Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
File:                     38352e3230382e35302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CWlSEue8eEhWMEVmUkIRUA58I7aI0tlvxMFUVKAeF2A=
Subject key identifier:   63:1B:25:99:D2:9B:55:C7:52:1A:AE:4D:EC:DC:91:F5:EC:A2:94:64
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3123CDE16D597341ABB571DB930F985FB01ABF1A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Sep 2024 14:04:52 +0000
ROA not before:           Fri 20 Sep 2024 13:59:52 +0000
ROA not after:            Fri 19 Sep 2025 14:04:52 +0000
asID:                     834
IP address blocks:        85.208.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:23:cd:e1:6d:59:73:41:ab:b5:71:db:93:0f:98:5f:b0:1a:bf:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:52 2024 GMT
            Not After : Sep 19 14:04:52 2025 GMT
        Subject: CN=631B2599D29B55C7521AAE4DECDC91F5ECA29464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:df:b3:a7:4b:7e:3c:fb:26:3e:e9:d1:f7:66:
                    d7:65:2c:f4:19:29:eb:23:54:33:f1:39:b8:96:c6:
                    38:d2:a0:ee:1e:cc:95:c4:fe:de:57:f4:b7:ba:77:
                    29:9c:77:52:0b:29:1e:54:fb:a5:56:1e:ae:ba:03:
                    e3:d2:f1:06:61:95:59:79:cf:ef:72:e5:6a:a9:e3:
                    20:82:06:aa:93:12:4c:73:29:63:b4:d7:fd:ce:89:
                    af:96:d2:b3:ef:25:cd:fb:de:85:8c:99:0b:f9:e6:
                    a5:96:cb:bb:b3:7e:c8:16:46:bd:22:26:5f:f8:7d:
                    25:31:3a:bf:9c:4b:c5:a0:52:a6:1a:9e:0c:06:12:
                    0f:23:84:c6:15:7b:5b:2d:2d:6d:7f:14:96:3b:94:
                    14:ca:e0:5d:8d:67:b2:6a:31:3b:27:f0:14:1e:c8:
                    57:08:78:fc:80:0f:c3:55:dc:07:6f:64:9b:70:f3:
                    2e:68:6f:7a:a0:97:9c:20:a5:19:7a:e3:9d:79:47:
                    3d:3d:b1:55:3c:86:1f:0c:49:b8:64:d1:51:39:43:
                    53:90:cc:ef:5e:8b:12:71:a6:fa:5f:7f:56:62:82:
                    57:7c:fd:ec:a2:8c:e4:32:0e:a5:3a:7c:74:3b:a6:
                    0a:a3:74:9c:39:ce:45:f4:78:c1:33:09:66:33:81:
                    a0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:1B:25:99:D2:9B:55:C7:52:1A:AE:4D:EC:DC:91:F5:EC:A2:94:64
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e1:c5:b4:b3:67:e0:87:a1:79:c9:e5:52:e1:b4:9e:32:4b:
         2a:a1:52:9c:83:16:eb:c3:54:c4:fa:47:b8:37:dc:62:68:9a:
         e9:2e:5d:b9:5f:3c:23:e9:10:c0:74:50:fe:08:0a:9e:f0:65:
         6e:19:d0:cc:fb:67:3f:cb:41:62:0d:c1:b1:5b:cd:1b:c1:a7:
         77:ec:d8:0c:7a:c2:1c:8b:4a:5e:2a:c4:ff:20:a9:26:53:53:
         2d:f0:8d:7f:be:ea:27:ca:47:e4:6d:8b:1e:34:b6:07:42:98:
         71:69:68:88:97:a2:dc:0f:b2:06:e0:9c:25:6b:63:de:8d:d1:
         62:f9:50:58:33:83:80:4c:1a:9b:84:29:03:e6:eb:c4:db:ff:
         49:eb:cb:89:56:36:74:08:68:5d:5c:d0:28:45:b2:66:39:d1:
         4c:20:4b:3e:9a:40:8f:56:13:7d:6d:83:33:22:ef:fa:64:10:
         6c:fb:31:58:9a:82:23:76:6b:a3:9c:e2:a2:21:ad:e8:b4:b1:
         2b:fd:2a:e4:8a:cb:8d:c8:af:a8:c4:a4:b9:9a:5c:6a:94:75:
         f9:e5:e1:00:99:30:28:ae:1c:7d:8a:cc:f5:1f:c1:9f:78:9d:
         15:32:24:b0:7b:25:51:e3:8c:b5:4e:96:78:06:d2:4f:00:26:
         a5:f0:ba:12
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMSPN4W1Zc0GrtXHbkw+YX7AavxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTJaFw0yNTA5MTkxNDA0NTJaMDMxMTAvBgNV
BAMTKDYzMUIyNTk5RDI5QjU1Qzc1MjFBQUU0REVDREM5MUY1RUNBMjk0NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx37OnS348+yY+6dH3ZtdlLPQZ
KesjVDPxObiWxjjSoO4ezJXE/t5X9Le6dymcd1ILKR5U+6VWHq66A+PS8QZhlVl5
z+9y5Wqp4yCCBqqTEkxzKWO01/3Oia+W0rPvJc373oWMmQv55qWWy7uzfsgWRr0i
Jl/4fSUxOr+cS8WgUqYangwGEg8jhMYVe1stLW1/FJY7lBTK4F2NZ7JqMTsn8BQe
yFcIePyAD8NV3AdvZJtw8y5ob3qgl5wgpRl64515Rz09sVU8hh8MSbhk0VE5Q1OQ
zO9eixJxpvpff1Zigld8/eyijOQyDqU6fHQ7pgqjdJw5zkX0eMEzCWYzgaCvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUYxslmdKbVcdSGq5N7NyR9eyilGQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdAyMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4cW0s2fgh6F5yeVS4bSeMksqoVKcgxbrw1TE+ke4
N9xiaJrpLl25Xzwj6RDAdFD+CAqe8GVuGdDM+2c/y0FiDcGxW80bwad37NgMesIc
i0peKsT/IKkmU1Mt8I1/vuonykfkbYseNLYHQphxaWiIl6LcD7IG4Jwla2PejdFi
+VBYM4OATBqbhCkD5uvE2/9J68uJVjZ0CGhdXNAoRbJmOdFMIEs+mkCPVhN9bYMz
Iu/6ZBBs+zFYmoIjdmujnOKiIa3otLEr/SrkisuNyK+oxKS5mlxqlHX55eEAmTAo
rhx9isz1H8GfeJ0VMiSweyVR44y1TpZ4BtJPACal8LoS
-----END CERTIFICATE-----