Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa
File:                     38342e35342e32332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          bjzL01jGNNMwkY88KejVTttHEePy2SR3YofVWdLSWMs=
Subject key identifier:   15:4A:59:0D:EB:A9:5E:F3:84:90:60:02:56:07:96:3F:D3:EF:BD:93
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A399EBA8605059541BD20D1DC7BC5F72861FDB8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Sep 2024 14:04:54 +0000
ROA not before:           Fri 20 Sep 2024 13:59:54 +0000
ROA not after:            Fri 19 Sep 2025 14:04:54 +0000
asID:                     51167
IP address blocks:        84.54.23.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:39:9e:ba:86:05:05:95:41:bd:20:d1:dc:7b:c5:f7:28:61:fd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:54 2024 GMT
            Not After : Sep 19 14:04:54 2025 GMT
        Subject: CN=154A590DEBA95EF3849060025607963FD3EFBD93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0c:c2:b2:3c:ed:32:49:b9:29:a1:a3:ba:8c:
                    ac:8a:f5:2a:c5:21:09:cb:be:d9:53:50:0c:a0:88:
                    aa:78:62:d4:64:a7:af:24:df:39:9b:1b:c1:b4:d7:
                    eb:18:2e:ef:25:d7:59:b1:10:9c:94:52:7a:f4:e1:
                    c9:91:50:7e:f9:08:8d:35:ad:c2:a0:12:4d:08:e8:
                    fb:ce:40:3d:7c:5d:e1:63:9a:c4:15:f4:64:52:d8:
                    71:3b:2e:3a:b3:94:bb:cf:b1:fc:29:45:f5:d4:29:
                    fe:ea:0e:85:20:ff:54:a8:a0:23:5b:af:57:70:3b:
                    69:5b:cb:33:35:5e:29:a8:8a:3f:56:fa:11:84:4d:
                    21:ec:28:c8:62:e4:30:07:70:bb:b4:7a:7d:69:19:
                    fa:b0:78:fd:63:87:bc:e3:fd:5f:d5:55:30:06:bb:
                    86:a7:33:81:ef:26:d5:70:76:c2:a6:ec:b1:d5:55:
                    37:4c:2a:5a:b2:61:dd:8f:76:6f:0d:90:4a:e4:3c:
                    ac:e5:07:9c:ad:d4:fe:05:d1:cb:e3:cd:ca:25:8b:
                    f2:38:2b:26:de:fa:96:04:a7:fa:ff:a8:f3:06:75:
                    04:97:65:1d:65:8d:0d:4f:a6:b3:f6:20:52:7d:61:
                    f4:35:cc:be:ad:a0:79:4f:e6:29:90:85:05:71:58:
                    c2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4A:59:0D:EB:A9:5E:F3:84:90:60:02:56:07:96:3F:D3:EF:BD:93
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9e:8a:59:d9:62:51:47:71:2d:52:93:40:88:9a:24:d7:6f:
         0f:14:83:8a:a6:48:76:80:25:bf:30:2f:b9:6b:9e:88:66:37:
         c9:00:aa:2b:f3:c8:b6:cd:b1:6d:4c:31:fe:90:de:f0:ee:f6:
         c9:d3:a9:4c:a6:9a:16:1b:e7:d6:98:fa:e5:ed:a6:3b:91:14:
         ce:93:a9:47:12:d2:a4:a6:44:28:8b:58:c2:4e:5b:bf:d9:cf:
         f0:15:bb:29:a9:82:e4:23:69:f8:f8:73:82:cf:5d:83:6a:0d:
         c8:33:3e:5d:2c:66:8e:f9:b2:24:f4:9a:00:42:89:27:e8:4d:
         a9:6e:01:55:15:84:6e:27:48:f3:c1:6b:b6:e4:0e:6e:34:7f:
         16:f1:4a:17:6e:fb:d7:e8:05:10:5c:bb:2b:43:db:6f:4a:47:
         c9:62:9c:cc:a8:3f:5e:d1:50:09:b6:19:e6:7b:31:4b:b7:85:
         ec:63:63:c9:13:60:8b:52:cb:36:04:fd:50:2f:60:6a:5b:92:
         ab:de:b7:b3:98:c0:bc:32:6e:f7:f1:d2:30:8f:9e:51:4c:72:
         d0:93:57:27:e1:a6:25:f6:bb:65:64:3a:99:5f:36:90:9a:42:
         98:4e:d4:6e:1b:d3:69:53:ba:71:fe:c8:91:85:02:5a:66:d0:
         27:84:43:15
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSjmeuoYFBZVBvSDR3HvF9yhh/bgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTRaFw0yNTA5MTkxNDA0NTRaMDMxMTAvBgNV
BAMTKDE1NEE1OTBERUJBOTVFRjM4NDkwNjAwMjU2MDc5NjNGRDNFRkJEOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdDMKyPO0ySbkpoaO6jKyK9SrF
IQnLvtlTUAygiKp4YtRkp68k3zmbG8G01+sYLu8l11mxEJyUUnr04cmRUH75CI01
rcKgEk0I6PvOQD18XeFjmsQV9GRS2HE7LjqzlLvPsfwpRfXUKf7qDoUg/1SooCNb
r1dwO2lbyzM1Ximoij9W+hGETSHsKMhi5DAHcLu0en1pGfqweP1jh7zj/V/VVTAG
u4anM4HvJtVwdsKm7LHVVTdMKlqyYd2Pdm8NkErkPKzlB5yt1P4F0cvjzcoli/I4
Kybe+pYEp/r/qPMGdQSXZR1ljQ1PprP2IFJ9YfQ1zL6toHlP5imQhQVxWMIRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFUpZDeupXvOEkGACVgeWP9PvvZMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABUNhcw
DQYJKoZIhvcNAQELBQADggEBAHaeilnZYlFHcS1Sk0CImiTXbw8Ug4qmSHaAJb8w
L7lrnohmN8kAqivzyLbNsW1MMf6Q3vDu9snTqUymmhYb59aY+uXtpjuRFM6TqUcS
0qSmRCiLWMJOW7/Zz/AVuympguQjafj4c4LPXYNqDcgzPl0sZo75siT0mgBCiSfo
TaluAVUVhG4nSPPBa7bkDm40fxbxShdu+9foBRBcuytD229KR8linMyoP17RUAm2
GeZ7MUu3hexjY8kTYItSyzYE/VAvYGpbkqvet7OYwLwybvfx0jCPnlFMctCTVyfh
piX2u2VkOplfNpCaQphO1G4b02lTunH+yJGFAlpm0CeEQxU=
-----END CERTIFICATE-----