Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa
File:                     38342e35342e32302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5CUjKl+cgU6nBOhRWNOWs6n5aDDxoyzadZCcbbancLA=
Subject key identifier:   26:00:2B:B8:38:FA:82:BE:F2:16:FC:81:89:25:AA:7A:27:90:BF:1E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       60FE99C12C93E03FEA9017D4B8BC8F0C68B3FA9D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 15 Dec 2024 18:44:30 +0000
ROA not before:           Sun 15 Dec 2024 18:39:30 +0000
ROA not after:            Sun 14 Dec 2025 18:44:30 +0000
asID:                     136787
IP address blocks:        84.54.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:10:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:fe:99:c1:2c:93:e0:3f:ea:90:17:d4:b8:bc:8f:0c:68:b3:fa:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 15 18:39:30 2024 GMT
            Not After : Dec 14 18:44:30 2025 GMT
        Subject: CN=26002BB838FA82BEF216FC818925AA7A2790BF1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:47:d6:c8:86:0f:40:3c:ae:b7:ca:be:4b:54:
                    7b:55:56:ec:0c:d1:82:6c:bf:91:81:1b:89:df:44:
                    a4:5c:8a:e4:a4:85:7d:7d:39:c9:55:7b:db:db:b4:
                    b2:12:35:e5:2e:51:2c:27:1d:ae:aa:f5:39:93:ef:
                    f0:e3:42:65:b4:95:b8:11:8c:08:f5:2f:22:11:5f:
                    4a:8e:ee:20:d7:9f:a9:cc:7e:3e:72:aa:74:aa:2a:
                    ad:fe:fd:22:78:34:46:a3:b6:12:1c:37:3a:19:c8:
                    21:e2:cc:85:6f:d9:3f:25:7e:cc:92:de:d4:d0:4e:
                    48:46:9d:e5:58:83:f5:b0:8c:4a:29:f2:37:05:4b:
                    18:c1:13:ca:03:b3:7e:09:9e:4d:1a:1f:cb:38:57:
                    d2:01:ad:38:73:d5:b9:52:13:43:dd:f8:88:cc:29:
                    7f:8e:b6:bd:53:81:fa:25:06:a7:a2:e6:c2:f5:df:
                    0b:33:a6:46:f2:aa:3e:47:cd:84:ad:98:06:4d:f9:
                    9a:97:17:24:f9:ac:6f:00:22:8f:2c:1e:8a:07:5e:
                    dd:a6:0c:3b:9a:3b:c3:09:8c:dc:5a:b1:3b:d7:f6:
                    c3:bc:99:5c:b6:99:bf:00:d3:31:6a:e3:a5:6d:60:
                    62:24:3c:d2:70:a4:0a:79:ca:93:78:12:11:e8:df:
                    06:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:00:2B:B8:38:FA:82:BE:F2:16:FC:81:89:25:AA:7A:27:90:BF:1E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e0:59:f4:af:0c:a1:fb:04:6e:6e:6f:dd:6c:03:59:89:f0:
         d0:f3:18:69:14:29:c4:31:59:99:48:38:c9:10:8b:70:b5:91:
         29:fc:04:cb:a1:08:1f:47:29:b8:29:89:bb:a2:19:1a:ed:0f:
         24:23:0d:ca:cb:09:1a:72:ba:0f:ef:cf:fe:5c:cc:a3:3a:e4:
         b5:84:9a:c4:f9:02:06:6e:77:9c:4c:92:98:8e:03:c9:4b:03:
         10:43:60:2f:47:2c:c5:73:9f:86:d8:d7:23:b6:a0:ab:29:b3:
         bc:65:e7:99:b0:38:2c:7c:1f:a6:3e:e8:6d:e5:83:ac:1d:44:
         fb:b1:08:2a:8a:00:ad:34:76:1b:53:cd:db:aa:f9:a1:85:09:
         75:1c:b2:4c:97:84:c8:5d:d5:99:a9:37:ac:db:3e:5b:90:71:
         d5:9c:4a:aa:fb:6b:a5:c9:a9:47:9a:26:4d:25:e4:36:6f:e7:
         0b:c6:ba:de:79:5c:86:35:c7:f6:1d:64:79:b7:40:92:5e:92:
         5c:df:71:ee:b5:f8:0f:c6:6b:69:a7:3e:f9:fb:2a:ba:b5:c2:
         c5:2d:95:52:08:91:79:3a:d1:50:85:a6:8e:e0:95:70:62:b8:
         9f:41:cb:9f:83:55:8b:2f:d8:60:e2:cd:c3:75:88:53:93:c6:
         cf:60:32:0b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYP6ZwSyT4D/qkBfUuLyPDGiz+p0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEyMTUxODM5MzBaFw0yNTEyMTQxODQ0MzBaMDMxMTAvBgNV
BAMTKDI2MDAyQkI4MzhGQTgyQkVGMjE2RkM4MTg5MjVBQTdBMjc5MEJGMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAR9bIhg9APK63yr5LVHtVVuwM
0YJsv5GBG4nfRKRciuSkhX19OclVe9vbtLISNeUuUSwnHa6q9TmT7/DjQmW0lbgR
jAj1LyIRX0qO7iDXn6nMfj5yqnSqKq3+/SJ4NEajthIcNzoZyCHizIVv2T8lfsyS
3tTQTkhGneVYg/WwjEop8jcFSxjBE8oDs34Jnk0aH8s4V9IBrThz1blSE0Pd+IjM
KX+Otr1TgfolBqei5sL13wszpkbyqj5HzYStmAZN+ZqXFyT5rG8AIo8sHooHXt2m
DDuaO8MJjNxasTvX9sO8mVy2mb8A0zFq46VtYGIkPNJwpAp5ypN4EhHo3waBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJgAruDj6gr7yFvyBiSWqeieQvx4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQ2
FDANBgkqhkiG9w0BAQsFAAOCAQEAPuBZ9K8MofsEbm5v3WwDWYnw0PMYaRQpxDFZ
mUg4yRCLcLWRKfwEy6EIH0cpuCmJu6IZGu0PJCMNyssJGnK6D+/P/lzMozrktYSa
xPkCBm53nEySmI4DyUsDEENgL0csxXOfhtjXI7agqymzvGXnmbA4LHwfpj7obeWD
rB1E+7EIKooArTR2G1PN26r5oYUJdRyyTJeEyF3Vmak3rNs+W5Bx1ZxKqvtrpcmp
R5omTSXkNm/nC8a63nlchjXH9h1kebdAkl6SXN9x7rX4D8Zraac++fsqurXCxS2V
UgiReTrRUIWmjuCVcGK4n0HLn4NViy/YYOLNw3WIU5PGz2AyCw==
-----END CERTIFICATE-----