Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa
File:                     38342e35342e32322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          /vySZ8y8aIS3s8XMMkQriolAdpLPloIxvhLcoquk0QI=
Subject key identifier:   6F:7D:A5:CD:3A:E4:A8:0C:3F:15:5A:B5:43:92:C2:7C:32:14:E5:06
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       67E66B91FD486415FA7C4D3629171D35B85DBAE8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 14 Jan 2024 18:09:08 +0000
ROA not before:           Sun 14 Jan 2024 18:04:08 +0000
ROA not after:            Sun 12 Jan 2025 18:09:08 +0000
asID:                     136787
IP address blocks:        84.54.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:e6:6b:91:fd:48:64:15:fa:7c:4d:36:29:17:1d:35:b8:5d:ba:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 14 18:04:08 2024 GMT
            Not After : Jan 12 18:09:08 2025 GMT
        Subject: CN=6F7DA5CD3AE4A80C3F155AB54392C27C3214E506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ed:2c:5a:be:f4:cc:97:83:15:4a:36:97:37:
                    ad:88:75:92:ab:b9:74:d5:4d:28:fa:46:b1:0b:33:
                    37:23:1d:ec:0c:99:39:a7:0c:52:c3:55:0e:78:ef:
                    c0:8d:87:a1:4e:01:36:8e:62:59:f1:7c:a7:20:f8:
                    ca:d1:7c:09:b5:aa:eb:91:be:33:b1:be:86:73:3b:
                    b9:e7:bc:b0:c8:dd:eb:dd:a0:dc:43:fe:0d:d6:61:
                    79:81:97:3c:a7:6c:64:28:ee:a6:3c:b0:bc:38:b5:
                    c3:76:3c:be:34:be:a7:89:5b:b7:91:90:02:94:2f:
                    0a:92:b6:b6:eb:84:d4:17:54:2a:62:4a:f2:6f:77:
                    64:ea:82:eb:ef:38:40:63:06:c6:a0:7f:db:81:12:
                    c5:5f:03:a0:c3:fe:19:0b:b6:a3:fc:8e:94:0b:57:
                    ee:5f:bf:93:9b:72:a7:ac:fe:0a:ff:1c:e0:a8:3d:
                    46:26:15:5a:57:4f:21:d9:89:50:63:34:77:21:18:
                    28:69:de:e0:2c:48:d5:20:b8:f6:71:ab:09:51:0c:
                    39:20:1b:dd:7c:5a:e1:00:14:86:c0:0c:d8:8d:9a:
                    e2:65:63:90:3b:2e:c8:da:f4:bf:c4:40:f7:06:ab:
                    0e:d2:4d:99:37:8c:9f:df:f8:8b:70:a3:4f:5b:a2:
                    88:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:7D:A5:CD:3A:E4:A8:0C:3F:15:5A:B5:43:92:C2:7C:32:14:E5:06
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:70:78:bd:f2:6b:d0:4b:73:e0:e7:bf:aa:c5:df:86:7f:da:
         3c:41:64:6a:22:cd:9e:6c:b9:68:e3:67:4b:ab:cf:b1:8a:20:
         7a:15:85:6c:16:33:de:57:e4:84:88:ca:b1:3e:9c:82:bd:74:
         af:43:ce:1b:5d:8a:3f:7e:81:86:c1:0a:2b:70:f6:32:bb:73:
         49:4d:51:27:e8:d4:ef:69:50:2c:f4:4e:f3:ac:ad:f5:16:73:
         92:65:de:f9:7e:7c:ff:d9:65:1b:85:db:60:b7:93:70:e9:d8:
         08:5c:ee:cf:93:2f:b3:e5:83:bf:4d:e2:4b:cf:bd:54:9f:65:
         d1:09:71:31:8e:7a:a5:44:c4:f0:f9:13:b4:9b:77:b7:4f:65:
         47:88:3a:6b:5d:24:0d:55:61:d9:73:12:49:0e:d4:5f:37:ab:
         88:43:36:db:9c:ee:1e:25:97:36:83:df:c9:fe:24:35:75:b0:
         8f:f4:1e:dd:ac:96:8f:e4:33:01:30:56:ab:8f:6b:4f:c7:76:
         55:e7:24:f0:76:a5:2c:ea:11:c2:10:16:69:79:00:a2:0c:22:
         06:08:df:8f:8c:cf:45:65:bf:63:e9:5d:46:e9:09:0a:87:33:
         17:b5:2e:5f:29:a2:5c:6e:c6:cb:d2:43:ac:5a:10:7d:a4:15:
         8f:02:15:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ+Zrkf1IZBX6fE02KRcdNbhduugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAxMTQxODA0MDhaFw0yNTAxMTIxODA5MDhaMDMxMTAvBgNV
BAMTKDZGN0RBNUNEM0FFNEE4MEMzRjE1NUFCNTQzOTJDMjdDMzIxNEU1MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC97SxavvTMl4MVSjaXN62IdZKr
uXTVTSj6RrELMzcjHewMmTmnDFLDVQ5478CNh6FOATaOYlnxfKcg+MrRfAm1quuR
vjOxvoZzO7nnvLDI3evdoNxD/g3WYXmBlzynbGQo7qY8sLw4tcN2PL40vqeJW7eR
kAKULwqStrbrhNQXVCpiSvJvd2TqguvvOEBjBsagf9uBEsVfA6DD/hkLtqP8jpQL
V+5fv5Obcqes/gr/HOCoPUYmFVpXTyHZiVBjNHchGChp3uAsSNUguPZxqwlRDDkg
G918WuEAFIbADNiNmuJlY5A7Lsja9L/EQPcGqw7STZk3jJ/f+Itwo09boohhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUb32lzTrkqAw/FVq1Q5LCfDIU5QYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQ2
FjANBgkqhkiG9w0BAQsFAAOCAQEAb3B4vfJr0Etz4Oe/qsXfhn/aPEFkaiLNnmy5
aONnS6vPsYogehWFbBYz3lfkhIjKsT6cgr10r0POG12KP36BhsEKK3D2MrtzSU1R
J+jU72lQLPRO86yt9RZzkmXe+X58/9llG4XbYLeTcOnYCFzuz5Mvs+WDv03iS8+9
VJ9l0QlxMY56pUTE8PkTtJt3t09lR4g6a10kDVVh2XMSSQ7UXzeriEM225zuHiWX
NoPfyf4kNXWwj/Qe3ayWj+QzATBWq49rT8d2Veck8HalLOoRwhAWaXkAogwiBgjf
j4zPRWW/Y+ldRukJCoczF7UuXymiXG7Gy9JDrFoQfaQVjwIVqg==
-----END CERTIFICATE-----