Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e31332e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          2rblI0dh8/eCM2pOmFkDbb0DCobeTGbOSDynY+7v1nE=
Subject key identifier:   37:CF:B6:E9:AA:13:86:9C:28:AE:FC:21:8A:DD:3F:8A:0D:C6:82:35
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       60370A747DB67415A67CBF9084846D443895461B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 27 Jan 2025 09:45:28 +0000
ROA not before:           Mon 27 Jan 2025 09:40:28 +0000
ROA not after:            Mon 26 Jan 2026 09:45:28 +0000
asID:                     136787
IP address blocks:        86.48.13.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:37:0a:74:7d:b6:74:15:a6:7c:bf:90:84:84:6d:44:38:95:46:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:28 2025 GMT
            Not After : Jan 26 09:45:28 2026 GMT
        Subject: CN=37CFB6E9AA13869C28AEFC218ADD3F8A0DC68235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c8:e0:3d:2f:32:be:80:b6:e4:49:8b:23:82:
                    fa:54:e7:7a:30:90:30:6f:96:09:03:94:e4:c3:05:
                    e5:b4:60:96:a3:53:66:b1:65:fc:b1:43:ee:4d:93:
                    25:77:c2:40:39:65:56:b0:cf:d4:43:f1:8a:39:9e:
                    9c:66:25:aa:6a:22:c7:69:f3:4a:99:23:da:ab:7d:
                    6d:8b:f7:8d:8a:78:3c:45:8b:68:db:30:85:42:df:
                    dc:b5:c7:cb:5c:0f:a3:04:1c:8d:8f:0c:05:f6:85:
                    d7:cf:3a:bd:6c:08:f5:bd:52:b8:e6:6f:a4:39:61:
                    cd:2d:9d:85:dc:39:9f:f8:3b:d2:8b:d8:a4:89:4c:
                    62:9e:af:48:ac:52:53:2b:3b:3d:f3:11:19:5c:ab:
                    ae:a5:13:44:4c:e3:18:14:0d:8a:c2:e3:86:15:a4:
                    ba:c5:0f:43:93:87:cd:91:47:fd:49:07:63:d0:15:
                    34:f9:52:94:57:42:09:3a:2f:fe:90:bc:b9:10:80:
                    f4:e3:65:c8:70:49:d3:46:9a:0e:0a:d9:0e:da:fe:
                    08:99:ce:a4:41:52:e7:32:6b:ca:4c:63:62:64:03:
                    8b:21:f8:27:3b:6e:eb:84:0e:04:de:1f:ec:08:41:
                    00:6d:d0:30:28:35:b4:cc:11:73:92:de:bf:17:75:
                    4e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:CF:B6:E9:AA:13:86:9C:28:AE:FC:21:8A:DD:3F:8A:0D:C6:82:35
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:67:9f:00:47:65:b7:87:e6:16:7f:af:ec:a5:33:50:6f:a0:
         60:e4:e1:33:81:4c:d3:4f:a3:c0:18:1e:d8:42:7a:29:ca:27:
         df:d9:8c:36:97:0c:53:06:71:02:4d:b0:6a:89:32:c7:fb:26:
         09:8d:24:a2:ae:87:e7:9b:b3:21:63:d6:51:af:63:1a:a8:b7:
         e8:2f:7d:60:ac:13:cd:e7:13:df:8b:e7:f6:29:66:f8:34:bd:
         08:40:c6:fe:60:a5:33:02:2a:77:f3:1c:1a:63:98:5a:93:2d:
         09:02:3d:53:87:25:9d:ef:4a:a2:88:75:9e:50:08:8c:11:de:
         62:a1:dd:c3:14:85:84:bb:d6:ed:6d:ee:2e:52:3a:6d:df:d7:
         b5:5b:b5:dc:a7:05:13:11:1b:33:f7:f9:f2:81:95:4c:9b:1a:
         aa:28:6a:d1:f8:40:cc:b9:78:87:df:e9:5a:a5:c6:41:34:ee:
         2b:7e:58:ee:c7:b2:95:70:b6:b8:ac:5a:d0:14:3a:93:b6:90:
         6c:1f:a5:40:a1:15:b1:76:17:f8:4a:3e:6c:b7:bb:8c:c9:2f:
         f1:e4:95:b3:1b:7e:f8:50:bd:45:aa:6a:7c:79:83:5b:45:24:
         ea:06:c1:86:fa:5c:10:c2:11:14:62:b9:27:b3:71:53:01:8b:
         a3:73:65:24
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYDcKdH22dBWmfL+QhIRtRDiVRhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMjhaFw0yNjAxMjYwOTQ1MjhaMDMxMTAvBgNV
BAMTKDM3Q0ZCNkU5QUExMzg2OUMyOEFFRkMyMThBREQzRjhBMERDNjgyMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCryOA9LzK+gLbkSYsjgvpU53ow
kDBvlgkDlOTDBeW0YJajU2axZfyxQ+5NkyV3wkA5ZVawz9RD8Yo5npxmJapqIsdp
80qZI9qrfW2L942KeDxFi2jbMIVC39y1x8tcD6MEHI2PDAX2hdfPOr1sCPW9Urjm
b6Q5Yc0tnYXcOZ/4O9KL2KSJTGKer0isUlMrOz3zERlcq66lE0RM4xgUDYrC44YV
pLrFD0OTh82RR/1JB2PQFTT5UpRXQgk6L/6QvLkQgPTjZchwSdNGmg4K2Q7a/giZ
zqRBUucya8pMY2JkA4sh+Cc7buuEDgTeH+wIQQBt0DAoNbTMEXOS3r8XdU47AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN8+26aoThpworvwhit0/ig3GgjUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzMzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
DTANBgkqhkiG9w0BAQsFAAOCAQEAZWefAEdlt4fmFn+v7KUzUG+gYOThM4FM00+j
wBge2EJ6Kcon39mMNpcMUwZxAk2waokyx/smCY0koq6H55uzIWPWUa9jGqi36C99
YKwTzecT34vn9ilm+DS9CEDG/mClMwIqd/McGmOYWpMtCQI9U4clne9Kooh1nlAI
jBHeYqHdwxSFhLvW7W3uLlI6bd/XtVu13KcFExEbM/f58oGVTJsaqihq0fhAzLl4
h9/pWqXGQTTuK35Y7seylXC2uKxa0BQ6k7aQbB+lQKEVsXYX+Eo+bLe7jMkv8eSV
sxt++FC9RapqfHmDW0Uk6gbBhvpcEMIRFGK5J7NxUwGLo3NlJA==
-----END CERTIFICATE-----