Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa
File:                     38342e35342e32332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          jlQTOFlLPzhXUnn83T3Y3q9z89Ki+/CmC1MZ2unmpw8=
Subject key identifier:   CB:7A:F0:A9:BA:B3:9D:91:D4:A1:59:B6:A8:81:9B:EB:F1:01:70:0B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4B5B0BF19A421237BCADA1259BDA5C1F197E245E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Oct 2023 13:41:57 +0000
ROA not before:           Fri 20 Oct 2023 13:36:57 +0000
ROA not after:            Fri 18 Oct 2024 13:41:57 +0000
asID:                     51167
IP address blocks:        84.54.23.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:5b:0b:f1:9a:42:12:37:bc:ad:a1:25:9b:da:5c:1f:19:7e:24:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:57 2023 GMT
            Not After : Oct 18 13:41:57 2024 GMT
        Subject: CN=CB7AF0A9BAB39D91D4A159B6A8819BEBF101700B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:02:12:89:6b:3e:96:de:84:b5:df:78:0d:83:
                    ef:4b:19:da:a7:7f:d3:71:d6:ec:6c:c9:05:53:13:
                    48:ef:8d:a5:2c:45:08:60:5c:f6:9f:7e:e6:7f:df:
                    1b:3c:e8:a0:44:fc:5b:72:93:98:e8:0c:ac:e2:76:
                    f7:b5:30:5b:a9:5b:bc:dc:6d:02:28:74:b8:70:bc:
                    f8:ce:02:35:e2:ab:1d:2b:f6:bd:2d:59:d1:0c:e4:
                    62:9d:d2:9a:28:4e:77:72:ca:c8:d3:02:d9:44:54:
                    5e:00:19:5c:e7:31:9c:78:0d:27:14:6c:5b:4a:54:
                    08:56:24:b7:09:da:a7:b0:19:62:ac:66:f2:45:92:
                    5a:eb:54:52:67:ba:7a:40:d6:bc:f0:4c:be:67:4f:
                    41:3f:e0:82:a3:56:6a:18:5d:a2:a1:60:ec:d2:ec:
                    d5:db:af:5e:55:17:18:02:1e:db:16:7f:12:ac:9c:
                    dc:b4:7e:2a:ef:59:37:a4:9d:94:a2:33:e8:ab:62:
                    be:cb:d3:1e:9f:c3:4c:39:c5:72:b3:fb:5e:ef:68:
                    98:94:40:82:1f:ff:76:50:d9:04:6d:d6:81:31:24:
                    15:a1:0a:d0:2d:d8:31:96:5e:43:30:8b:da:31:e1:
                    74:2c:07:d4:05:6d:f1:d8:b1:28:ac:1f:31:7f:63:
                    71:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7A:F0:A9:BA:B3:9D:91:D4:A1:59:B6:A8:81:9B:EB:F1:01:70:0B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e35342e32332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:19:68:3e:96:ab:65:90:1e:97:c5:60:ca:59:a7:47:f3:c0:
         98:91:1f:0d:79:67:ef:22:ea:88:86:00:a4:7b:f6:21:26:14:
         9d:53:2f:7b:63:53:8f:e5:f8:b2:49:84:1a:c2:88:65:87:db:
         aa:a3:e1:cd:2f:74:5a:38:64:3f:e9:11:32:51:b8:61:a5:55:
         e5:ba:fa:a7:ea:b0:98:9c:2a:b9:a9:b9:9b:0c:28:74:9a:a7:
         4e:a3:88:94:aa:f5:35:b5:1f:40:19:09:51:4a:3e:de:36:88:
         12:7b:b4:0e:4d:2b:4b:06:d1:7f:2d:50:8c:46:15:c5:ac:9c:
         fd:dd:99:3e:91:6b:0f:70:d8:74:c2:0c:5c:c9:e8:98:48:f8:
         cb:14:21:71:e6:0c:cb:64:31:b5:38:d5:3a:93:84:60:8c:99:
         07:96:67:81:1c:dd:bc:33:5d:84:09:24:5d:e8:54:b4:9d:46:
         4d:63:3d:4f:47:ea:5e:d2:36:6c:99:47:d7:94:86:03:f4:2e:
         f2:68:ce:7a:38:bf:91:05:a1:ef:e4:88:e1:5e:5d:2a:56:9f:
         f3:21:6d:cf:5c:df:3b:45:44:b0:c8:c6:5c:98:64:bf:80:49:
         f0:60:9f:4a:86:71:59:a2:c8:3a:30:7a:f6:ea:c1:f0:85:2f:
         67:54:f7:37
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS1sL8ZpCEje8raElm9pcHxl+JF4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTdaFw0yNDEwMTgxMzQxNTdaMDMxMTAvBgNV
BAMTKENCN0FGMEE5QkFCMzlEOTFENEExNTlCNkE4ODE5QkVCRjEwMTcwMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwAhKJaz6W3oS133gNg+9LGdqn
f9Nx1uxsyQVTE0jvjaUsRQhgXPaffuZ/3xs86KBE/Ftyk5joDKzidve1MFupW7zc
bQIodLhwvPjOAjXiqx0r9r0tWdEM5GKd0pooTndyysjTAtlEVF4AGVznMZx4DScU
bFtKVAhWJLcJ2qewGWKsZvJFklrrVFJnunpA1rzwTL5nT0E/4IKjVmoYXaKhYOzS
7NXbr15VFxgCHtsWfxKsnNy0firvWTeknZSiM+irYr7L0x6fw0w5xXKz+17vaJiU
QIIf/3ZQ2QRt1oExJBWhCtAt2DGWXkMwi9ox4XQsB9QFbfHYsSisHzF/Y3H3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUy3rwqbqznZHUoVm2qIGb6/EBcAswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzUzNDJlMzIzMzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABUNhcw
DQYJKoZIhvcNAQELBQADggEBAEYZaD6Wq2WQHpfFYMpZp0fzwJiRHw15Z+8i6oiG
AKR79iEmFJ1TL3tjU4/l+LJJhBrCiGWH26qj4c0vdFo4ZD/pETJRuGGlVeW6+qfq
sJicKrmpuZsMKHSap06jiJSq9TW1H0AZCVFKPt42iBJ7tA5NK0sG0X8tUIxGFcWs
nP3dmT6Raw9w2HTCDFzJ6JhI+MsUIXHmDMtkMbU41TqThGCMmQeWZ4Ec3bwzXYQJ
JF3oVLSdRk1jPU9H6l7SNmyZR9eUhgP0LvJozno4v5EFoe/kiOFeXSpWn/Mhbc9c
3ztFRLDIxlyYZL+ASfBgn0qGcVmiyDowevbqwfCFL2dU9zc=
-----END CERTIFICATE-----