Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32382e302f32342d3234203d3e20313336373837.roa
File:                     38362e36322e32382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          aQqPtSDacfXlGY05d6SxrDKBop3ZvyB04LF4PckZOy0=
Subject key identifier:   CB:1E:68:54:80:DD:8C:1A:C2:BB:DF:E8:7D:BA:26:AC:2A:6F:D8:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2003928C7A9A854D51771132634F278D9DA2C908
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32382e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 28 Oct 2024 09:27:54 +0000
ROA not before:           Mon 28 Oct 2024 09:22:54 +0000
ROA not after:            Mon 27 Oct 2025 09:27:54 +0000
asID:                     136787
IP address blocks:        86.62.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:03:92:8c:7a:9a:85:4d:51:77:11:32:63:4f:27:8d:9d:a2:c9:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 28 09:22:54 2024 GMT
            Not After : Oct 27 09:27:54 2025 GMT
        Subject: CN=CB1E685480DD8C1AC2BBDFE87DBA26AC2A6FD8BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6e:e9:43:9e:5a:17:90:8f:46:e6:cb:ef:f7:
                    41:fc:49:3d:82:ac:32:72:e5:86:92:23:52:da:81:
                    f3:b0:4c:f7:3d:82:33:32:75:7f:e9:7d:1d:ee:d6:
                    33:89:d1:f3:f9:92:02:46:75:ce:5e:23:58:3e:0d:
                    7a:b8:32:76:56:d9:9a:08:68:bf:7c:61:9c:16:d7:
                    12:19:3a:89:0e:e5:af:6f:14:01:21:20:dc:59:26:
                    30:71:7b:3b:3c:37:17:b1:82:78:a3:ea:0d:73:7f:
                    86:89:16:a0:11:dd:c7:86:5f:0f:b7:80:74:a9:d8:
                    44:2d:6f:20:b8:60:46:22:a7:4f:c0:3e:e9:10:2f:
                    9e:5d:0a:3a:35:99:da:2f:34:ea:16:79:f3:a1:38:
                    c0:ca:ba:bd:ed:18:fa:3c:97:c8:f2:af:00:8a:f2:
                    67:f5:b6:4e:0c:8a:ba:32:ba:9b:4d:99:54:94:87:
                    39:5d:88:5d:70:df:39:2f:74:b5:10:72:06:a2:28:
                    0d:45:f1:a6:a5:c7:1d:c6:23:50:b9:47:ed:51:cd:
                    52:27:a9:76:4c:07:4f:66:94:11:33:c2:60:8e:42:
                    83:98:99:45:c4:79:85:2b:31:71:35:a9:07:87:22:
                    75:f3:73:f2:a1:9d:26:88:03:45:8c:b3:f4:ef:99:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:1E:68:54:80:DD:8C:1A:C2:BB:DF:E8:7D:BA:26:AC:2A:6F:D8:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32382e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:1b:8b:53:c1:e7:80:f3:41:09:35:a3:17:50:0c:78:84:b3:
         cc:26:09:12:d6:5f:63:47:04:b9:03:69:19:05:ae:83:c0:cf:
         b1:cc:17:a2:38:7b:7d:7b:18:a2:f2:a2:ef:87:b7:12:c1:ed:
         fe:2f:38:1f:0e:01:9a:9f:b7:48:ca:7c:f5:58:2e:2f:20:7b:
         81:c7:bc:43:e0:71:c7:0d:0c:ee:7a:6c:79:69:50:a4:26:93:
         3f:bf:21:27:1c:5a:3c:c3:ca:e4:1d:5f:66:85:26:d9:b1:fe:
         8e:17:46:27:1d:e4:98:60:e4:3d:fa:49:ec:19:d2:63:19:4e:
         c5:b8:33:c4:bc:b3:2b:d9:b4:62:ac:9c:40:4c:78:f3:74:14:
         54:c4:72:59:12:3c:0f:f3:b9:db:61:0b:f5:b8:b4:d0:0f:99:
         92:27:1b:fa:e7:2a:2b:13:bb:8f:9e:d5:6f:54:e2:b6:12:16:
         d1:a5:9f:50:44:b2:f9:23:65:d9:7a:06:d9:cd:f8:ed:72:69:
         47:c8:73:f4:18:53:d9:aa:ae:fe:e2:a4:64:c2:4a:94:d2:60:
         22:c8:93:33:89:a1:61:12:7b:fe:ca:6e:8d:95:35:a3:fc:84:
         5c:fe:fc:a0:48:f2:97:a8:0f:0b:3d:dc:14:1f:fa:51:dc:7c:
         b8:bd:7c:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIAOSjHqahU1RdxEyY08njZ2iyQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEwMjgwOTIyNTRaFw0yNTEwMjcwOTI3NTRaMDMxMTAvBgNV
BAMTKENCMUU2ODU0ODBERDhDMUFDMkJCREZFODdEQkEyNkFDMkE2RkQ4QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+bulDnloXkI9G5svv90H8ST2C
rDJy5YaSI1LagfOwTPc9gjMydX/pfR3u1jOJ0fP5kgJGdc5eI1g+DXq4MnZW2ZoI
aL98YZwW1xIZOokO5a9vFAEhINxZJjBxezs8Nxexgnij6g1zf4aJFqAR3ceGXw+3
gHSp2EQtbyC4YEYip0/APukQL55dCjo1mdovNOoWefOhOMDKur3tGPo8l8jyrwCK
8mf1tk4MiroyuptNmVSUhzldiF1w3zkvdLUQcgaiKA1F8aalxx3GI1C5R+1RzVIn
qXZMB09mlBEzwmCOQoOYmUXEeYUrMXE1qQeHInXzc/KhnSaIA0WMs/TvmbehAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyx5oVIDdjBrCu9/ofbomrCpv2LswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzYzMjJlMzIzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFY+
HDANBgkqhkiG9w0BAQsFAAOCAQEAdhuLU8HngPNBCTWjF1AMeISzzCYJEtZfY0cE
uQNpGQWug8DPscwXojh7fXsYovKi74e3EsHt/i84Hw4Bmp+3SMp89VguLyB7gce8
Q+Bxxw0M7npseWlQpCaTP78hJxxaPMPK5B1fZoUm2bH+jhdGJx3kmGDkPfpJ7BnS
YxlOxbgzxLyzK9m0YqycQEx483QUVMRyWRI8D/O522EL9bi00A+Zkicb+ucqKxO7
j57Vb1TithIW0aWfUESy+SNl2XoG2c347XJpR8hz9BhT2aqu/uKkZMJKlNJgIsiT
M4mhYRJ7/spujZU1o/yEXP78oEjyl6gPCz3cFB/6Udx8uL18+A==
-----END CERTIFICATE-----