Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa
File:                     38352e33312e3233322e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          qnstmBaWzlciLfKfetyLWvMW8JFmMgUQzebQruHV4gk=
Subject key identifier:   7D:CD:35:D7:FA:27:4A:06:68:37:98:88:5D:ED:3D:3D:46:A4:48:2F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       38E71AA812E7D4FA35040687E969D264497D02F0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        85.31.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:e7:1a:a8:12:e7:d4:fa:35:04:06:87:e9:69:d2:64:49:7d:02:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=7DCD35D7FA274A06683798885DED3D3D46A4482F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7b:ca:f6:2a:88:9b:ef:53:99:2a:bc:39:6b:
                    7d:73:dd:4c:da:e7:60:e3:62:e9:bd:2b:5d:0f:70:
                    4e:7a:c5:95:7e:29:e7:14:6c:10:88:47:cc:de:9e:
                    14:56:55:e5:3c:f5:45:a1:5a:6c:23:1d:cd:96:c4:
                    e4:af:b7:ff:34:64:c4:af:63:68:33:1a:2c:87:42:
                    82:b8:ce:2d:81:bb:07:52:0a:9d:7d:b9:69:d0:a2:
                    f6:00:db:08:74:0a:b8:b1:03:43:aa:07:36:15:11:
                    ed:a1:99:55:c4:09:00:f8:52:0e:e5:de:7a:24:8e:
                    23:4a:14:00:11:5e:32:3d:1b:21:2d:17:50:8b:38:
                    76:09:1e:c4:e8:5f:cc:26:5c:fe:a0:ba:7f:76:f9:
                    f5:14:2b:04:50:8d:b9:30:aa:7f:d6:87:31:33:37:
                    a1:6b:a6:6a:14:bf:df:6e:ae:4d:fd:47:8f:48:be:
                    3d:47:33:57:0a:3e:50:ec:54:4a:5a:97:ad:f1:fc:
                    44:a3:55:12:32:23:a8:21:0f:a9:d4:d6:53:1e:c5:
                    35:e3:d3:b3:87:fb:70:73:7c:bf:63:1f:9d:e6:b1:
                    96:05:b6:54:0d:ef:00:2f:f7:f2:c8:be:78:08:0a:
                    77:bf:59:9f:23:38:e7:67:31:71:8e:e8:41:33:32:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CD:35:D7:FA:27:4A:06:68:37:98:88:5D:ED:3D:3D:46:A4:48:2F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:ad:20:cd:a8:66:72:3d:db:e3:77:bc:63:f2:7a:d8:e0:39:
         1a:46:0f:48:4b:b2:e2:32:06:9a:7f:3e:5b:45:08:70:d2:e1:
         99:1b:79:4c:86:78:72:89:ee:04:04:d1:0b:db:2c:4e:0d:00:
         f4:f6:85:68:05:4a:6c:0c:8b:e6:ef:35:eb:c3:47:19:2e:86:
         42:ad:bf:10:56:27:1b:e8:64:14:ce:65:88:a4:97:81:d2:ba:
         7d:b2:f6:5d:03:1e:4c:82:df:ec:18:5c:91:82:fb:2d:bf:f4:
         29:4d:07:1f:97:9c:f7:d8:ee:5f:cc:0e:9c:da:ce:4a:ca:bf:
         90:bf:cb:36:a1:96:30:7e:01:ff:ae:0b:bc:6d:57:9c:34:4b:
         c8:d4:0c:25:e7:ad:f9:db:67:5e:d9:ac:ca:cb:99:07:07:65:
         17:8d:0f:76:17:42:7e:0d:c7:da:77:fc:f0:42:67:9f:fc:a6:
         e2:66:a4:8d:82:88:1e:96:08:51:d7:0b:d2:8f:32:16:60:8c:
         8f:f7:ec:69:1c:86:4b:a2:a6:f4:91:c6:4f:42:ce:90:60:8e:
         71:83:ce:5a:dc:11:29:d8:eb:5c:6c:46:0e:4d:51:a3:bd:7d:
         a4:8f:1b:80:fb:07:26:59:5e:02:4e:5b:81:d4:9c:02:89:1c:
         ba:78:e2:07
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOOcaqBLn1Po1BAaH6WnSZEl9AvAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKDdEQ0QzNUQ3RkEyNzRBMDY2ODM3OTg4ODVERUQzRDNENDZBNDQ4MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwe8r2Koib71OZKrw5a31z3Uza
52DjYum9K10PcE56xZV+KecUbBCIR8zenhRWVeU89UWhWmwjHc2WxOSvt/80ZMSv
Y2gzGiyHQoK4zi2BuwdSCp19uWnQovYA2wh0CrixA0OqBzYVEe2hmVXECQD4Ug7l
3nokjiNKFAARXjI9GyEtF1CLOHYJHsToX8wmXP6gun92+fUUKwRQjbkwqn/WhzEz
N6FrpmoUv99urk39R49Ivj1HM1cKPlDsVEpal63x/ESjVRIyI6ghD6nU1lMexTXj
07OH+3BzfL9jH53msZYFtlQN7wAv9/LIvngICne/WZ8jOOdnMXGO6EEzMnFLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfc011/onSgZoN5iIXe09PUakSC8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMzMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlUf
6DANBgkqhkiG9w0BAQsFAAOCAQEAiK0gzahmcj3b43e8Y/J62OA5GkYPSEuy4jIG
mn8+W0UIcNLhmRt5TIZ4conuBATRC9ssTg0A9PaFaAVKbAyL5u8168NHGS6GQq2/
EFYnG+hkFM5liKSXgdK6fbL2XQMeTILf7BhckYL7Lb/0KU0HH5ec99juX8wOnNrO
Ssq/kL/LNqGWMH4B/64LvG1XnDRLyNQMJeet+dtnXtmsysuZBwdlF40PdhdCfg3H
2nf88EJnn/ym4makjYKIHpYIUdcL0o8yFmCMj/fsaRyGS6Km9JHGT0LOkGCOcYPO
WtwRKdjrXGxGDk1Ro719pI8bgPsHJlleAk5bgdScAokcunjiBw==
-----END CERTIFICATE-----