Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa
File:                     38342e33392e3135302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          KQhu0+Hj+kreUhk56RXkbdUMiLjG4Ukwy6D/rEgElM4=
Subject key identifier:   1A:86:A2:22:40:D6:B7:D7:9F:21:8D:A3:1A:37:33:82:56:3E:A6:8A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0382A0C7E4C3E3C36C3FF90C670B385892471205
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 28 Aug 2023 12:17:11 +0000
ROA not before:           Mon 28 Aug 2023 12:12:11 +0000
ROA not after:            Mon 26 Aug 2024 12:17:11 +0000
asID:                     51167
IP address blocks:        84.39.150.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:82:a0:c7:e4:c3:e3:c3:6c:3f:f9:0c:67:0b:38:58:92:47:12:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 12:12:11 2023 GMT
            Not After : Aug 26 12:17:11 2024 GMT
        Subject: CN=1A86A22240D6B7D79F218DA31A373382563EA68A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:53:43:4c:e4:c4:7c:29:ca:96:61:ca:e1:c2:
                    58:ec:9e:8f:25:a6:90:e3:76:df:e1:5d:68:46:1b:
                    45:56:2e:97:28:44:4a:bb:44:54:0d:49:e3:6a:7a:
                    3d:5a:1e:4f:3a:58:3f:0d:16:de:ab:ba:69:e4:36:
                    bc:57:88:a2:27:14:50:20:1c:f8:f1:04:51:84:01:
                    73:2c:89:86:80:f4:40:81:37:66:8b:69:82:6a:44:
                    ed:d2:be:a3:89:d9:e9:6f:76:fa:e3:c9:ca:67:35:
                    ad:47:83:63:8b:2e:57:5d:99:ce:30:6a:d3:52:aa:
                    5d:24:3c:59:b6:69:1c:9a:f1:b3:53:ed:90:ef:a4:
                    11:bf:43:69:4f:3e:39:f0:2c:e3:7c:04:b9:3c:3a:
                    e9:6f:56:91:d3:94:b3:83:8f:de:da:8d:c9:b1:f5:
                    79:9e:5d:39:84:8e:20:00:4d:5b:3f:15:5a:fb:86:
                    ff:85:bb:59:f9:94:2d:25:ea:fd:95:ae:a3:35:ec:
                    fb:74:f9:2a:1b:36:ca:ec:1e:eb:47:ce:5c:0a:c0:
                    9e:84:9e:40:b6:b8:51:e4:e1:44:ae:c2:39:5e:94:
                    90:58:33:6e:6a:76:18:77:f8:39:cf:60:2e:56:ec:
                    93:09:1b:ca:43:c6:9b:03:20:a6:2d:6f:5c:74:9c:
                    60:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:86:A2:22:40:D6:B7:D7:9F:21:8D:A3:1A:37:33:82:56:3E:A6:8A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c0:37:ac:b6:2f:0e:1d:03:ad:0f:ae:46:38:04:94:87:da:
         fc:33:c6:5f:91:be:55:da:0f:2d:25:43:ac:92:81:c1:31:9f:
         0e:6f:0e:ae:a8:95:76:07:2c:0b:69:15:54:12:8a:2b:02:90:
         cc:f6:71:1d:70:a3:72:27:87:15:f5:d8:7f:2e:3c:99:15:c9:
         c0:76:75:d6:f0:1c:c8:eb:85:77:5d:23:9b:a5:16:bd:48:b3:
         4f:f8:d1:7a:fb:b6:a3:7e:78:dd:80:dd:bf:f5:18:1f:59:08:
         40:86:38:73:01:f1:dd:df:af:08:c6:6e:9d:80:0a:e9:58:e9:
         93:2b:0e:a7:2b:0b:7b:f6:c3:60:54:3e:4a:d6:97:77:60:41:
         52:25:fd:b2:b6:cb:d7:db:c5:6a:57:97:f3:e1:f3:0e:79:58:
         fc:ee:ed:05:d0:47:4c:65:80:93:5a:d7:2b:11:0c:26:11:72:
         1b:9b:3c:7f:50:fe:cf:dc:56:6d:ac:51:5e:aa:51:b6:91:02:
         7f:2a:36:ba:16:73:01:85:3c:26:3b:67:97:50:f5:81:7c:db:
         c6:4e:d2:53:23:26:dd:06:e1:53:36:21:fd:73:2e:4b:c3:b1:
         bb:72:79:9b:1a:98:c9:07:bb:5c:9b:a8:26:8a:10:01:84:bb:
         0d:77:03:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA4Kgx+TD48NsP/kMZws4WJJHEgUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MjgxMjEyMTFaFw0yNDA4MjYxMjE3MTFaMDMxMTAvBgNV
BAMTKDFBODZBMjIyNDBENkI3RDc5RjIxOERBMzFBMzczMzgyNTYzRUE2OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2U0NM5MR8KcqWYcrhwljsno8l
ppDjdt/hXWhGG0VWLpcoREq7RFQNSeNqej1aHk86WD8NFt6rumnkNrxXiKInFFAg
HPjxBFGEAXMsiYaA9ECBN2aLaYJqRO3SvqOJ2elvdvrjycpnNa1Hg2OLLlddmc4w
atNSql0kPFm2aRya8bNT7ZDvpBG/Q2lPPjnwLON8BLk8OulvVpHTlLODj97ajcmx
9XmeXTmEjiAATVs/FVr7hv+Fu1n5lC0l6v2VrqM17Pt0+SobNsrsHutHzlwKwJ6E
nkC2uFHk4USuwjlelJBYM25qdhh3+DnPYC5W7JMJG8pDxpsDIKYtb1x0nGDhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGoaiIkDWt9efIY2jGjczglY+poowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNTMw
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQn
ljANBgkqhkiG9w0BAQsFAAOCAQEAZ8A3rLYvDh0DrQ+uRjgElIfa/DPGX5G+VdoP
LSVDrJKBwTGfDm8OrqiVdgcsC2kVVBKKKwKQzPZxHXCjcieHFfXYfy48mRXJwHZ1
1vAcyOuFd10jm6UWvUizT/jRevu2o3543YDdv/UYH1kIQIY4cwHx3d+vCMZunYAK
6VjpkysOpysLe/bDYFQ+StaXd2BBUiX9srbL19vFaleX8+HzDnlY/O7tBdBHTGWA
k1rXKxEMJhFyG5s8f1D+z9xWbaxRXqpRtpECfyo2uhZzAYU8Jjtnl1D1gXzbxk7S
UyMm3QbhUzYh/XMuS8Oxu3J5mxqYyQe7XJuoJooQAYS7DXcDQg==
-----END CERTIFICATE-----