Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e31332e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          Z8Qv0dVCEzDasKmsxu4xka6py0LOdfkLk++LJ2kCddM=
Subject key identifier:   D1:01:2D:22:0A:FA:B1:FF:1C:8D:3A:E1:A4:43:A8:69:B5:8E:18:3E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2945835404AAE74BE19CB2E1D4A7265FBD8DBF09
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     136787
IP address blocks:        86.48.13.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:54:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:45:83:54:04:aa:e7:4b:e1:9c:b2:e1:d4:a7:26:5f:bd:8d:bf:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=D1012D220AFAB1FF1C8D3AE1A443A869B58E183E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:22:cd:82:6a:5b:26:38:56:dc:7c:a0:5d:85:
                    a4:6f:dd:1f:0c:e0:38:86:98:50:6f:84:e3:8b:90:
                    45:e1:fe:aa:fa:ce:2c:c7:68:de:98:29:99:80:df:
                    e4:74:f3:42:23:2b:90:7d:d0:fe:78:5a:a2:71:31:
                    52:61:76:2c:72:db:85:d0:77:f7:84:ee:73:71:57:
                    d7:bc:58:d4:69:2a:a5:57:c5:bd:49:85:6e:57:24:
                    c5:c6:0f:9b:58:68:4b:ea:61:cf:c1:60:0d:5b:da:
                    ae:ac:b2:6f:fc:0a:c2:80:61:50:c7:38:66:df:4e:
                    17:74:8c:91:69:59:e8:99:b9:35:f0:c6:49:c7:aa:
                    a6:03:3f:ca:8f:bf:0f:cd:07:54:8b:f8:ba:4f:73:
                    c1:ef:5c:8b:9c:7d:37:f0:2b:49:22:13:88:51:c8:
                    14:8f:8f:1d:92:e1:eb:87:1f:fd:f0:88:91:84:ec:
                    75:e6:93:23:2f:8d:96:1f:24:c7:95:02:45:dc:29:
                    6d:ca:34:f0:03:17:a9:27:ad:48:aa:88:5f:46:aa:
                    f9:79:b3:ed:11:5e:e5:07:f3:eb:a3:a7:ab:2c:15:
                    30:82:17:63:2f:fc:3c:4d:b8:8f:af:a7:fb:59:fa:
                    5f:b9:32:3a:ef:86:4e:99:b4:67:68:e2:93:8b:c7:
                    9e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:01:2D:22:0A:FA:B1:FF:1C:8D:3A:E1:A4:43:A8:69:B5:8E:18:3E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31332e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:15:bc:66:70:6f:f0:e8:24:be:2a:8d:c4:d5:0b:44:96:7e:
         6a:b5:70:82:6d:08:4c:2f:64:72:2c:73:cc:25:04:0f:0d:38:
         0e:8d:0f:af:67:24:cd:ef:9a:1d:79:dd:cb:95:b6:46:a4:2c:
         19:df:cd:e8:65:44:44:0f:ef:f0:4c:37:c9:c3:b7:fb:86:4d:
         c7:ce:87:38:6d:3b:11:be:61:cb:7e:33:5e:4c:83:6f:23:ef:
         88:29:62:22:b7:b7:72:e8:1b:bd:79:00:4c:47:52:59:b1:2b:
         80:c6:ce:6d:9f:e1:69:71:b6:24:62:62:0b:3e:75:79:b4:ec:
         fa:a1:4b:c3:37:d0:2f:eb:25:f1:77:56:d8:b6:2f:88:57:36:
         7f:a1:e4:a5:8e:08:54:8a:e9:b2:a2:34:d3:50:62:89:97:fc:
         7c:b9:e8:46:46:12:0a:c0:ec:12:68:65:08:9b:e2:72:f3:d7:
         79:35:55:80:58:90:5a:93:86:4d:b0:78:47:c7:86:a8:29:3c:
         56:8b:a6:39:1c:39:7d:6e:11:5e:e5:47:05:34:4b:5a:f9:4f:
         fe:25:55:ac:30:aa:9a:dd:f9:40:38:66:2a:74:be:69:6a:46:
         3f:6b:f5:16:19:89:25:65:53:67:42:c3:bb:e4:b3:8f:18:60:
         83:01:bd:2d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKUWDVASq50vhnLLh1KcmX72NvwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKEQxMDEyRDIyMEFGQUIxRkYxQzhEM0FFMUE0NDNBODY5QjU4RTE4M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFIs2CalsmOFbcfKBdhaRv3R8M
4DiGmFBvhOOLkEXh/qr6zizHaN6YKZmA3+R080IjK5B90P54WqJxMVJhdixy24XQ
d/eE7nNxV9e8WNRpKqVXxb1JhW5XJMXGD5tYaEvqYc/BYA1b2q6ssm/8CsKAYVDH
OGbfThd0jJFpWeiZuTXwxknHqqYDP8qPvw/NB1SL+LpPc8HvXIucfTfwK0kiE4hR
yBSPjx2S4euHH/3wiJGE7HXmkyMvjZYfJMeVAkXcKW3KNPADF6knrUiqiF9Gqvl5
s+0RXuUH8+ujp6ssFTCCF2Mv/DxNuI+vp/tZ+l+5Mjrvhk6ZtGdo4pOLx55fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0QEtIgr6sf8cjTrhpEOoabWOGD4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzMzJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
DTANBgkqhkiG9w0BAQsFAAOCAQEAdRW8ZnBv8OgkviqNxNULRJZ+arVwgm0ITC9k
cixzzCUEDw04Do0Pr2ckze+aHXndy5W2RqQsGd/N6GVERA/v8Ew3ycO3+4ZNx86H
OG07Eb5hy34zXkyDbyPviCliIre3cugbvXkATEdSWbErgMbObZ/haXG2JGJiCz51
ebTs+qFLwzfQL+sl8XdW2LYviFc2f6HkpY4IVIrpsqI001BiiZf8fLnoRkYSCsDs
EmhlCJvicvPXeTVVgFiQWpOGTbB4R8eGqCk8VoumORw5fW4RXuVHBTRLWvlP/iVV
rDCqmt35QDhmKnS+aWpGP2v1FhmJJWVTZ0LDu+SzjxhggwG9LQ==
-----END CERTIFICATE-----