Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e31302e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          JzZYmTXpL0wMHp7mbHPk/IeHTG+UfSptOnHZy15Vejs=
Subject key identifier:   88:E3:14:F0:52:D6:ED:59:EF:A0:EF:7A:BC:F6:E0:45:25:52:28:D5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4C611923DC1F100CEB529CDBB6AE213A6726F895
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:11 +0000
ROA not before:           Mon 26 Feb 2024 08:48:11 +0000
ROA not after:            Mon 24 Feb 2025 08:53:11 +0000
asID:                     136787
IP address blocks:        86.48.10.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:61:19:23:dc:1f:10:0c:eb:52:9c:db:b6:ae:21:3a:67:26:f8:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:11 2024 GMT
            Not After : Feb 24 08:53:11 2025 GMT
        Subject: CN=88E314F052D6ED59EFA0EF7ABCF6E045255228D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e2:9c:70:08:43:6b:37:18:35:94:e1:20:94:
                    c2:6d:79:58:de:22:0a:b7:fd:3f:00:7f:36:a2:d5:
                    f5:6d:0f:c3:bc:3a:52:ef:4f:9c:13:0f:6b:3d:e4:
                    a9:19:57:9b:e4:1f:0f:af:e0:65:9b:2f:d3:e9:b8:
                    75:c1:d0:72:d3:2a:cd:6e:8b:40:21:9f:c1:b3:ba:
                    39:48:14:43:94:19:03:b1:fc:27:b9:fa:5f:ff:a0:
                    a7:77:ae:a5:f5:ec:14:49:d9:27:00:cc:58:68:9b:
                    4f:f7:7b:72:45:3d:2f:7c:9e:13:e6:2e:c1:de:c8:
                    aa:92:10:e8:d8:3e:28:16:84:f8:83:18:f4:ba:49:
                    e6:6e:d7:2f:54:c3:12:a0:10:25:24:93:d7:70:39:
                    d5:71:76:6f:30:e2:ea:4b:06:12:4d:c9:93:49:aa:
                    b0:f6:be:10:cd:0f:50:9b:17:4c:02:0a:f8:e3:31:
                    d5:09:1b:3e:4f:40:36:74:4a:57:3b:91:c9:aa:af:
                    7f:db:5c:69:10:06:fc:cf:62:cf:0f:ac:53:29:e0:
                    2a:df:6f:bb:7f:43:5d:58:5d:3c:b8:27:59:ca:2e:
                    a0:3c:6c:4c:74:c6:b6:cc:71:e7:d0:47:f8:de:91:
                    10:87:5a:85:db:18:67:c0:db:d1:3a:f6:e0:03:03:
                    65:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E3:14:F0:52:D6:ED:59:EF:A0:EF:7A:BC:F6:E0:45:25:52:28:D5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31302e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:fe:f9:ca:a4:e6:02:41:ab:43:95:6e:4f:ea:84:fe:59:53:
         c3:7d:c2:04:6e:c2:b8:5b:af:14:17:9b:a2:95:9b:94:72:7a:
         e1:c0:54:b0:cd:d4:47:e4:6b:e2:55:d8:a8:f5:b6:be:b0:36:
         6f:fe:1d:b5:5c:52:d2:20:8f:76:07:cd:20:d7:ea:25:b2:50:
         9e:da:f4:50:b8:ba:70:fb:58:31:36:db:66:4c:94:db:6f:9a:
         d3:20:fe:30:c2:65:a1:ed:40:82:ed:94:c6:ff:d3:92:97:eb:
         dd:72:a8:28:8c:17:0f:9c:8e:77:bb:d1:7a:41:80:f9:b9:19:
         ec:2e:f9:61:29:1b:c1:a2:3e:f2:6e:41:f9:24:07:0e:c2:27:
         f5:ef:3d:fe:4a:3b:b3:cb:55:8a:35:de:20:26:43:e5:e6:4a:
         d1:79:3f:7f:1b:35:7f:8d:e7:a0:a3:72:55:c0:c0:48:c1:9e:
         00:3f:c1:d0:ed:92:bd:9b:ef:bb:36:f6:96:ee:c3:10:b1:7a:
         57:69:e6:fc:29:68:da:80:c2:a8:96:13:23:fd:97:c7:4d:f9:
         88:71:94:c5:71:4f:5b:14:69:5d:11:c8:4f:dd:91:fe:60:bf:
         54:54:2c:9d:7e:83:c6:e8:ba:99:8b:bb:95:b5:97:b4:2d:54:
         01:de:8c:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTGEZI9wfEAzrUpzbtq4hOmcm+JUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTFaFw0yNTAyMjQwODUzMTFaMDMxMTAvBgNV
BAMTKDg4RTMxNEYwNTJENkVENTlFRkEwRUY3QUJDRjZFMDQ1MjU1MjI4RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI4pxwCENrNxg1lOEglMJteVje
Igq3/T8Afzai1fVtD8O8OlLvT5wTD2s95KkZV5vkHw+v4GWbL9PpuHXB0HLTKs1u
i0Ahn8GzujlIFEOUGQOx/Ce5+l//oKd3rqX17BRJ2ScAzFhom0/3e3JFPS98nhPm
LsHeyKqSEOjYPigWhPiDGPS6SeZu1y9UwxKgECUkk9dwOdVxdm8w4upLBhJNyZNJ
qrD2vhDND1CbF0wCCvjjMdUJGz5PQDZ0Slc7kcmqr3/bXGkQBvzPYs8PrFMp4Crf
b7t/Q11YXTy4J1nKLqA8bEx0xrbMcefQR/jekRCHWoXbGGfA29E69uADA2XxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiOMU8FLW7VnvoO96vPbgRSVSKNUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzMDJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
CjANBgkqhkiG9w0BAQsFAAOCAQEAd/75yqTmAkGrQ5VuT+qE/llTw33CBG7CuFuv
FBebopWblHJ64cBUsM3UR+Rr4lXYqPW2vrA2b/4dtVxS0iCPdgfNINfqJbJQntr0
ULi6cPtYMTbbZkyU22+a0yD+MMJloe1Agu2Uxv/Tkpfr3XKoKIwXD5yOd7vRekGA
+bkZ7C75YSkbwaI+8m5B+SQHDsIn9e89/ko7s8tVijXeICZD5eZK0Xk/fxs1f43n
oKNyVcDASMGeAD/B0O2SvZvvuzb2lu7DELF6V2nm/Clo2oDCqJYTI/2Xx035iHGU
xXFPWxRpXRHIT92R/mC/VFQsnX6Dxui6mYu7lbWXtC1UAd6MPQ==
-----END CERTIFICATE-----