Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e31302e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          jqFqn2pYMq1giKgEqv3Q5FmFde3nwgc0bcGXXuT/lhA=
Subject key identifier:   0E:BC:5E:23:93:C3:37:10:36:E0:9E:45:01:33:86:98:12:1A:A5:9C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       78E74A9D30CA60BD75E956FE96C18D90DD5C3B2B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 27 Jan 2025 09:45:26 +0000
ROA not before:           Mon 27 Jan 2025 09:40:26 +0000
ROA not after:            Mon 26 Jan 2026 09:45:26 +0000
asID:                     136787
IP address blocks:        86.48.10.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e7:4a:9d:30:ca:60:bd:75:e9:56:fe:96:c1:8d:90:dd:5c:3b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:26 2025 GMT
            Not After : Jan 26 09:45:26 2026 GMT
        Subject: CN=0EBC5E2393C3371036E09E4501338698121AA59C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d6:01:0c:9b:c4:70:6e:b2:ad:62:a5:38:2f:
                    88:16:9c:cc:86:a9:13:c3:20:cf:e1:49:60:7b:d4:
                    e7:94:00:ef:65:2c:15:b6:2d:77:4f:a9:ad:a5:f1:
                    4a:68:0e:62:e2:28:39:85:02:0b:4b:2e:3c:4c:27:
                    42:d2:e2:ed:c4:17:0a:7f:a6:1b:b1:d4:32:af:8b:
                    03:d0:18:92:91:b0:81:57:bf:1d:cf:d8:58:94:0a:
                    e7:83:85:3d:f2:3b:e0:34:2b:24:be:49:3e:cb:4c:
                    75:47:15:20:26:a5:45:28:83:3e:7a:a6:28:de:eb:
                    e9:f9:bd:7b:9f:fc:b5:7b:d7:50:3f:05:df:6f:ea:
                    b6:5d:8d:82:2b:ec:e3:14:2b:c9:67:ef:40:a7:4d:
                    88:27:12:8a:c8:58:61:31:59:a3:69:9e:0d:2b:2e:
                    da:1b:af:94:6e:3e:21:65:7d:da:0c:47:60:3f:25:
                    bc:4e:4b:8d:dc:9d:35:dc:74:96:47:08:bd:32:52:
                    b4:6c:61:5f:b9:ae:2f:6c:98:7e:8b:dd:1e:a2:d7:
                    c0:20:7c:04:7d:0f:50:64:f1:5c:09:df:b3:d8:14:
                    a2:e9:2d:d1:b1:c1:be:f6:ae:be:3c:5e:cb:20:31:
                    ce:32:80:88:f7:cb:7d:80:71:6d:84:94:17:01:63:
                    52:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BC:5E:23:93:C3:37:10:36:E0:9E:45:01:33:86:98:12:1A:A5:9C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d9:2d:8f:ca:20:d4:c2:1d:33:5d:e9:e4:d1:96:4e:dd:dc:
         8d:6a:f5:5a:ed:97:22:a9:d0:27:39:49:80:03:f7:8e:31:03:
         d8:cb:5b:89:be:fb:0e:4e:5a:6a:29:5a:95:ef:73:30:06:3b:
         94:54:2b:87:28:86:90:c8:11:0d:2d:81:77:8d:5a:0c:18:59:
         90:b5:fb:01:e4:11:48:eb:48:e5:21:ac:59:37:59:b7:7a:82:
         75:75:78:1a:22:7a:75:d0:de:d1:bd:63:0e:3d:3e:cd:99:17:
         d9:3b:c1:d4:84:a9:ca:c5:7f:6a:8b:5f:49:da:20:8b:11:a1:
         43:28:bc:a9:66:75:0b:7c:e2:a4:14:7c:4a:1e:02:4e:6f:3f:
         58:6b:a1:52:e0:21:96:6b:d5:74:68:96:fb:91:5c:2c:5c:d8:
         63:c1:8d:ba:64:13:16:d4:1b:8c:e6:98:2e:0c:b2:ac:5d:46:
         e5:01:23:ff:f3:1f:9b:0d:eb:7e:ca:9d:a5:ff:16:e7:66:a3:
         d2:b5:a1:be:b6:7b:39:13:81:db:6c:e8:f0:e9:28:f7:40:97:
         a3:20:e5:c3:45:b6:f4:c5:de:8f:13:09:df:8a:94:e0:56:3e:
         cb:12:08:64:35:c5:e4:0b:f3:a6:d3:f5:9f:e9:fc:03:57:59:
         91:0a:a5:2a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeOdKnTDKYL116Vb+lsGNkN1cOyswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMjZaFw0yNjAxMjYwOTQ1MjZaMDMxMTAvBgNV
BAMTKDBFQkM1RTIzOTNDMzM3MTAzNkUwOUU0NTAxMzM4Njk4MTIxQUE1OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe1gEMm8RwbrKtYqU4L4gWnMyG
qRPDIM/hSWB71OeUAO9lLBW2LXdPqa2l8UpoDmLiKDmFAgtLLjxMJ0LS4u3EFwp/
phux1DKviwPQGJKRsIFXvx3P2FiUCueDhT3yO+A0KyS+ST7LTHVHFSAmpUUogz56
pije6+n5vXuf/LV711A/Bd9v6rZdjYIr7OMUK8ln70CnTYgnEorIWGExWaNpng0r
Ltobr5RuPiFlfdoMR2A/JbxOS43cnTXcdJZHCL0yUrRsYV+5ri9smH6L3R6i18Ag
fAR9D1Bk8VwJ37PYFKLpLdGxwb72rr48XssgMc4ygIj3y32AcW2ElBcBY1L3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDrxeI5PDNxA24J5FATOGmBIapZwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzMDJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
CjANBgkqhkiG9w0BAQsFAAOCAQEAS9ktj8og1MIdM13p5NGWTt3cjWr1Wu2XIqnQ
JzlJgAP3jjED2Mtbib77Dk5aailale9zMAY7lFQrhyiGkMgRDS2Bd41aDBhZkLX7
AeQRSOtI5SGsWTdZt3qCdXV4GiJ6ddDe0b1jDj0+zZkX2TvB1ISpysV/aotfSdog
ixGhQyi8qWZ1C3zipBR8Sh4CTm8/WGuhUuAhlmvVdGiW+5FcLFzYY8GNumQTFtQb
jOaYLgyyrF1G5QEj//Mfmw3rfsqdpf8W52aj0rWhvrZ7OROB22zo8Oko90CXoyDl
w0W29MXejxMJ34qU4FY+yxIIZDXF5AvzptP1n+n8A1dZkQqlKg==
-----END CERTIFICATE-----