Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32312e302f32342d3234203d3e20313336373837.roa
File:                     38342e35342e32312e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          Tch0lBqexjiCjryJTle3gpgzP9e/03EqT6iRPJ2d5FE=
Subject key identifier:   4B:B3:51:34:26:E4:1E:27:87:1F:44:74:EA:52:6E:0D:54:8C:28:81
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7741D4802868AB3577A270998B71568A3911C5FC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32312e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 14 Jan 2024 18:08:59 +0000
ROA not before:           Sun 14 Jan 2024 18:03:59 +0000
ROA not after:            Sun 12 Jan 2025 18:08:59 +0000
asID:                     136787
IP address blocks:        84.54.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:41:d4:80:28:68:ab:35:77:a2:70:99:8b:71:56:8a:39:11:c5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 14 18:03:59 2024 GMT
            Not After : Jan 12 18:08:59 2025 GMT
        Subject: CN=4BB3513426E41E27871F4474EA526E0D548C2881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:7a:7b:20:66:ee:af:df:04:59:c8:73:ae:
                    20:3e:e2:7f:65:12:be:bf:c9:a8:80:e7:ed:78:f0:
                    00:46:cb:f7:25:18:70:a5:52:ba:64:ba:fb:13:1a:
                    60:e6:ef:47:c9:d2:86:4d:a5:bc:85:e7:13:34:22:
                    24:be:1c:38:07:36:06:16:ae:7c:07:cf:aa:6e:e0:
                    0d:10:19:c1:c2:ae:46:9c:51:17:20:db:cd:50:d2:
                    d2:7f:5f:af:9c:3c:17:dc:62:a6:ff:fe:4d:02:1c:
                    1e:47:38:8e:ec:75:dd:8f:91:2c:c8:05:0b:de:dc:
                    3b:51:9f:4f:ca:20:f2:0f:0b:26:d9:1e:70:9a:ed:
                    11:a8:cc:d0:fc:a5:39:8d:ae:44:12:8d:7d:76:bd:
                    52:2e:12:50:1e:05:7f:68:56:26:5c:35:88:c2:be:
                    5c:d0:1d:77:14:34:5d:95:54:d6:4b:ef:e5:4a:e1:
                    ea:a0:d9:7a:7b:33:b4:73:8c:80:71:5a:06:26:4a:
                    39:75:f4:f4:63:fe:9e:55:25:95:3e:ce:05:7f:46:
                    d7:34:84:f2:80:a0:38:45:7f:63:a8:ef:40:4d:77:
                    7c:58:e3:bd:e6:7d:65:50:27:cd:dc:2e:2a:1d:e9:
                    e3:13:b9:f2:3e:62:b4:82:51:40:9d:39:ba:79:bb:
                    5e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B3:51:34:26:E4:1E:27:87:1F:44:74:EA:52:6E:0D:54:8C:28:81
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32312e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:23:fa:31:9b:ff:71:31:0f:7d:53:96:4f:13:18:da:1e:d1:
         e0:c9:92:8c:d7:fc:b3:be:33:5a:3c:4b:ec:bb:c7:46:b4:c0:
         df:02:8a:49:ba:3b:aa:d0:18:d4:f1:6b:60:d4:73:6f:67:a5:
         97:ae:8c:bf:f6:6b:27:eb:ff:0b:c2:29:b6:c5:a9:d2:27:62:
         0e:f6:62:9b:49:f3:d8:a4:a9:46:cb:5f:90:7e:42:8e:63:d5:
         73:c7:42:ab:c2:af:c4:66:ae:bd:c4:b9:ea:5a:18:63:dc:e0:
         65:ce:4e:cd:87:e4:37:39:7e:bd:f9:61:2d:ae:43:cd:88:d7:
         0c:bb:27:ca:e3:e8:a9:4a:cd:e4:7e:b8:3c:fb:44:3a:34:17:
         63:3c:11:14:9c:aa:fe:1b:2a:1a:65:ae:8a:72:49:39:9f:fa:
         eb:27:57:23:af:48:c4:41:fb:3a:19:97:e3:48:56:38:52:75:
         ad:04:b2:08:d3:93:49:a4:29:45:fb:5e:8b:25:8c:c4:e4:af:
         86:05:dc:99:45:fc:6f:5f:75:e5:48:96:73:e4:1f:ab:e5:be:
         bd:a2:ba:5e:2e:46:80:63:47:00:e9:1e:67:de:36:e7:ce:7a:
         8a:5d:6e:00:ec:30:eb:0b:6e:7f:02:e1:62:8d:68:d3:46:30:
         91:77:dc:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUd0HUgChoqzV3onCZi3FWijkRxfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMTQxODAzNTlaFw0yNTAxMTIxODA4NTlaMDMxMTAvBgNV
BAMTKDRCQjM1MTM0MjZFNDFFMjc4NzFGNDQ3NEVBNTI2RTBENTQ4QzI4ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Z3p7IGbur98EWchzriA+4n9l
Er6/yaiA5+148ABGy/clGHClUrpkuvsTGmDm70fJ0oZNpbyF5xM0IiS+HDgHNgYW
rnwHz6pu4A0QGcHCrkacURcg281Q0tJ/X6+cPBfcYqb//k0CHB5HOI7sdd2PkSzI
BQve3DtRn0/KIPIPCybZHnCa7RGozND8pTmNrkQSjX12vVIuElAeBX9oViZcNYjC
vlzQHXcUNF2VVNZL7+VK4eqg2Xp7M7RzjIBxWgYmSjl19PRj/p5VJZU+zgV/Rtc0
hPKAoDhFf2Oo70BNd3xY473mfWVQJ83cLiod6eMTufI+YrSCUUCdObp5u14BAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUS7NRNCbkHieHH0R06lJuDVSMKIEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQ2
FTANBgkqhkiG9w0BAQsFAAOCAQEAlyP6MZv/cTEPfVOWTxMY2h7R4MmSjNf8s74z
WjxL7LvHRrTA3wKKSbo7qtAY1PFrYNRzb2ell66Mv/ZrJ+v/C8IptsWp0idiDvZi
m0nz2KSpRstfkH5CjmPVc8dCq8KvxGauvcS56loYY9zgZc5OzYfkNzl+vflhLa5D
zYjXDLsnyuPoqUrN5H64PPtEOjQXYzwRFJyq/hsqGmWuinJJOZ/66ydXI69IxEH7
OhmX40hWOFJ1rQSyCNOTSaQpRfteiyWMxOSvhgXcmUX8b1915UiWc+Qfq+W+vaK6
Xi5GgGNHAOkeZ9425856il1uAOww6wtufwLhYo1o00YwkXfcHQ==
-----END CERTIFICATE-----