Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e372e302f32342d3332203d3e20313336373837.roa
File:                     38362e34382e372e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          bAswJINce792I8B6WzSWvBMHNGqdWjvZQkfG/gPj8es=
Subject key identifier:   46:7E:28:64:9B:35:E3:69:A3:1C:C5:38:22:77:8A:FC:F5:8A:07:88
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1B8BA1D46976FA4F93C588BB06622709BF9F5DB6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e372e302f32342d3332203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:53:06 +0000
ROA not before:           Mon 26 Feb 2024 08:48:06 +0000
ROA not after:            Mon 24 Feb 2025 08:53:06 +0000
asID:                     136787
IP address blocks:        86.48.7.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:8b:a1:d4:69:76:fa:4f:93:c5:88:bb:06:62:27:09:bf:9f:5d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:06 2024 GMT
            Not After : Feb 24 08:53:06 2025 GMT
        Subject: CN=467E28649B35E369A31CC53822778AFCF58A0788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d7:5b:e3:7f:d4:3b:14:d2:a2:8f:01:64:45:
                    6f:8a:e0:c3:af:4c:90:ee:4c:99:f6:ac:7f:57:a2:
                    d9:2d:a2:fa:7d:61:3e:e1:c1:e3:c4:1e:53:fe:ac:
                    c2:05:72:07:a3:c7:56:ea:f7:fa:31:f1:b6:46:83:
                    cd:c3:1f:8d:12:25:20:02:bb:89:f6:3a:4f:66:7d:
                    13:28:63:ca:0f:2f:91:0a:68:14:e9:59:d1:6a:e1:
                    a0:58:b3:1c:38:16:37:15:af:c1:eb:16:0e:70:c9:
                    93:16:1e:30:7a:19:44:4d:ed:aa:4a:68:a9:2b:0f:
                    a2:9c:0a:8c:1f:26:bc:cd:40:a6:97:0c:8e:c5:8d:
                    8c:ef:c9:0e:07:f2:d7:96:1f:72:1d:57:d0:6d:8e:
                    f9:52:e6:63:17:11:a5:7b:08:64:39:7c:e2:fb:b3:
                    25:21:dd:bd:0c:b8:23:37:fb:8a:20:ef:ae:35:e0:
                    b4:34:8e:0a:ca:4f:d0:f8:2e:ea:3b:f3:42:e0:53:
                    4b:ed:21:a2:a7:2e:f7:3d:1e:50:e8:fa:6a:27:06:
                    e5:2f:46:17:e6:d2:60:75:80:20:27:6d:fd:0c:d6:
                    22:95:89:27:3b:a7:38:fe:40:45:6b:de:01:14:e2:
                    94:62:52:99:bb:b4:22:b9:99:d9:b6:bc:ec:2b:fb:
                    99:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:7E:28:64:9B:35:E3:69:A3:1C:C5:38:22:77:8A:FC:F5:8A:07:88
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e372e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:dc:b1:04:89:06:d9:c5:7a:f4:c0:86:56:28:91:d3:87:ae:
         0f:9b:27:1a:4e:b8:fc:2f:23:9d:93:cc:39:3c:5e:a2:b1:7d:
         fe:56:e6:10:25:ea:67:d9:b0:74:f8:59:81:16:38:32:79:ca:
         98:96:23:77:16:9d:08:5b:a6:bc:0c:53:78:3d:84:54:a0:31:
         0d:26:f0:b9:d4:99:5b:5c:1d:86:8f:23:18:ce:92:88:08:dc:
         98:0d:b3:85:9c:53:f2:35:58:78:45:e1:ea:1f:1f:1e:2a:26:
         30:ed:a4:f3:95:44:90:7e:95:0c:00:88:ee:1e:04:55:cf:5b:
         e9:44:4c:4f:f0:78:49:4f:3f:ff:8a:c4:b1:e5:87:f2:bd:4d:
         97:b3:9b:8a:8b:97:4c:06:e6:ad:0b:be:23:3b:fd:38:98:82:
         34:98:27:1e:45:31:6b:84:de:d2:77:34:fb:cd:cb:9e:83:59:
         25:a0:6c:35:d9:90:df:75:68:6d:59:9f:1c:a9:d8:b3:af:30:
         9f:82:aa:53:8c:0d:90:69:75:aa:ef:22:e9:bb:a5:54:d4:ed:
         9c:f1:42:3c:12:23:af:e8:17:84:9b:81:dd:6a:a9:20:92:71:
         2a:e4:96:35:28:85:60:0d:a7:68:fa:5a:ec:9e:fd:1c:53:38:
         8f:5e:45:02
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUG4uh1Gl2+k+TxYi7BmInCb+fXbYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MDZaFw0yNTAyMjQwODUzMDZaMDMxMTAvBgNV
BAMTKDQ2N0UyODY0OUIzNUUzNjlBMzFDQzUzODIyNzc4QUZDRjU4QTA3ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx11vjf9Q7FNKijwFkRW+K4MOv
TJDuTJn2rH9Xotktovp9YT7hwePEHlP+rMIFcgejx1bq9/ox8bZGg83DH40SJSAC
u4n2Ok9mfRMoY8oPL5EKaBTpWdFq4aBYsxw4FjcVr8HrFg5wyZMWHjB6GURN7apK
aKkrD6KcCowfJrzNQKaXDI7FjYzvyQ4H8teWH3IdV9BtjvlS5mMXEaV7CGQ5fOL7
syUh3b0MuCM3+4og76414LQ0jgrKT9D4Luo780LgU0vtIaKnLvc9HlDo+monBuUv
Rhfm0mB1gCAnbf0M1iKViSc7pzj+QEVr3gEU4pRiUpm7tCK5mdm2vOwr+5lzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURn4oZJs142mjHMU4IneK/PWKB4gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzcyZTMw
MmYzMjM0MmQzMzMyMjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWMAcw
DQYJKoZIhvcNAQELBQADggEBAH7csQSJBtnFevTAhlYokdOHrg+bJxpOuPwvI52T
zDk8XqKxff5W5hAl6mfZsHT4WYEWODJ5ypiWI3cWnQhbprwMU3g9hFSgMQ0m8LnU
mVtcHYaPIxjOkogI3JgNs4WcU/I1WHhF4eofHx4qJjDtpPOVRJB+lQwAiO4eBFXP
W+lETE/weElPP/+KxLHlh/K9TZezm4qLl0wG5q0LviM7/TiYgjSYJx5FMWuE3tJ3
NPvNy56DWSWgbDXZkN91aG1Znxyp2LOvMJ+CqlOMDZBpdarvIum7pVTU7ZzxQjwS
I6/oF4Sbgd1qqSCScSrkljUohWANp2j6Wuye/RxTOI9eRQI=
-----END CERTIFICATE-----