Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa
File:                     38342e35342e32322e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          cmW/qbJWyrFuiHNqGQneIcVHwZmYaLZjqAK2zmphfZ4=
Subject key identifier:   5A:26:1B:7C:57:F3:E9:99:B3:65:ED:5A:D7:B3:D5:8D:5C:0A:F5:DD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2B92842B74A82626FCCB88DF50FFCBA0652A9853
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 15 Dec 2024 18:44:30 +0000
ROA not before:           Sun 15 Dec 2024 18:39:30 +0000
ROA not after:            Sun 14 Dec 2025 18:44:30 +0000
asID:                     136787
IP address blocks:        84.54.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:92:84:2b:74:a8:26:26:fc:cb:88:df:50:ff:cb:a0:65:2a:98:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Dec 15 18:39:30 2024 GMT
            Not After : Dec 14 18:44:30 2025 GMT
        Subject: CN=5A261B7C57F3E999B365ED5AD7B3D58D5C0AF5DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4c:58:f4:2d:46:1c:dd:50:3c:d7:5f:a1:a9:
                    e1:ed:b4:42:d3:65:25:b3:41:c7:da:ba:5b:bd:3c:
                    0b:47:24:85:1c:a1:c6:2e:56:54:06:8d:59:7b:3e:
                    3c:09:7e:8a:be:2a:17:cb:d3:b4:0b:91:38:bb:71:
                    21:fc:2b:a0:87:3e:d4:68:17:6e:a1:9e:b5:83:b1:
                    54:fe:4a:24:bf:14:91:2a:4a:eb:85:b0:a9:1f:cd:
                    e7:2a:b3:1e:73:34:68:fe:07:2a:7b:cf:2e:cf:35:
                    bc:c5:3c:21:58:3b:db:03:7a:be:a6:70:98:5f:5f:
                    cc:6f:03:d3:ba:af:ce:1d:e5:f5:fd:f1:d6:b8:7b:
                    c2:2a:fb:f1:a7:3d:08:76:4a:05:2e:07:de:08:0e:
                    dc:b4:2e:f6:f1:95:cf:31:54:9f:ce:fc:df:12:3c:
                    00:05:4f:70:1b:91:bc:82:80:3d:fa:7a:69:e2:bf:
                    b9:7d:48:da:36:d3:73:5a:1b:97:c0:52:b7:64:bf:
                    54:83:86:e9:9c:62:26:41:4b:9a:52:2b:40:1e:ab:
                    5b:06:07:22:dc:17:5a:c3:41:2e:8d:d8:40:88:c6:
                    91:0a:40:70:73:e9:66:a2:aa:8e:a6:33:ee:b2:02:
                    5a:64:65:1f:d4:68:7a:16:8a:c6:b0:eb:9c:eb:81:
                    55:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:26:1B:7C:57:F3:E9:99:B3:65:ED:5A:D7:B3:D5:8D:5C:0A:F5:DD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32322e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:df:e4:a4:42:ae:e6:b2:a6:31:fa:24:cc:d6:2f:b6:11:b6:
         bc:b2:8b:09:07:23:ff:47:32:e6:d6:aa:70:8c:1d:51:4d:d4:
         d2:15:5b:bc:c0:cb:84:7b:34:58:c7:18:1d:e5:26:91:4e:5b:
         b2:09:77:98:80:6e:22:bf:24:2a:20:21:bf:47:62:1a:aa:32:
         b8:84:0d:bf:67:ec:9b:84:f0:ec:ee:a3:c3:e6:7b:bc:0b:9f:
         17:ba:8e:8d:72:78:b9:10:53:aa:e0:b3:2e:3b:46:a5:17:df:
         18:52:96:fb:4d:e5:e8:0e:03:5f:50:89:4d:0f:9d:8f:51:32:
         0d:c7:31:4b:07:ae:63:a5:a7:97:f0:d8:97:76:c8:13:e0:b7:
         77:55:0b:0a:f8:f3:19:ad:9c:d8:16:77:0f:7a:19:e4:27:fc:
         97:22:c7:d0:ac:77:7a:dc:3b:73:41:45:f4:fd:25:d4:8f:b6:
         51:a5:72:6c:41:33:3b:a2:b6:f1:fd:1a:97:5d:ad:5b:23:77:
         22:77:84:51:73:1d:43:d5:62:c0:63:b1:61:71:1e:ff:d8:82:
         10:3c:7a:9c:da:7d:02:25:b6:87:8c:dd:aa:0f:71:ff:d4:18:
         21:4d:7e:be:fb:c8:07:de:fd:cc:0d:03:b2:55:ec:aa:7e:9a:
         a4:49:b3:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK5KEK3SoJib8y4jfUP/LoGUqmFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEyMTUxODM5MzBaFw0yNTEyMTQxODQ0MzBaMDMxMTAvBgNV
BAMTKDVBMjYxQjdDNTdGM0U5OTlCMzY1RUQ1QUQ3QjNENThENUMwQUY1REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4TFj0LUYc3VA811+hqeHttELT
ZSWzQcfaulu9PAtHJIUcocYuVlQGjVl7PjwJfoq+KhfL07QLkTi7cSH8K6CHPtRo
F26hnrWDsVT+SiS/FJEqSuuFsKkfzecqsx5zNGj+Byp7zy7PNbzFPCFYO9sDer6m
cJhfX8xvA9O6r84d5fX98da4e8Iq+/GnPQh2SgUuB94IDty0Lvbxlc8xVJ/O/N8S
PAAFT3AbkbyCgD36emniv7l9SNo203NaG5fAUrdkv1SDhumcYiZBS5pSK0Aeq1sG
ByLcF1rDQS6N2ECIxpEKQHBz6Waiqo6mM+6yAlpkZR/UaHoWisaw65zrgVVbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWiYbfFfz6ZmzZe1a17PVjVwK9d0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQ2
FjANBgkqhkiG9w0BAQsFAAOCAQEAZd/kpEKu5rKmMfokzNYvthG2vLKLCQcj/0cy
5taqcIwdUU3U0hVbvMDLhHs0WMcYHeUmkU5bsgl3mIBuIr8kKiAhv0diGqoyuIQN
v2fsm4Tw7O6jw+Z7vAufF7qOjXJ4uRBTquCzLjtGpRffGFKW+03l6A4DX1CJTQ+d
j1EyDccxSweuY6Wnl/DYl3bIE+C3d1ULCvjzGa2c2BZ3D3oZ5Cf8lyLH0Kx3etw7
c0FF9P0l1I+2UaVybEEzO6K28f0al12tWyN3IneEUXMdQ9ViwGOxYXEe/9iCEDx6
nNp9AiW2h4zdqg9x/9QYIU1+vvvIB979zA0DslXsqn6apEmzRw==
-----END CERTIFICATE-----