Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32392e302f32342d3234203d3e20313336373837.roa
File:                     38362e36322e32392e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          DQ4y6bmw1zvi/+QA8//RYA7+weau0/ldNw0L6Z1yR/A=
Subject key identifier:   EA:8A:F2:90:09:2F:F5:B4:9B:B7:C9:6B:E5:9B:F4:04:8C:E2:F4:A0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       78DAB60885881E3B409512D92AEAF9D0E714F185
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32392e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 28 Oct 2024 09:28:02 +0000
ROA not before:           Mon 28 Oct 2024 09:23:02 +0000
ROA not after:            Mon 27 Oct 2025 09:28:02 +0000
asID:                     136787
IP address blocks:        86.62.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:da:b6:08:85:88:1e:3b:40:95:12:d9:2a:ea:f9:d0:e7:14:f1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 28 09:23:02 2024 GMT
            Not After : Oct 27 09:28:02 2025 GMT
        Subject: CN=EA8AF290092FF5B49BB7C96BE59BF4048CE2F4A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4d:cf:03:b9:3b:b9:8b:9c:cd:a3:96:b1:68:
                    8d:4f:f7:44:c7:9e:9e:cb:36:b4:c8:fc:90:c1:bb:
                    18:ea:14:0b:69:3d:cc:db:2b:0b:f2:8c:0f:0e:93:
                    3c:f0:21:4d:d1:28:7b:9b:21:75:87:bf:56:0d:4e:
                    b6:33:ba:c4:c9:2e:37:69:ac:78:d4:99:99:15:b0:
                    de:95:d8:d8:68:8d:b1:70:05:c0:cb:b1:c9:46:8b:
                    2f:57:45:81:53:dc:2b:72:6b:ae:bf:56:69:dc:62:
                    da:1b:12:39:6c:3c:2a:d7:7f:3a:df:e5:03:02:2c:
                    4c:35:90:c4:26:9a:ef:be:62:a0:14:d1:f1:b0:ef:
                    f3:1d:7e:75:c3:9e:f5:8f:b1:49:2c:56:45:0a:ea:
                    51:f5:da:71:46:92:00:8e:a2:2d:d2:f9:f2:f1:de:
                    26:ee:f4:4e:55:ee:d7:07:1f:52:bc:5e:57:04:87:
                    e7:f2:60:b0:f6:bd:cc:13:b6:09:2c:c6:9b:f1:ed:
                    ad:25:95:6c:d3:90:97:17:58:d5:f0:83:c3:56:ea:
                    54:98:4a:ca:fa:e2:91:d0:13:2d:03:6c:d8:4b:93:
                    13:d3:02:b2:04:64:ab:6f:3f:e5:a2:8c:ba:a9:f0:
                    38:ab:05:6e:61:24:51:10:b2:8d:3e:83:4a:66:5b:
                    fe:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:8A:F2:90:09:2F:F5:B4:9B:B7:C9:6B:E5:9B:F4:04:8C:E2:F4:A0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38362e36322e32392e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7b:94:25:a3:b6:1f:7f:c5:29:9c:5c:fa:4a:a6:c8:ae:09:
         7d:5d:b2:44:34:46:b1:aa:c5:d3:cd:16:2a:b5:7e:4b:7c:bb:
         b4:9d:48:ee:84:98:71:30:c0:f3:e3:79:e7:eb:5d:5d:3a:3a:
         33:7e:b9:63:7f:84:ba:86:50:65:8e:ce:9c:c6:1a:08:00:24:
         0f:9e:11:18:86:52:7a:f5:a7:27:b5:64:99:fb:60:28:2e:4f:
         56:a3:e2:c9:f2:15:aa:f8:21:65:ea:7b:77:86:65:e4:9c:1b:
         f4:c6:e2:cc:15:99:3b:9a:c8:e9:9c:a1:f1:47:d8:0d:20:d7:
         70:c3:3a:c0:62:34:a2:2a:91:3f:1a:e3:b3:b0:ad:76:b5:3b:
         ae:a5:cf:18:74:68:42:22:b0:01:80:43:b2:ca:cd:d4:28:d7:
         a1:24:d5:81:0a:e1:20:b1:b6:9f:6b:20:3b:be:5c:b9:a5:a5:
         6a:71:f9:02:28:df:87:3f:75:b8:b2:1a:5a:31:81:63:60:3f:
         56:97:a1:e6:4a:b0:66:43:c2:f0:8e:94:52:03:00:76:97:c8:
         ac:0a:b8:09:9d:ca:88:8e:ce:03:92:be:81:53:f5:c1:a2:7f:
         98:f9:4d:e5:50:f3:07:a1:71:1b:40:cf:a9:6d:42:d3:90:0f:
         ed:7d:8e:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeNq2CIWIHjtAlRLZKur50OcU8YUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDEwMjgwOTIzMDJaFw0yNTEwMjcwOTI4MDJaMDMxMTAvBgNV
BAMTKEVBOEFGMjkwMDkyRkY1QjQ5QkI3Qzk2QkU1OUJGNDA0OENFMkY0QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDATc8DuTu5i5zNo5axaI1P90TH
np7LNrTI/JDBuxjqFAtpPczbKwvyjA8OkzzwIU3RKHubIXWHv1YNTrYzusTJLjdp
rHjUmZkVsN6V2NhojbFwBcDLsclGiy9XRYFT3Ctya66/VmncYtobEjlsPCrXfzrf
5QMCLEw1kMQmmu++YqAU0fGw7/MdfnXDnvWPsUksVkUK6lH12nFGkgCOoi3S+fLx
3ibu9E5V7tcHH1K8XlcEh+fyYLD2vcwTtgksxpvx7a0llWzTkJcXWNXwg8NW6lSY
Ssr64pHQEy0DbNhLkxPTArIEZKtvP+WijLqp8DirBW5hJFEQso0+g0pmW/6FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6orykAkv9bSbt8lr5Zv0BIzi9KAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNjJlMzYzMjJlMzIzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFY+
HTANBgkqhkiG9w0BAQsFAAOCAQEAJXuUJaO2H3/FKZxc+kqmyK4JfV2yRDRGsarF
080WKrV+S3y7tJ1I7oSYcTDA8+N55+tdXTo6M365Y3+EuoZQZY7OnMYaCAAkD54R
GIZSevWnJ7VkmftgKC5PVqPiyfIVqvghZep7d4Zl5Jwb9MbizBWZO5rI6Zyh8UfY
DSDXcMM6wGI0oiqRPxrjs7CtdrU7rqXPGHRoQiKwAYBDssrN1CjXoSTVgQrhILG2
n2sgO75cuaWlanH5Aijfhz91uLIaWjGBY2A/Vpeh5kqwZkPC8I6UUgMAdpfIrAq4
CZ3KiI7OA5K+gVP1waJ/mPlN5VDzB6FxG0DPqW1C05AP7X2OfQ==
-----END CERTIFICATE-----