Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
File:                     38352e3230382e35302e302f32342d3234203d3e203630373231.roa (raw, json)
Hash identifier:          gOiKqGPdbatwb8TedmtUzUuUIvalNeTVkRz5p3kf6IM=
Subject key identifier:   AA:43:55:BB:2B:9C:38:0B:8C:AE:DD:FD:17:A7:57:00:1A:1C:7C:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2082EDFA28DF7B19724CB1E20B36FD9445FF4424
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
Signing time:             Fri 20 Oct 2023 13:41:51 +0000
ROA not before:           Fri 20 Oct 2023 13:36:51 +0000
ROA not after:            Fri 18 Oct 2024 13:41:51 +0000
asID:                     60721
IP address blocks:        85.208.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:82:ed:fa:28:df:7b:19:72:4c:b1:e2:0b:36:fd:94:45:ff:44:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:51 2023 GMT
            Not After : Oct 18 13:41:51 2024 GMT
        Subject: CN=AA4355BB2B9C380B8CAEDDFD17A757001A1C7CBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:62:f3:da:8a:75:31:f2:89:9b:ef:c7:e1:30:
                    4b:b4:ed:aa:86:cf:ec:ab:c3:31:ff:e7:ee:d4:2d:
                    8b:8f:86:5e:18:e1:ba:a4:6e:3d:f7:2c:5f:b2:bf:
                    71:1c:f9:90:09:08:3d:69:ee:0c:34:c7:cc:10:4e:
                    ba:05:e4:c2:b6:8e:99:8c:11:15:75:34:ff:c5:3c:
                    de:87:e7:be:fa:d5:5a:af:df:82:52:c8:a4:8f:41:
                    0a:25:d8:be:d2:7c:46:9e:9b:5d:6f:21:7e:56:ea:
                    0b:47:db:7d:85:09:e6:4d:2b:1c:d5:28:03:de:e3:
                    42:ee:53:76:c2:ca:04:f2:7f:41:1c:fc:41:95:dd:
                    89:28:75:d1:03:09:d3:cc:7d:46:21:22:5f:3f:f9:
                    d6:c0:8d:33:13:6a:c2:6f:0f:aa:89:d9:63:99:d6:
                    7f:e6:2d:73:8a:9e:6a:4c:e9:38:12:91:dd:6a:4a:
                    3b:d1:49:80:a0:83:f7:81:d4:bd:af:f8:0f:0d:d4:
                    a5:89:66:27:44:e9:1b:85:33:5b:5c:8f:aa:e2:a9:
                    48:16:f0:30:fc:d9:ef:10:df:9b:ae:3a:68:e4:ea:
                    e7:a4:87:56:01:a2:9b:24:22:ce:b3:78:7d:02:26:
                    0a:c8:de:c4:95:63:14:9c:86:9c:2b:81:55:65:60:
                    51:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:43:55:BB:2B:9C:38:0B:8C:AE:DD:FD:17:A7:57:00:1A:1C:7C:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:7d:8d:27:23:6f:ce:cc:76:aa:bd:87:8e:43:28:14:e4:2b:
         06:69:7c:bd:07:4e:43:a8:4e:f0:42:b7:b7:50:bf:b6:b0:23:
         76:d0:7e:1c:12:31:b1:ed:d2:b9:a9:f7:fd:de:25:71:0f:5e:
         93:a4:28:40:af:2f:6f:2f:fc:21:92:33:af:45:ac:23:e4:b1:
         62:f0:6c:9e:1b:94:77:45:64:f4:c1:4a:87:8a:72:b6:e4:c7:
         69:0d:df:0a:37:02:2d:56:ab:3d:56:bb:50:86:7a:29:66:d5:
         bb:d2:54:28:8b:70:67:4b:96:ee:6d:6e:9b:4c:a1:6f:44:b9:
         8a:d8:c6:32:97:2b:c1:81:b8:c0:40:10:d9:f5:12:47:a0:86:
         39:f0:1c:98:e8:b7:d5:b1:07:e3:d1:1c:c8:ac:44:2b:b9:b7:
         fd:73:a6:f3:07:35:cd:ae:22:0d:a5:be:2b:83:14:da:2d:3b:
         24:e5:d2:47:fa:15:79:aa:be:54:6e:0b:3e:0d:ab:48:72:f7:
         40:2b:92:f1:24:2e:67:4a:a2:b8:4a:a4:07:d0:84:72:de:0c:
         5d:e6:ad:64:01:23:ef:d1:60:1f:3a:eb:42:86:15:d5:e3:78:
         5d:f3:1a:a8:46:9b:d2:fc:30:28:81:e6:80:39:14:e2:1d:b5:
         a5:bc:60:7f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIILt+ijfexlyTLHiCzb9lEX/RCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTFaFw0yNDEwMTgxMzQxNTFaMDMxMTAvBgNV
BAMTKEFBNDM1NUJCMkI5QzM4MEI4Q0FFRERGRDE3QTc1NzAwMUExQzdDQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYvPainUx8omb78fhMEu07aqG
z+yrwzH/5+7ULYuPhl4Y4bqkbj33LF+yv3Ec+ZAJCD1p7gw0x8wQTroF5MK2jpmM
ERV1NP/FPN6H57761Vqv34JSyKSPQQol2L7SfEaem11vIX5W6gtH232FCeZNKxzV
KAPe40LuU3bCygTyf0Ec/EGV3YkoddEDCdPMfUYhIl8/+dbAjTMTasJvD6qJ2WOZ
1n/mLXOKnmpM6TgSkd1qSjvRSYCgg/eB1L2v+A8N1KWJZidE6RuFM1tcj6riqUgW
8DD82e8Q35uuOmjk6uekh1YBopskIs6zeH0CJgrI3sSVYxSchpwrgVVlYFGTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqkNVuyucOAuMrt39F6dXABocfLowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MjANBgkqhkiG9w0BAQsFAAOCAQEAUn2NJyNvzsx2qr2HjkMoFOQrBml8vQdOQ6hO
8EK3t1C/trAjdtB+HBIxse3Suan3/d4lcQ9ek6QoQK8vby/8IZIzr0WsI+SxYvBs
nhuUd0Vk9MFKh4pytuTHaQ3fCjcCLVarPVa7UIZ6KWbVu9JUKItwZ0uW7m1um0yh
b0S5itjGMpcrwYG4wEAQ2fUSR6CGOfAcmOi31bEH49EcyKxEK7m3/XOm8wc1za4i
DaW+K4MU2i07JOXSR/oVeaq+VG4LPg2rSHL3QCuS8SQuZ0qiuEqkB9CEct4MXeat
ZAEj79FgHzrrQoYV1eN4XfMaqEab0vwwKIHmgDkU4h21pbxgfw==
-----END CERTIFICATE-----