Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa
File:                     38352e3230382e34382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          hQ3oBaBKb/ZRh8VzOc7cp1R3IG5NQPLjjVK9yD131Go=
Subject key identifier:   ED:04:7E:D3:D1:2D:CD:56:EF:CE:D3:54:0F:85:69:F9:89:5D:F3:90
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1CDDE1FBDAB25CAB9840DFE99A763A5B8508713E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 20 Sep 2024 14:04:53 +0000
ROA not before:           Fri 20 Sep 2024 13:59:53 +0000
ROA not after:            Fri 19 Sep 2025 14:04:53 +0000
asID:                     51167
IP address blocks:        85.208.48.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:dd:e1:fb:da:b2:5c:ab:98:40:df:e9:9a:76:3a:5b:85:08:71:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:53 2024 GMT
            Not After : Sep 19 14:04:53 2025 GMT
        Subject: CN=ED047ED3D12DCD56EFCED3540F8569F9895DF390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0b:70:2f:c4:bd:ef:01:ac:ea:55:87:cd:09:
                    5f:d0:db:8e:94:74:7d:0e:64:99:ff:0a:96:f2:0e:
                    92:c6:0c:e6:e4:91:32:c5:22:b7:1c:a6:32:33:bf:
                    bb:0d:72:12:3f:5b:18:2d:86:73:44:10:a3:aa:34:
                    c5:42:4e:ac:f0:39:46:f9:70:4d:16:8d:28:63:a6:
                    bd:45:f8:0a:6a:5e:13:26:5c:56:fb:f4:9f:d0:3b:
                    5a:7c:48:cb:7a:d2:43:cb:83:33:fb:e3:f2:a5:40:
                    53:b3:4d:41:82:6c:af:db:fa:17:95:06:6b:e0:03:
                    18:f5:65:ef:84:2d:60:3a:41:39:d8:de:6e:b1:0e:
                    5b:5d:9d:61:80:74:35:9a:71:13:67:b8:2e:e9:e1:
                    4d:3b:5d:05:12:a6:1f:cb:56:e8:70:78:95:fe:d5:
                    22:90:eb:7c:6f:2f:42:d9:00:bd:2d:03:e7:fc:4f:
                    04:3b:42:67:34:d4:d0:15:e8:51:36:eb:5c:8c:fc:
                    0a:c1:0b:7d:ee:cf:5c:56:53:df:e0:a4:6b:61:c9:
                    92:c1:87:a4:10:0c:9f:3d:8e:5f:e1:52:28:1d:3b:
                    8e:c7:98:e8:13:5f:e5:99:f8:16:13:21:cf:ee:dd:
                    9e:82:be:86:0a:b7:10:0e:ca:3c:77:e5:db:31:0c:
                    51:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:04:7E:D3:D1:2D:CD:56:EF:CE:D3:54:0F:85:69:F9:89:5D:F3:90
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e34382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:69:28:3c:11:cd:31:f7:a1:78:ad:81:3a:cb:de:ad:14:88:
         22:f7:57:97:43:b3:54:ce:0e:67:fe:6e:5d:4a:51:f7:68:72:
         cc:f6:69:d9:b4:cf:7b:77:ba:cb:df:31:b1:9b:e7:1e:e6:58:
         4a:d5:8e:89:4c:9b:aa:1a:50:aa:ad:6b:53:04:ad:41:43:aa:
         51:7e:2e:1c:cd:34:ad:58:db:5a:83:20:4c:4f:31:24:22:e2:
         99:8c:09:e9:7f:d5:45:92:e2:67:24:9d:a4:90:29:49:a9:71:
         90:f7:f6:d1:27:9b:76:5e:61:55:9d:2f:15:da:86:c1:95:b9:
         ab:61:d1:56:5d:a9:a7:5a:5b:8b:45:4f:06:90:18:1d:90:c1:
         21:cc:9e:20:0e:33:57:47:8f:a0:d2:b8:e0:ed:ab:ea:0c:9a:
         49:cc:cb:7d:6c:92:ef:db:8b:c6:38:70:61:a9:c4:af:0d:2e:
         86:6c:d1:08:92:4a:1d:2f:84:7e:a3:7f:be:7b:9a:d8:c1:23:
         9f:7b:67:b8:60:dc:44:66:fb:70:1c:fe:c3:94:b3:5e:5a:45:
         74:e6:b7:fd:79:e5:b4:cf:19:69:c5:bc:f4:e1:e6:7a:64:0d:
         de:92:81:31:27:30:28:fa:f7:d4:06:88:e0:73:a0:09:d7:25:
         6f:40:7b:45
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHN3h+9qyXKuYQN/pmnY6W4UIcT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTNaFw0yNTA5MTkxNDA0NTNaMDMxMTAvBgNV
BAMTKEVEMDQ3RUQzRDEyRENENTZFRkNFRDM1NDBGODU2OUY5ODk1REYzOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZC3AvxL3vAazqVYfNCV/Q246U
dH0OZJn/CpbyDpLGDObkkTLFIrccpjIzv7sNchI/WxgthnNEEKOqNMVCTqzwOUb5
cE0WjShjpr1F+ApqXhMmXFb79J/QO1p8SMt60kPLgzP74/KlQFOzTUGCbK/b+heV
BmvgAxj1Ze+ELWA6QTnY3m6xDltdnWGAdDWacRNnuC7p4U07XQUSph/LVuhweJX+
1SKQ63xvL0LZAL0tA+f8TwQ7Qmc01NAV6FE261yM/ArBC33uz1xWU9/gpGthyZLB
h6QQDJ89jl/hUigdO47HmOgTX+WZ+BYTIc/u3Z6CvoYKtxAOyjx35dsxDFG9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7QR+09EtzVbvztNUD4Vp+Yld85AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNDM4
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MDANBgkqhkiG9w0BAQsFAAOCAQEAgGkoPBHNMfeheK2BOsverRSIIvdXl0OzVM4O
Z/5uXUpR92hyzPZp2bTPe3e6y98xsZvnHuZYStWOiUybqhpQqq1rUwStQUOqUX4u
HM00rVjbWoMgTE8xJCLimYwJ6X/VRZLiZySdpJApSalxkPf20Sebdl5hVZ0vFdqG
wZW5q2HRVl2pp1pbi0VPBpAYHZDBIcyeIA4zV0ePoNK44O2r6gyaSczLfWyS79uL
xjhwYanErw0uhmzRCJJKHS+EfqN/vnua2MEjn3tnuGDcRGb7cBz+w5SzXlpFdOa3
/XnltM8ZacW89OHmemQN3pKBMScwKPr31AaI4HOgCdclb0B7RQ==
-----END CERTIFICATE-----