Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa
File:                     38352e3230382e34382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          CiChguRogIwq/CvnLWiZjsBJfQ1PD3ylxYKO3D38Bf0=
Subject key identifier:   1D:07:5C:31:58:EA:3E:6A:11:23:B0:EE:53:77:22:5D:AE:17:E4:86
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       761ADAFC905860177EE1FA250B698C3D186A8CC2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Oct 2023 13:41:45 +0000
ROA not before:           Fri 20 Oct 2023 13:36:45 +0000
ROA not after:            Fri 18 Oct 2024 13:41:45 +0000
asID:                     51167
IP address blocks:        85.208.48.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1a:da:fc:90:58:60:17:7e:e1:fa:25:0b:69:8c:3d:18:6a:8c:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:45 2023 GMT
            Not After : Oct 18 13:41:45 2024 GMT
        Subject: CN=1D075C3158EA3E6A1123B0EE5377225DAE17E486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:24:e2:22:7e:2f:90:af:39:d1:77:33:0d:86:
                    2c:f4:c1:9b:dc:52:57:3e:f2:8e:9a:9e:b2:26:a5:
                    e1:bc:1c:d8:d9:cf:b0:50:d2:ef:99:dc:44:fd:bc:
                    13:0b:da:00:de:25:ca:01:0e:78:f5:e2:eb:ef:10:
                    be:82:9e:38:35:b2:d4:05:69:d7:7d:b4:9b:01:e7:
                    ce:ef:34:09:1c:5f:83:41:c6:bf:e4:5e:6e:26:70:
                    6a:ef:3f:23:47:a6:cd:e6:51:99:45:5e:0e:89:6c:
                    4f:a2:35:13:c4:3c:a7:6a:c2:9d:ca:a7:82:eb:d5:
                    4b:18:1e:ed:9e:53:87:47:84:aa:98:6a:bc:9b:81:
                    cf:3a:48:7e:1f:fd:78:c0:21:dc:ef:d4:5d:a7:fe:
                    cd:4b:87:ad:3d:4c:e3:a5:e1:25:40:85:f8:a0:39:
                    76:a9:1a:b2:80:91:66:1f:81:9d:a1:f5:51:8a:dd:
                    f7:b6:56:57:5b:9b:d3:4f:15:64:b1:14:5b:1a:61:
                    5b:6f:cb:4e:19:3d:b2:85:c3:c1:8d:e8:7e:ab:14:
                    10:88:d9:bb:70:8a:c8:bc:12:ef:35:87:e1:7a:ae:
                    e1:60:18:6b:d3:35:6b:b1:5f:a3:32:dc:af:d5:6d:
                    aa:27:3c:8d:0f:5c:78:2b:c6:47:c6:90:b6:1f:0d:
                    7e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:07:5C:31:58:EA:3E:6A:11:23:B0:EE:53:77:22:5D:AE:17:E4:86
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:79:34:3c:0b:66:54:9d:9a:4a:a0:21:63:13:0c:a7:7a:01:
         f7:f9:dc:fb:0a:57:96:a8:19:ed:bb:58:bd:f6:0f:8f:62:a6:
         15:0c:71:97:1e:37:15:4d:bb:3b:ff:78:58:73:a5:15:d4:9c:
         c2:02:53:b7:82:14:da:ec:6c:e4:a4:fe:10:43:c4:ab:fb:1c:
         39:08:9b:ec:de:71:56:97:45:e0:83:32:6f:c6:af:fd:40:cf:
         f6:f4:e5:cc:d9:23:ec:29:d3:57:af:80:75:b8:5a:8a:d9:63:
         da:0a:ac:0a:c7:87:80:d8:5f:a2:bc:bc:b6:04:ff:f9:32:36:
         fa:32:6f:57:21:95:12:76:cb:50:61:1a:04:50:33:81:1e:02:
         b3:fa:2f:c3:1a:0e:df:6c:94:3b:e1:26:63:60:6d:f4:14:d0:
         e1:03:b1:24:9e:7d:47:af:ca:30:d3:1a:8f:3c:cc:30:9a:44:
         07:85:ed:1e:11:11:da:c8:be:b4:65:ea:30:d0:ad:95:7d:2d:
         3d:d6:7f:24:bf:f6:c8:21:0d:72:ce:22:00:4e:a0:c5:33:35:
         3a:b1:10:f0:66:f8:a4:5c:7c:ec:03:b3:f3:fe:e7:2c:97:52:
         21:78:b2:e1:02:0f:68:cb:ee:d0:87:64:e0:c6:35:24:14:35:
         f4:2f:0f:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdhra/JBYYBd+4folC2mMPRhqjMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NDVaFw0yNDEwMTgxMzQxNDVaMDMxMTAvBgNV
BAMTKDFEMDc1QzMxNThFQTNFNkExMTIzQjBFRTUzNzcyMjVEQUUxN0U0ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuJOIifi+QrznRdzMNhiz0wZvc
Ulc+8o6anrImpeG8HNjZz7BQ0u+Z3ET9vBML2gDeJcoBDnj14uvvEL6Cnjg1stQF
add9tJsB587vNAkcX4NBxr/kXm4mcGrvPyNHps3mUZlFXg6JbE+iNRPEPKdqwp3K
p4Lr1UsYHu2eU4dHhKqYarybgc86SH4f/XjAIdzv1F2n/s1Lh609TOOl4SVAhfig
OXapGrKAkWYfgZ2h9VGK3fe2Vldbm9NPFWSxFFsaYVtvy04ZPbKFw8GN6H6rFBCI
2btwisi8Eu81h+F6ruFgGGvTNWuxX6My3K/VbaonPI0PXHgrxkfGkLYfDX6hAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHQdcMVjqPmoRI7DuU3ciXa4X5IYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNDM4
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MDANBgkqhkiG9w0BAQsFAAOCAQEAUHk0PAtmVJ2aSqAhYxMMp3oB9/nc+wpXlqgZ
7btYvfYPj2KmFQxxlx43FU27O/94WHOlFdScwgJTt4IU2uxs5KT+EEPEq/scOQib
7N5xVpdF4IMyb8av/UDP9vTlzNkj7CnTV6+Adbhaitlj2gqsCseHgNhfory8tgT/
+TI2+jJvVyGVEnbLUGEaBFAzgR4Cs/ovwxoO32yUO+EmY2Bt9BTQ4QOxJJ59R6/K
MNMajzzMMJpEB4XtHhER2si+tGXqMNCtlX0tPdZ/JL/2yCENcs4iAE6gxTM1OrEQ
8Gb4pFx87AOz8/7nLJdSIXiy4QIPaMvu0Idk4MY1JBQ19C8PvA==
-----END CERTIFICATE-----