Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
File:                     38352e3230382e35302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jjeP/OPLOugrs6X7jqeCRN5pTnPEzeFugUa49IUH1Yw=
Subject key identifier:   79:39:21:3B:89:82:81:FE:6F:38:96:B5:B2:03:5A:3C:20:0E:D0:5C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C22F5699AE5B536BD5DC6FD3B8FEC9DB053B5C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Oct 2023 13:41:43 +0000
ROA not before:           Fri 20 Oct 2023 13:36:43 +0000
ROA not after:            Fri 18 Oct 2024 13:41:43 +0000
asID:                     834
IP address blocks:        85.208.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:22:f5:69:9a:e5:b5:36:bd:5d:c6:fd:3b:8f:ec:9d:b0:53:b5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:43 2023 GMT
            Not After : Oct 18 13:41:43 2024 GMT
        Subject: CN=7939213B898281FE6F3896B5B2035A3C200ED05C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2c:5e:65:f2:05:22:01:fa:09:10:4d:cc:97:
                    74:1f:56:35:bf:a9:97:a7:0b:ca:57:55:62:80:4c:
                    db:26:b8:ca:f5:fb:89:a1:b5:49:24:98:df:ee:9a:
                    e1:69:d0:c8:2f:91:18:1c:75:8b:5f:95:1e:68:d1:
                    b9:09:f8:80:2d:c7:98:8d:65:0c:6e:db:19:ca:98:
                    9b:1b:54:8f:ce:77:38:93:68:86:7f:bc:55:3e:bd:
                    c4:a9:7a:0e:e8:3e:ba:c7:9f:ce:d8:6e:de:9c:77:
                    38:62:8d:80:1d:9e:5e:ea:18:83:56:32:b3:c1:6a:
                    82:1b:da:b1:0f:df:8e:d8:d8:d4:da:a5:6a:1a:59:
                    12:f4:b7:dd:e7:ca:01:25:de:07:52:d3:a9:4e:48:
                    f5:09:3b:29:42:c0:90:f8:c5:0b:d8:0e:84:14:95:
                    de:72:ba:9d:98:97:e6:c6:ae:01:e2:6a:45:e4:9d:
                    30:a1:88:78:c6:30:d7:75:91:21:8f:ec:0c:eb:6d:
                    03:6c:3a:22:c0:7d:22:5d:aa:63:1b:89:8f:55:9b:
                    bb:89:b2:40:23:62:83:03:ba:c1:a6:21:f6:d3:e8:
                    85:34:e3:a2:cc:b4:e2:4b:99:b9:f5:d8:8d:80:4d:
                    d5:30:9d:ab:e3:e7:c1:b3:bf:a8:a9:40:32:7f:db:
                    be:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:39:21:3B:89:82:81:FE:6F:38:96:B5:B2:03:5A:3C:20:0E:D0:5C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:3e:ee:33:f2:31:ec:89:1c:1a:33:da:14:fb:b2:a5:90:10:
         a4:0e:e1:8f:68:dc:a1:b2:cc:2d:7d:0f:ff:9e:cc:6f:12:95:
         80:e0:44:5c:d0:1c:cc:a2:67:b2:48:33:06:6b:ff:08:ea:f4:
         ec:5f:4b:e2:ff:1c:26:8c:83:2d:cc:ae:32:3b:36:56:40:89:
         56:29:e5:e4:a9:1f:2a:dc:db:87:da:bc:5d:6f:17:3e:2e:e9:
         37:69:d0:16:e7:79:bc:0e:e8:21:62:b9:a9:6c:d6:a4:f4:92:
         4c:6c:7d:9f:9f:88:a3:68:83:52:4e:55:55:6d:f4:75:ec:a6:
         ab:e3:a7:ff:b8:d2:a8:65:6e:74:f9:30:f5:dc:5d:70:9a:3a:
         02:40:88:91:39:8f:2c:d3:1f:db:7b:8b:4f:5a:f9:45:59:1d:
         3d:78:1a:a1:6a:e2:a7:56:eb:6a:a0:18:5d:ec:00:9a:80:31:
         da:ab:bb:ce:a1:b8:dc:4e:4f:49:a4:65:65:58:af:6d:9c:1a:
         88:f4:d4:08:84:d7:a7:1d:e9:a6:ce:8a:19:6f:9b:af:2e:d8:
         db:a5:b6:62:37:f1:7c:fb:68:a0:57:46:7f:24:7a:49:63:42:
         58:1c:4a:8b:69:ca:ba:8c:4a:3c:86:3c:a7:da:03:67:19:73:
         ba:b3:24:e5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUbCL1aZrltTa9Xcb9O4/snbBTtcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NDNaFw0yNDEwMTgxMzQxNDNaMDMxMTAvBgNV
BAMTKDc5MzkyMTNCODk4MjgxRkU2RjM4OTZCNUIyMDM1QTNDMjAwRUQwNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdLF5l8gUiAfoJEE3Ml3QfVjW/
qZenC8pXVWKATNsmuMr1+4mhtUkkmN/umuFp0MgvkRgcdYtflR5o0bkJ+IAtx5iN
ZQxu2xnKmJsbVI/OdziTaIZ/vFU+vcSpeg7oPrrHn87Ybt6cdzhijYAdnl7qGINW
MrPBaoIb2rEP347Y2NTapWoaWRL0t93nygEl3gdS06lOSPUJOylCwJD4xQvYDoQU
ld5yup2Yl+bGrgHiakXknTChiHjGMNd1kSGP7AzrbQNsOiLAfSJdqmMbiY9Vm7uJ
skAjYoMDusGmIfbT6IU046LMtOJLmbn12I2ATdUwnavj58Gzv6ipQDJ/275ZAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUeTkhO4mCgf5vOJa1sgNaPCAO0FwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdAyMA0G
CSqGSIb3DQEBCwUAA4IBAQCYPu4z8jHsiRwaM9oU+7KlkBCkDuGPaNyhsswtfQ//
nsxvEpWA4ERc0BzMomeySDMGa/8I6vTsX0vi/xwmjIMtzK4yOzZWQIlWKeXkqR8q
3NuH2rxdbxc+Luk3adAW53m8DughYrmpbNak9JJMbH2fn4ijaINSTlVVbfR17Kar
46f/uNKoZW50+TD13F1wmjoCQIiROY8s0x/be4tPWvlFWR09eBqhauKnVutqoBhd
7ACagDHaq7vOobjcTk9JpGVlWK9tnBqI9NQIhNenHemmzooZb5uvLtjbpbZiN/F8
+2igV0Z/JHpJY0JYHEqLacq6jEo8hjyn2gNnGXO6syTl
-----END CERTIFICATE-----