Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31342e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e31342e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          Q32S7fTz1q1w9lIOXTuHFzso8rfQbne/5kBo7jqPXwM=
Subject key identifier:   57:90:B4:1B:B5:3B:87:C2:AF:6E:6F:64:8E:91:29:B4:77:93:D9:9B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5368ED7A438F111E35A756B9273DB270D7F92762
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31342e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:26 +0000
ROA not before:           Mon 26 Feb 2024 08:48:26 +0000
ROA not after:            Mon 24 Feb 2025 08:53:26 +0000
asID:                     136787
IP address blocks:        86.48.14.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:68:ed:7a:43:8f:11:1e:35:a7:56:b9:27:3d:b2:70:d7:f9:27:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:26 2024 GMT
            Not After : Feb 24 08:53:26 2025 GMT
        Subject: CN=5790B41BB53B87C2AF6E6F648E9129B47793D99B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:41:8d:f6:d3:21:e3:a1:17:33:97:80:e0:ac:
                    4d:3f:44:76:e5:b3:0a:a6:57:e5:e1:78:d1:e7:05:
                    5a:f1:0e:e1:ad:b5:bd:4d:ee:89:73:32:96:89:17:
                    d1:ec:5a:1b:fe:ca:32:9a:43:20:b8:13:dc:98:5d:
                    76:e3:74:36:20:5a:8b:db:85:c1:44:83:1a:6b:55:
                    6d:61:44:b5:62:30:51:10:42:81:de:21:2f:fc:35:
                    59:6d:77:c2:fd:da:60:a7:34:ca:86:72:b2:37:71:
                    d6:32:b1:7f:80:5e:fc:ee:e0:47:ef:f4:78:cb:78:
                    cb:35:fe:4a:23:07:30:7a:db:46:2f:66:f7:a5:91:
                    fb:33:4e:4d:74:6d:fb:54:a4:75:a6:ba:d0:42:74:
                    72:34:b3:ba:19:39:7e:6c:ce:40:0d:49:b5:22:b1:
                    74:41:1b:50:4e:39:05:15:b5:36:c3:19:29:e5:85:
                    3a:65:c9:9a:6d:8f:7a:90:a1:20:ae:a3:66:98:7a:
                    49:b0:58:fe:d7:60:b9:97:b5:0b:96:b3:31:8c:b5:
                    d9:55:89:7a:a5:6a:2a:aa:eb:da:6c:47:24:12:bc:
                    1c:db:f8:51:c4:5c:d3:53:82:78:f3:30:b5:ac:33:
                    51:58:0d:11:2c:d8:ae:e0:a3:ba:b5:8e:dd:aa:4f:
                    41:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:90:B4:1B:B5:3B:87:C2:AF:6E:6F:64:8E:91:29:B4:77:93:D9:9B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e31342e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:45:28:6c:0e:5b:97:00:fa:ec:3b:d2:41:05:96:97:bf:8e:
         52:36:76:d3:d5:f1:a2:0c:27:9b:4b:3b:fa:7b:e8:89:f2:f9:
         8a:c0:6d:10:89:8e:af:27:7d:11:df:95:02:99:c5:dc:9c:80:
         2f:25:9b:06:b1:c0:1f:a3:47:e1:25:bf:a8:9e:36:2d:98:b2:
         2d:4b:03:81:00:18:fa:46:9f:7c:de:66:b5:06:5b:16:5d:16:
         de:ed:40:38:9b:ce:ac:3a:39:c8:bc:d0:82:c6:46:7b:ea:2a:
         44:fe:18:1c:e0:e2:ed:fe:6a:25:93:74:66:c1:fa:42:49:75:
         18:7b:3c:9e:d8:05:e7:3c:03:48:9f:3b:41:70:14:9f:7b:ec:
         75:99:ef:73:51:d9:e7:21:23:1c:73:a5:19:c0:de:aa:a9:43:
         80:9e:31:35:0e:c0:8a:8b:c2:61:5d:22:24:8f:f1:9e:be:1e:
         0d:dc:fb:40:4a:19:1a:47:84:bf:6e:58:c0:e9:fd:72:36:67:
         87:96:ad:ca:c0:f3:8c:0b:0a:6d:09:f4:95:86:27:65:4d:e7:
         a8:f7:9b:c3:9d:77:d8:db:09:c7:25:2f:b7:41:26:4d:af:45:
         2c:b9:11:69:8d:61:80:35:1b:00:d8:9e:47:81:8a:aa:77:0b:
         62:70:a2:3e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU2jtekOPER41p1a5Jz2ycNf5J2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjZaFw0yNTAyMjQwODUzMjZaMDMxMTAvBgNV
BAMTKDU3OTBCNDFCQjUzQjg3QzJBRjZFNkY2NDhFOTEyOUI0Nzc5M0Q5OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcQY320yHjoRczl4DgrE0/RHbl
swqmV+XheNHnBVrxDuGttb1N7olzMpaJF9HsWhv+yjKaQyC4E9yYXXbjdDYgWovb
hcFEgxprVW1hRLViMFEQQoHeIS/8NVltd8L92mCnNMqGcrI3cdYysX+AXvzu4Efv
9HjLeMs1/kojBzB620YvZvelkfszTk10bftUpHWmutBCdHI0s7oZOX5szkANSbUi
sXRBG1BOOQUVtTbDGSnlhTplyZptj3qQoSCuo2aYekmwWP7XYLmXtQuWszGMtdlV
iXqlaiqq69psRyQSvBzb+FHEXNNTgnjzMLWsM1FYDREs2K7go7q1jt2qT0ENAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV5C0G7U7h8Kvbm9kjpEptHeT2ZswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzEzNDJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFYw
DjANBgkqhkiG9w0BAQsFAAOCAQEAFEUobA5blwD67DvSQQWWl7+OUjZ209Xxogwn
m0s7+nvoifL5isBtEImOryd9Ed+VApnF3JyALyWbBrHAH6NH4SW/qJ42LZiyLUsD
gQAY+kaffN5mtQZbFl0W3u1AOJvOrDo5yLzQgsZGe+oqRP4YHODi7f5qJZN0ZsH6
Qkl1GHs8ntgF5zwDSJ87QXAUn3vsdZnvc1HZ5yEjHHOlGcDeqqlDgJ4xNQ7AiovC
YV0iJI/xnr4eDdz7QEoZGkeEv25YwOn9cjZnh5atysDzjAsKbQn0lYYnZU3nqPeb
w5132NsJxyUvt0EmTa9FLLkRaY1hgDUbANieR4GKqncLYnCiPg==
-----END CERTIFICATE-----