Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa
File:                     38342e33392e3134382e302f32332d3234203d3e203630363634.roa (raw, json)
Hash identifier:          yobsnUKz/J9b91bEp7l7td1HISPbtq0FNh22D83qcYM=
Subject key identifier:   71:BF:5B:81:B7:F2:BA:1E:F0:DD:CA:07:7E:1E:CE:1B:6C:E3:54:C3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70A7BC224FB8D49E0FADEC5DB72F981BA3B974CC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa
Signing time:             Fri 21 Jun 2024 17:04:02 +0000
ROA not before:           Fri 21 Jun 2024 16:59:02 +0000
ROA not after:            Fri 20 Jun 2025 17:04:02 +0000
asID:                     60664
IP address blocks:        84.39.148.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:a7:bc:22:4f:b8:d4:9e:0f:ad:ec:5d:b7:2f:98:1b:a3:b9:74:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 21 16:59:02 2024 GMT
            Not After : Jun 20 17:04:02 2025 GMT
        Subject: CN=71BF5B81B7F2BA1EF0DDCA077E1ECE1B6CE354C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:70:af:b8:0f:ff:80:53:07:d1:a2:26:3d:80:
                    39:55:59:24:ba:ed:4c:d8:87:33:2b:92:04:61:e9:
                    0f:07:ad:7f:e6:c8:48:2f:59:88:49:22:5a:c6:a7:
                    c6:4e:8e:13:7a:c9:d7:38:4a:ab:fa:ff:b2:d5:73:
                    bf:af:de:30:cc:e1:1a:86:f9:7a:51:03:bb:3c:36:
                    e0:b6:73:a0:9e:9e:a9:31:32:e4:93:f9:fc:2c:1f:
                    f2:35:76:ac:5f:a8:09:be:d2:6d:d2:55:2b:d1:5e:
                    e2:68:5e:23:5d:a1:d5:e7:be:22:12:b5:8e:87:a2:
                    a9:d6:d9:1b:42:fe:46:4c:31:dd:80:f7:8e:5b:01:
                    eb:cf:c2:46:2c:50:c1:8d:e1:65:f2:05:ca:a3:70:
                    95:3e:66:a1:7f:5b:40:52:65:d9:53:a2:6d:cd:ba:
                    ad:07:69:db:7e:eb:97:01:29:0b:91:2b:ab:9f:88:
                    3b:40:85:65:b0:93:ee:1e:41:87:6e:a8:5e:5a:90:
                    b2:8c:f0:79:56:c6:7b:8b:bb:3c:70:c3:bf:40:bc:
                    80:73:e0:62:8e:68:0f:d3:65:60:0f:e5:a8:b9:ae:
                    56:1e:fd:26:76:8c:85:83:12:67:51:d4:d9:a7:21:
                    95:16:ab:19:7e:06:df:ff:0f:26:46:d3:12:22:98:
                    93:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:BF:5B:81:B7:F2:BA:1E:F0:DD:CA:07:7E:1E:CE:1B:6C:E3:54:C3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:fb:cc:df:7b:fd:ea:df:06:b3:1c:6e:91:e0:99:3f:6e:d7:
         ea:9f:29:1f:d9:af:b6:d4:96:9c:2b:3a:80:86:62:d7:e2:ca:
         73:79:a6:b1:06:f6:75:c1:90:70:55:95:13:26:23:99:ac:8a:
         0f:fd:58:aa:96:15:40:06:83:75:3a:15:68:3a:42:45:4b:1e:
         b2:f0:7f:0e:c3:b4:dc:c1:b6:89:4e:1c:c1:21:89:bf:00:8a:
         90:0e:5b:59:9d:f8:32:f8:cc:e2:8b:e8:ef:4c:15:28:b0:d4:
         0d:a4:06:0d:08:1a:77:e6:73:bb:9b:cb:42:f9:e9:e3:73:d1:
         cb:de:55:4c:59:b7:06:05:6e:07:df:65:ea:ff:bd:f9:d2:e6:
         39:80:d8:dd:75:ae:1a:68:a7:ec:93:42:d3:b9:61:e6:2d:42:
         9f:06:a7:f7:15:9b:7f:5f:22:da:fd:87:71:58:b6:7b:8f:fe:
         39:94:c7:d7:c8:93:4c:ef:e3:14:99:ef:b6:80:90:a9:f0:d7:
         31:31:02:4d:8b:13:fd:45:7e:8e:fa:46:31:85:d3:8e:96:29:
         5b:9c:2f:15:32:26:3a:f9:84:89:cd:69:4b:a2:a9:2f:46:e7:
         59:e4:9c:28:de:b9:06:6c:ed:72:67:b7:3f:45:51:c5:4e:84:
         26:1e:9a:b7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcKe8Ik+41J4Prexdty+YG6O5dMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjExNjU5MDJaFw0yNTA2MjAxNzA0MDJaMDMxMTAvBgNV
BAMTKDcxQkY1QjgxQjdGMkJBMUVGMEREQ0EwNzdFMUVDRTFCNkNFMzU0QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfcK+4D/+AUwfRoiY9gDlVWSS6
7UzYhzMrkgRh6Q8HrX/myEgvWYhJIlrGp8ZOjhN6ydc4Sqv6/7LVc7+v3jDM4RqG
+XpRA7s8NuC2c6CenqkxMuST+fwsH/I1dqxfqAm+0m3SVSvRXuJoXiNdodXnviIS
tY6HoqnW2RtC/kZMMd2A945bAevPwkYsUMGN4WXyBcqjcJU+ZqF/W0BSZdlTom3N
uq0Hadt+65cBKQuRK6ufiDtAhWWwk+4eQYduqF5akLKM8HlWxnuLuzxww79AvIBz
4GKOaA/TZWAP5ai5rlYe/SZ2jIWDEmdR1NmnIZUWqxl+Bt//DyZG0xIimJMJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcb9bgbfyuh7w3coHfh7OG2zjVMMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzYzMDM2MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVQn
lDANBgkqhkiG9w0BAQsFAAOCAQEAMPvM33v96t8GsxxukeCZP27X6p8pH9mvttSW
nCs6gIZi1+LKc3mmsQb2dcGQcFWVEyYjmayKD/1YqpYVQAaDdToVaDpCRUsesvB/
DsO03MG2iU4cwSGJvwCKkA5bWZ34MvjM4ovo70wVKLDUDaQGDQgad+Zzu5vLQvnp
43PRy95VTFm3BgVuB99l6v+9+dLmOYDY3XWuGmin7JNC07lh5i1Cnwan9xWbf18i
2v2HcVi2e4/+OZTH18iTTO/jFJnvtoCQqfDXMTECTYsT/UV+jvpGMYXTjpYpW5wv
FTImOvmEic1pS6KpL0bnWeScKN65Bmztcme3P0VRxU6EJh6atw==
-----END CERTIFICATE-----