Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31312e302f32342d3234203d3e20313337343039.roa
File:                     38362e34382e31312e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier:          436/KltPO+p7n59EWfkmuNb8kh76WX944s0yp9W6mJM=
Subject key identifier:   A2:A4:6E:4A:AE:00:82:4D:86:06:F8:B3:69:91:FA:72:A1:85:5F:BC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       037F3C6BD0C4D2BBD0840068BD287CA95B6CA948
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31312e302f32342d3234203d3e20313337343039.roa
Signing time:             Mon 26 Feb 2024 08:53:19 +0000
ROA not before:           Mon 26 Feb 2024 08:48:19 +0000
ROA not after:            Mon 24 Feb 2025 08:53:19 +0000
asID:                     137409
IP address blocks:        86.48.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7f:3c:6b:d0:c4:d2:bb:d0:84:00:68:bd:28:7c:a9:5b:6c:a9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:19 2024 GMT
            Not After : Feb 24 08:53:19 2025 GMT
        Subject: CN=A2A46E4AAE00824D8606F8B36991FA72A1855FBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3b:66:72:78:62:2a:56:05:84:70:d0:4c:18:
                    3a:fc:d9:7a:09:b1:2d:3a:f4:45:1a:72:9f:86:c2:
                    c7:90:24:8b:38:4c:bf:25:b2:2d:a0:43:c0:2d:4e:
                    55:72:c9:33:bf:14:38:aa:b7:ca:91:ef:8f:79:d2:
                    bc:04:a6:03:c0:04:25:ba:ca:70:44:4c:91:b4:99:
                    8d:da:34:cb:07:0f:ef:f9:b7:82:01:15:66:f2:f3:
                    9b:87:bd:52:db:e7:c8:7b:07:8c:6c:ff:80:df:6e:
                    71:5f:59:d3:e9:e8:f2:bb:ac:85:52:fd:fc:21:07:
                    66:57:b5:77:2b:f9:aa:5c:59:66:d9:ce:b1:d8:16:
                    4d:4a:03:95:c1:4d:19:aa:40:b6:4e:77:10:48:8d:
                    41:4a:ce:4e:87:84:87:da:d0:90:4e:f2:bc:88:a4:
                    3b:ae:6a:8c:a2:cd:7a:ed:9d:3c:ff:9e:6e:f2:a9:
                    88:85:a4:31:cc:03:3e:cb:a3:c5:dd:39:9a:3a:19:
                    42:e8:95:d7:ad:33:d3:6d:d9:52:70:d3:a8:0e:f3:
                    bd:74:bc:d9:9a:51:e1:2f:c5:dd:97:f2:e3:da:d0:
                    a4:63:7d:be:91:a0:7e:05:f0:86:cb:4d:12:c3:ac:
                    de:50:d3:ae:a3:42:1a:0f:d5:f1:bc:ec:ed:4c:b3:
                    2b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A4:6E:4A:AE:00:82:4D:86:06:F8:B3:69:91:FA:72:A1:85:5F:BC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31312e302f32342d3234203d3e20313337343039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:1b:8a:54:ee:eb:fa:ee:2b:97:fe:fd:1c:5e:72:28:52:9a:
         90:a0:25:e2:39:70:7d:e7:a4:5b:a2:38:b4:29:0d:ea:1b:f9:
         26:5f:c2:02:e8:c4:ca:08:14:e7:43:59:f2:3f:89:a1:4a:da:
         36:2a:34:20:38:18:5a:cd:58:9e:0f:c8:10:8e:84:03:4d:b6:
         a4:cd:d4:85:e3:16:b1:7b:e4:5a:ba:73:5f:1a:1f:88:fc:ca:
         1a:95:e7:14:37:26:9e:52:6b:b2:ac:a3:95:e3:18:9c:d9:b8:
         f1:df:ee:3b:85:3a:6e:51:9e:fc:0b:a2:47:da:d6:4f:81:d0:
         65:bd:6e:e2:75:03:c2:70:6b:1f:83:7b:55:06:80:e9:4d:6e:
         ca:83:16:cf:cf:15:91:66:87:a3:b5:17:e6:d1:41:68:20:f9:
         a6:60:f2:19:4d:9e:af:a7:96:8b:74:13:4f:ac:8b:c4:b0:32:
         08:4d:f0:d4:24:cf:17:64:8d:25:83:ac:d1:23:87:f6:e3:b9:
         13:dc:d1:7b:cb:de:b0:ff:d2:66:31:6a:26:c0:25:48:0d:b0:
         be:b5:a1:d0:4f:c8:dd:18:85:ec:71:3d:1b:f8:bb:e5:ba:35:
         2e:72:67:18:27:22:80:a1:64:07:ee:0d:2d:61:2a:7d:68:bd:
         7f:6b:67:08
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA388a9DE0rvQhABovSh8qVtsqUgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTlaFw0yNTAyMjQwODUzMTlaMDMxMTAvBgNV
BAMTKEEyQTQ2RTRBQUUwMDgyNEQ4NjA2RjhCMzY5OTFGQTcyQTE4NTVGQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJO2ZyeGIqVgWEcNBMGDr82XoJ
sS069EUacp+GwseQJIs4TL8lsi2gQ8AtTlVyyTO/FDiqt8qR74950rwEpgPABCW6
ynBETJG0mY3aNMsHD+/5t4IBFWby85uHvVLb58h7B4xs/4DfbnFfWdPp6PK7rIVS
/fwhB2ZXtXcr+apcWWbZzrHYFk1KA5XBTRmqQLZOdxBIjUFKzk6HhIfa0JBO8ryI
pDuuaoyizXrtnTz/nm7yqYiFpDHMAz7Lo8XdOZo6GULoldetM9Nt2VJw06gO8710
vNmaUeEvxd2X8uPa0KRjfb6RoH4F8IbLTRLDrN5Q066jQhoP1fG87O1Msyt3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoqRuSq4Agk2GBvizaZH6cqGFX7wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
CzANBgkqhkiG9w0BAQsFAAOCAQEAohuKVO7r+u4rl/79HF5yKFKakKAl4jlwfeek
W6I4tCkN6hv5Jl/CAujEyggU50NZ8j+JoUraNio0IDgYWs1Yng/IEI6EA022pM3U
heMWsXvkWrpzXxofiPzKGpXnFDcmnlJrsqyjleMYnNm48d/uO4U6blGe/AuiR9rW
T4HQZb1u4nUDwnBrH4N7VQaA6U1uyoMWz88VkWaHo7UX5tFBaCD5pmDyGU2er6eW
i3QTT6yLxLAyCE3w1CTPF2SNJYOs0SOH9uO5E9zRe8vesP/SZjFqJsAlSA2wvrWh
0E/I3RiF7HE9G/i75bo1LnJnGCcigKFkB+4NLWEqfWi9f2tnCA==
-----END CERTIFICATE-----