6:b4:
                    01:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:60:B0:2E:5F:11:AB:F3:B9:3B:57:65:BC:AF:5F:E8:6A:4C:56:22
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134342e302f32322d3234203d3e203630363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:5b:57:8e:0c:6b:02:38:74:32:68:42:40:ff:ba:e6:9e:83:
         bd:10:a2:05:44:b7:4c:80:44:7f:68:15:89:48:1f:ce:9f:7a:
         96:2e:6c:35:ed:3e:0c:3a:25:3e:99:e5:0f:2c:3d:b0:7a:ff:
         22:86:ce:25:36:df:8d:3a:eb:fe:fd:16:96:7c:c2:ee:34:a5:
         f9:2e:66:26:58:8e:2f:0c:42:86:14:02:5a:78:cc:61:f5:1a:
         e7:46:cc:60:41:c2:55:a4:6e:dc:76:10:6c:1a:0a:6a:19:08:
         77:45:2a:09:87:d7:24:a0:f3:b4:d7:87:ea:26:50:c4:08:2d:
         07:c8:62:36:b0:24:43:1b:23:55:27:a4:3c:2e:95:6b:ee:a6:
         f9:d9:0d:07:bb:60:cb:30:64:8e:02:46:16:50:86:e3:e3:9a:
         2f:9b:73:0e:ce:37:e2:60:de:72:bd:c1:f3:69:de:62:51:59:
         97:db:bd:96:84:77:2c:28:da:9b:a0:84:f2:a7:67:e3:64:5f:
         0e:8c:a1:a9:30:59:0c:d2:65:ec:0a:a5:da:2d:05:59:30:a4:
         f6:3c:e3:ed:94:da:79:07:82:73:6e:2d:1e:87:43:01:ca:68:
         25:c9:3b:25:91:15:51:96:61:3f:d2:65:53:d9:0d:f2:5f:4e:
         f7:99:9a:ac
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSkcYsDCcjdK3/VeQpgAeN11S/r4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjExNjU5MDJaFw0yNTA2MjAxNzA0MDJaMDMxMTAvBgNV
BAMTKDQzNjBCMDJFNUYxMUFCRjNCOTNCNTc2NUJDQUY1RkU4NkE0QzU2MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj4p4EEnfCoyTtHcZczwkYHebB
sa3RbGHcXGr4hoSGpWSs+TKyIKs+ijlnztIdSpXw9NSv/lgSJT4Y190PJr/PFX96
K7NuimenjlywjIdL7R7Fg50FMElmOEo6Z5jYNWe+WefU5DUl2Z5pcJWkfHqYQ3yd
dKJme6VAI10gbEaqdftuseDT4KkQOJg83FrLboqRc8gZke+YMg0w6ztqQyZKIQzM
6gG1XXHeDPvIIJlTyjQCv/UjNKCEzXgbeQnIjoP6M3R6cAVMNN7/kmJnJZxMRiNU
ieVHhbsQCmHIjHLhv4tyCFqPs//lTTeI7W0sDCk5hnxBQZSjbjCZ4cPGtAFNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQ2CwLl8Rq/O5O1dlvK9f6GpMViIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzYzMDM2MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlQn
kDANBgkqhkiG9w0BAQsFAAOCAQEANFtXjgxrAjh0MmhCQP+65p6DvRCiBUS3TIBE
f2gViUgfzp96li5sNe0+DDolPpnlDyw9sHr/IobOJTbfjTrr/v0WlnzC7jSl+S5m
JliOLwxChhQCWnjMYfUa50bMYEHCVaRu3HYQbBoKahkId0UqCYfXJKDztNeH6iZQ
xAgtB8hiNrAkQxsjVSekPC6Va+6m+dkNB7tgyzBkjgJGFlCG4+OaL5tzDs434mDe
cr3B82neYlFZl9u9loR3LCjam6CE8qdn42RfDoyhqTBZDNJl7Aql2i0FWTCk9jzj
7ZTaeQeCc24tHodDAcpoJck7JZEVUZZhP9JlU9kN8l9O95marA==
-----END CERTIFICATE-----