Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e302e302f32322d3332203d3e203531313637.roa
File:                     38362e34382e302e302f32322d3332203d3e203531313637.roa (raw, json)
Hash identifier:          QnZsx2qnkk8Q8D8hUxfP99Lu0qL5SYcKKd0/gcTMnmA=
Subject key identifier:   44:BA:4F:45:90:62:29:24:CB:FE:56:F8:36:9A:AE:A7:2E:3A:61:98
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2811507C14B4E7996D7AAC1A7E49ECCC0D790CCA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e302e302f32322d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:11 +0000
ROA not before:           Mon 26 Feb 2024 08:48:11 +0000
ROA not after:            Mon 24 Feb 2025 08:53:11 +0000
asID:                     51167
IP address blocks:        86.48.0.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:11:50:7c:14:b4:e7:99:6d:7a:ac:1a:7e:49:ec:cc:0d:79:0c:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:11 2024 GMT
            Not After : Feb 24 08:53:11 2025 GMT
        Subject: CN=44BA4F4590622924CBFE56F8369AAEA72E3A6198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1f:d2:97:6d:02:49:ff:44:c5:38:86:b7:28:
                    bc:76:10:dc:82:6d:0d:ed:00:7b:10:f7:07:91:1c:
                    92:b3:92:0f:af:b2:cd:39:6f:cb:96:c1:b7:93:bc:
                    c6:07:9e:0a:19:77:b6:43:8c:a6:a9:0d:81:34:da:
                    8f:1c:74:4a:d9:cb:44:72:5e:5e:b6:97:80:0f:74:
                    84:b8:af:e2:e3:cb:88:22:08:78:d3:ff:dd:cd:e0:
                    dd:87:86:c0:1b:f2:cd:c3:d6:a4:e1:88:e5:7a:b7:
                    26:eb:75:03:52:5e:5a:43:a9:76:d5:5d:37:fe:b8:
                    c4:1e:b1:ac:30:d7:b7:bd:67:62:f0:45:b5:a8:69:
                    92:46:8d:d0:99:50:8a:a6:8d:98:c0:61:ee:a7:b5:
                    45:ee:71:0b:64:eb:88:c6:c9:ce:4c:c1:1f:f7:d4:
                    71:2a:7c:77:14:69:b6:ef:6c:d3:8f:8d:a4:3d:5b:
                    f1:30:71:da:36:61:ce:28:39:ba:8b:dd:42:ab:38:
                    e7:62:6c:6f:56:bf:23:1f:3b:4b:26:98:3d:24:41:
                    30:b4:80:73:7d:d0:e4:d4:2b:3b:36:6c:a1:e8:71:
                    6d:fb:9b:87:32:cc:17:7f:57:9d:d6:be:ff:30:24:
                    fe:86:b0:8e:d2:b7:30:d8:40:ca:8d:4c:2b:03:3c:
                    e3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:BA:4F:45:90:62:29:24:CB:FE:56:F8:36:9A:AE:A7:2E:3A:61:98
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e302e302f32322d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:35:39:4b:f8:6d:7f:da:91:47:fc:02:e4:7d:0b:27:23:9c:
         ac:e9:eb:a4:24:31:58:25:93:9f:e6:11:c7:c0:1a:46:ee:c4:
         c7:8c:50:e3:53:cc:53:03:10:79:3a:96:6b:d6:8e:31:52:1d:
         e2:29:f1:87:77:09:b5:f9:20:81:3d:ea:72:5a:cd:5f:89:34:
         e3:ef:68:31:f8:b0:2e:3b:70:87:d8:8a:c6:63:cc:d2:dc:d9:
         a6:8e:a2:03:4b:79:1f:6c:58:6d:10:8f:bf:5a:c8:ad:16:80:
         de:37:c0:db:5b:29:e9:f9:54:62:3a:09:7a:4c:6c:63:f6:f9:
         65:35:b2:45:57:97:c6:2f:8a:47:ac:19:a2:16:24:ae:85:ab:
         7f:9f:a7:a6:e4:50:73:70:82:33:b8:a2:a5:22:37:a9:fc:8a:
         a2:e4:b8:1b:3e:5e:f5:f2:4f:4a:b2:3a:f9:6b:e7:7d:ea:19:
         19:63:f8:ea:48:80:f2:04:70:78:d2:e6:f8:3d:b1:f8:76:02:
         25:28:46:a2:b2:e4:67:b4:0f:38:fe:43:31:5b:4d:6a:35:39:
         90:94:11:02:3a:8f:6c:8f:af:f0:5b:97:34:0e:3d:c0:4a:15:
         18:ef:eb:b1:16:27:cb:48:1e:a7:03:e7:cc:30:29:b6:f4:0c:
         77:09:c6:fb
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUKBFQfBS055lteqwafknszA15DMowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTFaFw0yNTAyMjQwODUzMTFaMDMxMTAvBgNV
BAMTKDQ0QkE0RjQ1OTA2MjI5MjRDQkZFNTZGODM2OUFBRUE3MkUzQTYxOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaH9KXbQJJ/0TFOIa3KLx2ENyC
bQ3tAHsQ9weRHJKzkg+vss05b8uWwbeTvMYHngoZd7ZDjKapDYE02o8cdErZy0Ry
Xl62l4APdIS4r+Ljy4giCHjT/93N4N2HhsAb8s3D1qThiOV6tybrdQNSXlpDqXbV
XTf+uMQesaww17e9Z2LwRbWoaZJGjdCZUIqmjZjAYe6ntUXucQtk64jGyc5MwR/3
1HEqfHcUabbvbNOPjaQ9W/Ewcdo2Yc4oObqL3UKrOOdibG9WvyMfO0smmD0kQTC0
gHN90OTUKzs2bKHocW37m4cyzBd/V53Wvv8wJP6GsI7StzDYQMqNTCsDPOPLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQURLpPRZBiKSTL/lb4Npqupy46YZgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzAyZTMw
MmYzMjMyMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVjAAMA0G
CSqGSIb3DQEBCwUAA4IBAQBINTlL+G1/2pFH/ALkfQsnI5ys6eukJDFYJZOf5hHH
wBpG7sTHjFDjU8xTAxB5OpZr1o4xUh3iKfGHdwm1+SCBPepyWs1fiTTj72gx+LAu
O3CH2IrGY8zS3NmmjqIDS3kfbFhtEI+/WsitFoDeN8DbWynp+VRiOgl6TGxj9vll
NbJFV5fGL4pHrBmiFiSuhat/n6em5FBzcIIzuKKlIjep/Iqi5LgbPl718k9Ksjr5
a+d96hkZY/jqSIDyBHB40ub4PbH4dgIlKEaisuRntA84/kMxW01qNTmQlBECOo9s
j6/wW5c0Dj3AShUY7+uxFifLSB6nA+fMMCm29Ax3Ccb7
-----END CERTIFICATE-----