Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa
File:                     38352e33312e3233362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          E386ktnkmhgp8xSjXSldeQty92UeVyp+JjRbHNDCzWs=
Subject key identifier:   70:14:73:91:9A:25:4A:EA:D3:0E:DC:3A:93:A5:63:15:B7:E6:C0:A6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2F77AF4E97CE46A3EC2B6EED27CE0105E014E1C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        85.31.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:77:af:4e:97:ce:46:a3:ec:2b:6e:ed:27:ce:01:05:e0:14:e1:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=701473919A254AEAD30EDC3A93A56315B7E6C0A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:78:30:60:56:da:33:5d:65:bb:5a:79:df:c6:
                    30:0c:4f:5e:56:ca:fb:97:b3:c3:da:6b:d6:ce:d0:
                    af:37:05:e1:5b:48:37:a9:c1:a0:cb:80:bb:3e:6c:
                    fc:b7:32:e1:b7:d0:a9:4b:27:d7:d8:93:95:15:7e:
                    1e:e7:30:42:d6:88:56:91:d4:8e:6d:7c:4b:a1:f2:
                    ca:f6:b4:9c:54:4e:64:d1:d0:b3:06:71:20:98:3f:
                    ee:77:20:2a:79:d7:3b:f9:14:b9:d7:77:69:21:1b:
                    ad:84:9f:13:b4:79:6e:1c:85:78:67:aa:d4:85:b3:
                    ce:e9:f6:c4:32:f6:7f:1d:ff:06:3a:be:bb:64:34:
                    f9:88:22:47:9c:fc:4d:8b:83:25:61:a8:00:a8:33:
                    67:33:24:ae:0d:d9:61:c8:e9:52:3b:b8:6f:c0:1a:
                    e1:c8:20:cd:3a:05:38:bf:2d:13:5e:05:7f:62:d9:
                    26:34:0e:ad:d0:4c:81:ec:bc:a3:df:78:e6:89:95:
                    fd:4c:9b:de:e5:39:da:8a:84:13:b2:7b:ce:71:b6:
                    0d:e5:de:fc:8a:a1:56:a9:64:ab:bf:87:be:2e:f0:
                    73:8b:ec:2c:88:d7:dd:cc:36:3f:f5:fe:b9:08:83:
                    99:29:c9:db:79:15:6b:1e:d5:28:f1:40:0d:40:4c:
                    15:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:14:73:91:9A:25:4A:EA:D3:0E:DC:3A:93:A5:63:15:B7:E6:C0:A6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:46:56:67:0a:55:e8:14:e5:be:d5:26:cf:dc:b2:f8:7d:64:
         d0:8b:bf:05:4d:f6:4c:82:80:a7:47:60:57:36:08:55:39:a2:
         ea:57:49:2c:81:11:92:dd:bd:f7:7d:fc:e0:f2:44:94:34:61:
         e0:ce:3d:48:71:0d:73:87:14:aa:98:8d:a8:60:56:2b:a5:6a:
         d9:6e:ee:07:4a:f1:bd:88:75:43:7f:7d:83:29:24:ff:11:27:
         6e:8b:d2:f4:01:70:ce:8e:8a:a3:b3:de:40:40:8d:8c:20:e3:
         6f:70:83:ca:d9:47:70:98:4f:16:70:1f:20:7c:51:8c:f5:a9:
         87:27:53:6b:bc:55:09:cb:22:29:57:d2:92:19:5e:fe:52:bf:
         fc:26:67:0f:0d:86:d0:a1:a9:6c:b5:91:12:1c:64:d7:08:b3:
         0f:bd:e5:01:ad:90:47:ad:12:29:fe:ba:7b:9f:2e:12:c7:6a:
         0e:7e:26:93:93:80:bb:37:f1:9b:3e:03:b9:fd:77:00:ba:90:
         42:04:70:9f:14:1a:14:12:2c:24:ec:06:d1:04:8c:aa:99:fc:
         bf:be:d2:23:f0:ee:c8:f1:b4:ba:b8:af:b8:64:7c:c0:f6:86:
         7c:7a:a6:00:bd:3d:2d:12:b9:cc:e6:47:d7:3d:0a:22:9b:05:
         d3:e4:a0:37
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUL3evTpfORqPsK27tJ84BBeAU4cEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKDcwMTQ3MzkxOUEyNTRBRUFEMzBFREMzQTkzQTU2MzE1QjdFNkMwQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfeDBgVtozXWW7WnnfxjAMT15W
yvuXs8Paa9bO0K83BeFbSDepwaDLgLs+bPy3MuG30KlLJ9fYk5UVfh7nMELWiFaR
1I5tfEuh8sr2tJxUTmTR0LMGcSCYP+53ICp51zv5FLnXd2khG62EnxO0eW4chXhn
qtSFs87p9sQy9n8d/wY6vrtkNPmIIkec/E2LgyVhqACoM2czJK4N2WHI6VI7uG/A
GuHIIM06BTi/LRNeBX9i2SY0Dq3QTIHsvKPfeOaJlf1Mm97lOdqKhBOye85xtg3l
3vyKoVapZKu/h74u8HOL7CyI193MNj/1/rkIg5kpydt5FWse1SjxQA1ATBWrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcBRzkZolSurTDtw6k6VjFbfmwKYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMzM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlUf
7DANBgkqhkiG9w0BAQsFAAOCAQEAFkZWZwpV6BTlvtUmz9yy+H1k0Iu/BU32TIKA
p0dgVzYIVTmi6ldJLIERkt2993384PJElDRh4M49SHENc4cUqpiNqGBWK6Vq2W7u
B0rxvYh1Q399gykk/xEnbovS9AFwzo6Ko7PeQECNjCDjb3CDytlHcJhPFnAfIHxR
jPWphydTa7xVCcsiKVfSkhle/lK//CZnDw2G0KGpbLWREhxk1wizD73lAa2QR60S
Kf66e58uEsdqDn4mk5OAuzfxmz4Duf13ALqQQgRwnxQaFBIsJOwG0QSMqpn8v77S
I/DuyPG0urivuGR8wPaGfHqmAL09LRK5zOZH1z0KIpsF0+SgNw==
-----END CERTIFICATE-----