Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa
File:                     38342e35342e32302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          hu+z3rvDsaj7BkOHdpr9xKY6kM/+Xy+x9G6hNWWgf1E=
Subject key identifier:   97:F1:31:78:57:38:B7:0B:D4:82:6F:AB:E0:3C:62:7C:81:F2:07:A4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       73C84CE20E12EE1961029BA4F225CFAB295CF4A5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 14 Jan 2024 18:08:49 +0000
ROA not before:           Sun 14 Jan 2024 18:03:49 +0000
ROA not after:            Sun 12 Jan 2025 18:08:49 +0000
asID:                     136787
IP address blocks:        84.54.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c8:4c:e2:0e:12:ee:19:61:02:9b:a4:f2:25:cf:ab:29:5c:f4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 14 18:03:49 2024 GMT
            Not After : Jan 12 18:08:49 2025 GMT
        Subject: CN=97F131785738B70BD4826FABE03C627C81F207A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b1:7e:2e:fb:aa:76:52:e9:aa:c2:80:d4:a3:
                    b3:ba:bf:e4:f7:e5:59:5d:af:c1:d0:c7:37:9a:f3:
                    08:4a:53:87:b6:53:90:f3:7a:e4:17:4f:b7:91:a5:
                    0c:fd:85:3a:33:3e:73:1b:6f:2a:37:ef:6c:54:2f:
                    f5:b0:00:51:c2:91:74:ae:1a:d8:ff:02:89:65:76:
                    d2:11:1c:17:a9:ac:15:32:e9:f6:49:00:17:50:1c:
                    81:64:60:75:35:65:1a:8a:68:b1:c6:21:e4:48:e8:
                    85:85:92:4c:47:05:7c:8d:00:8f:3e:1a:be:14:ab:
                    7a:87:5f:4f:56:14:52:24:ac:4c:6d:ac:85:91:56:
                    a8:c3:c1:68:58:cc:18:91:b4:27:43:5e:1a:5c:9b:
                    79:be:5f:3c:61:86:40:1a:ed:c5:2c:21:8f:14:f0:
                    cf:56:3e:49:ab:5e:86:1f:c1:ae:62:5d:e7:55:20:
                    59:3b:5d:aa:ee:65:7c:32:6f:46:43:e8:ce:3b:ad:
                    23:00:6a:f9:34:a8:21:06:d7:ac:9f:e5:78:f4:3f:
                    f1:08:69:a9:2d:bd:a8:60:07:30:79:96:03:50:b2:
                    01:4c:b7:9b:ae:ff:54:a3:35:23:2a:a8:4a:b1:9c:
                    9d:2e:b1:b7:73:34:94:4c:ca:cb:e4:b9:14:e7:20:
                    1b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F1:31:78:57:38:B7:0B:D4:82:6F:AB:E0:3C:62:7C:81:F2:07:A4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e1:36:37:3f:4c:54:be:04:6b:39:57:af:ba:a9:5a:8d:ed:
         04:41:e8:5c:9e:ee:49:b3:e3:15:99:4f:4a:16:5b:24:b0:36:
         73:7a:04:3c:b8:bc:c4:7e:5e:5b:ca:eb:10:21:bf:a2:6d:50:
         7f:91:04:79:29:34:f3:7c:14:42:df:1d:bf:a8:c2:e0:91:80:
         a9:5e:8c:f6:d6:81:c1:1b:0b:bb:00:46:68:dc:33:11:37:9e:
         6e:71:9a:3b:e3:54:ed:0b:95:12:00:24:21:5c:fe:a7:6b:7b:
         14:af:98:83:e0:89:e6:96:b8:3a:e0:2c:b2:48:af:6a:ea:0f:
         7f:66:54:3c:1d:9b:19:31:7e:5e:f6:50:76:a3:0b:d2:f4:99:
         65:c7:5d:00:4a:ab:6c:1a:a2:ba:d7:15:83:4c:88:19:6f:68:
         e0:30:dd:3b:44:89:d7:6c:17:b4:6d:b9:0a:59:5a:44:6a:39:
         e7:24:21:af:53:54:68:17:31:be:57:ad:32:80:b2:ce:d3:c4:
         e4:72:c2:63:29:ff:f8:a3:59:92:ba:6f:0c:55:42:6e:09:cd:
         c4:a6:60:73:9f:db:30:c0:4b:bc:52:47:51:82:5e:b2:f6:bf:
         15:0e:ca:fa:9c:36:da:59:96:37:0c:64:69:01:29:a6:ea:f7:
         c0:9b:8d:56
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUc8hM4g4S7hlhApuk8iXPqylc9KUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMTQxODAzNDlaFw0yNTAxMTIxODA4NDlaMDMxMTAvBgNV
BAMTKDk3RjEzMTc4NTczOEI3MEJENDgyNkZBQkUwM0M2MjdDODFGMjA3QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3sX4u+6p2UumqwoDUo7O6v+T3
5Vldr8HQxzea8whKU4e2U5DzeuQXT7eRpQz9hTozPnMbbyo372xUL/WwAFHCkXSu
Gtj/AolldtIRHBeprBUy6fZJABdQHIFkYHU1ZRqKaLHGIeRI6IWFkkxHBXyNAI8+
Gr4Uq3qHX09WFFIkrExtrIWRVqjDwWhYzBiRtCdDXhpcm3m+XzxhhkAa7cUsIY8U
8M9WPkmrXoYfwa5iXedVIFk7XaruZXwyb0ZD6M47rSMAavk0qCEG16yf5Xj0P/EI
aaktvahgBzB5lgNQsgFMt5uu/1SjNSMqqEqxnJ0usbdzNJRMysvkuRTnIBv9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUl/ExeFc4twvUgm+r4DxifIHyB6QwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQ2
FDANBgkqhkiG9w0BAQsFAAOCAQEANuE2Nz9MVL4EazlXr7qpWo3tBEHoXJ7uSbPj
FZlPShZbJLA2c3oEPLi8xH5eW8rrECG/om1Qf5EEeSk083wUQt8dv6jC4JGAqV6M
9taBwRsLuwBGaNwzETeebnGaO+NU7QuVEgAkIVz+p2t7FK+Yg+CJ5pa4OuAsskiv
auoPf2ZUPB2bGTF+XvZQdqML0vSZZcddAEqrbBqiutcVg0yIGW9o4DDdO0SJ12wX
tG25CllaRGo55yQhr1NUaBcxvletMoCyztPE5HLCYyn/+KNZkrpvDFVCbgnNxKZg
c5/bMMBLvFJHUYJesva/FQ7K+pw22lmWNwxkaQEppur3wJuNVg==
-----END CERTIFICATE-----