Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e382e302f32342d3234203d3e20313337343039.roa
File:                     38362e34382e382e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier:          ns3R1ulGQoagrRkDCQg7McorYhLS+0h4zcsOJhJozrU=
Subject key identifier:   9E:F7:AD:80:65:FA:8A:35:E2:26:AF:8C:01:AD:74:54:BB:AC:AD:0A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4944FBAF4325A546AC0A0E697E4507A8117231D3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e382e302f32342d3234203d3e20313337343039.roa
Signing time:             Mon 26 Feb 2024 08:53:19 +0000
ROA not before:           Mon 26 Feb 2024 08:48:19 +0000
ROA not after:            Mon 24 Feb 2025 08:53:19 +0000
asID:                     137409
IP address blocks:        86.48.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:44:fb:af:43:25:a5:46:ac:0a:0e:69:7e:45:07:a8:11:72:31:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:19 2024 GMT
            Not After : Feb 24 08:53:19 2025 GMT
        Subject: CN=9EF7AD8065FA8A35E226AF8C01AD7454BBACAD0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a3:a9:34:a6:3b:c7:49:52:26:65:e9:f5:66:
                    6e:a3:4f:ce:0d:05:86:fc:9e:25:7e:57:e7:28:80:
                    55:1a:44:b6:c1:42:7b:92:27:b8:0f:33:af:b1:57:
                    f4:bb:17:26:3f:1c:a0:32:2c:bb:f4:58:8c:fc:ba:
                    2c:23:17:1d:27:69:9a:b5:16:8e:18:da:3e:c2:5e:
                    f2:bd:46:ee:fd:b6:31:d6:42:5c:7e:b8:fd:22:aa:
                    b8:f7:5e:3a:0c:67:23:f8:8a:de:cb:e0:d8:d7:34:
                    a3:e5:db:7e:07:a9:2e:d4:63:2f:32:9c:05:eb:12:
                    6b:a2:e7:b6:91:62:ce:ff:8c:85:ce:70:43:7f:d4:
                    39:41:c7:d7:8d:b1:25:87:9b:ca:53:48:91:85:e6:
                    07:cd:64:ec:1b:1a:2e:9b:cb:f2:2c:93:06:3b:59:
                    ef:14:05:a2:eb:08:c1:a2:68:06:c4:42:de:6e:3b:
                    49:73:e8:7d:13:96:82:e5:f1:1c:0c:c6:3a:04:8b:
                    cb:5a:4c:43:e2:39:ad:a9:83:4c:c0:30:5e:f5:69:
                    81:09:4c:87:3c:d2:72:8e:8f:9f:df:c0:51:c5:0d:
                    96:3b:0a:82:0c:9f:3e:a0:f8:5f:7c:86:cc:ca:95:
                    c2:98:a6:40:48:9d:e0:2b:88:7f:d4:2d:cd:b2:23:
                    b3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F7:AD:80:65:FA:8A:35:E2:26:AF:8C:01:AD:74:54:BB:AC:AD:0A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e34382e382e302f32342d3234203d3e20313337343039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:55:0b:f6:ad:0d:89:69:7e:7e:93:be:95:02:f9:1d:f0:59:
         fd:6c:0c:71:b2:72:fc:a7:aa:d7:ff:66:ac:46:6e:7d:e8:93:
         02:54:47:3d:2c:d1:70:8b:8b:86:c2:02:d2:59:d0:03:c9:bb:
         c3:b2:fd:2e:ff:70:cd:80:10:d2:03:2f:20:60:f6:e9:97:da:
         4f:a2:54:6c:c8:1a:e5:0e:48:a2:4d:4a:e7:be:11:a9:17:43:
         3e:bb:73:db:66:af:09:f7:cf:82:09:08:e5:47:60:bc:37:2c:
         2a:9b:bc:46:09:17:b2:72:b2:3e:68:a7:67:c0:61:80:76:28:
         a8:c0:27:88:3d:38:2e:b8:82:89:57:12:a0:97:c5:5e:97:c4:
         d7:94:0e:71:6a:42:dd:2b:bf:b1:92:e7:ce:25:a5:cb:d3:b6:
         1a:f7:dc:f8:88:e6:e8:e8:d1:c4:73:dc:10:6b:3a:1c:4e:07:
         78:8a:55:7e:98:3d:fc:d1:27:fe:36:57:13:e8:2e:74:e5:9c:
         2b:df:1a:4a:e2:ba:b2:b9:1b:80:0e:4b:95:01:ab:c8:fd:5c:
         8c:b4:98:31:4d:e1:79:9b:7f:37:3c:b9:58:e5:55:3f:0b:c3:
         62:4b:6e:47:ba:37:70:67:61:3e:31:29:ce:2c:ac:be:89:cd:
         7e:26:bc:e0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSUT7r0MlpUasCg5pfkUHqBFyMdMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTlaFw0yNTAyMjQwODUzMTlaMDMxMTAvBgNV
BAMTKDlFRjdBRDgwNjVGQThBMzVFMjI2QUY4QzAxQUQ3NDU0QkJBQ0FEMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6o6k0pjvHSVImZen1Zm6jT84N
BYb8niV+V+cogFUaRLbBQnuSJ7gPM6+xV/S7FyY/HKAyLLv0WIz8uiwjFx0naZq1
Fo4Y2j7CXvK9Ru79tjHWQlx+uP0iqrj3XjoMZyP4it7L4NjXNKPl234HqS7UYy8y
nAXrEmui57aRYs7/jIXOcEN/1DlBx9eNsSWHm8pTSJGF5gfNZOwbGi6by/IskwY7
We8UBaLrCMGiaAbEQt5uO0lz6H0TloLl8RwMxjoEi8taTEPiOa2pg0zAMF71aYEJ
TIc80nKOj5/fwFHFDZY7CoIMnz6g+F98hszKlcKYpkBIneAriH/ULc2yI7MtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUnvetgGX6ijXiJq+MAa10VLusrQowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzQzODJlMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzczNDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWMAgw
DQYJKoZIhvcNAQELBQADggEBAFVVC/atDYlpfn6TvpUC+R3wWf1sDHGycvynqtf/
ZqxGbn3okwJURz0s0XCLi4bCAtJZ0APJu8Oy/S7/cM2AENIDLyBg9umX2k+iVGzI
GuUOSKJNSue+EakXQz67c9tmrwn3z4IJCOVHYLw3LCqbvEYJF7Jysj5op2fAYYB2
KKjAJ4g9OC64golXEqCXxV6XxNeUDnFqQt0rv7GS584lpcvTthr33PiI5ujo0cRz
3BBrOhxOB3iKVX6YPfzRJ/42VxPoLnTlnCvfGkriurK5G4AOS5UBq8j9XIy0mDFN
4Xmbfzc8uVjlVT8Lw2JLbke6N3BnYT4xKc4srL6JzX4mvOA=
-----END CERTIFICATE-----