Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38392e34362e31302e302f32342d3234203d3e20323037313337.roa
File:                     38392e34362e31302e302f32342d3234203d3e20323037313337.roa (raw, json)
Hash identifier:          QDies/AhlA3k2MUUzK1nsGZP0aWOPDQKqBkKcZIlzIU=
Subject key identifier:   08:43:E9:0A:B4:3F:01:92:27:73:39:3B:BC:D6:6A:7D:48:EC:38:14
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       46AC15D9DA865E5CF7E79F3F734522A218124AD6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38392e34362e31302e302f32342d3234203d3e20323037313337.roa
Signing time:             Thu 16 Jan 2025 10:07:01 +0000
ROA not before:           Thu 16 Jan 2025 10:02:01 +0000
ROA not after:            Thu 15 Jan 2026 10:07:01 +0000
asID:                     207137
IP address blocks:        89.46.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:ac:15:d9:da:86:5e:5c:f7:e7:9f:3f:73:45:22:a2:18:12:4a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 16 10:02:01 2025 GMT
            Not After : Jan 15 10:07:01 2026 GMT
        Subject: CN=0843E90AB43F01922773393BBCD66A7D48EC3814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2d:bb:13:3a:77:99:eb:10:d4:58:97:8f:fd:
                    fe:91:7d:9f:46:48:74:7f:63:f4:f8:23:06:4a:88:
                    67:c5:3a:81:3d:ab:d4:04:9e:c0:79:3a:8f:85:9f:
                    a3:86:e8:18:a9:0f:ea:38:da:43:e1:e6:70:e0:2f:
                    b2:3c:66:49:0d:4d:39:52:94:70:bb:1c:62:bc:6f:
                    d2:de:12:f4:27:f8:42:2f:a0:97:3a:79:57:68:92:
                    4a:cc:f4:81:82:3b:0b:c1:7c:ad:15:c6:e9:a9:64:
                    d9:3c:9f:82:dd:99:1c:ac:b8:a0:59:0c:0f:15:f7:
                    4b:02:e4:94:91:6f:b6:35:ae:18:aa:b3:57:8b:92:
                    04:10:06:b0:1f:2a:7b:7e:4d:24:9c:72:43:8d:a5:
                    6a:64:89:0b:1a:65:ca:fd:86:00:10:aa:f3:9d:ea:
                    a0:7c:b9:65:11:fe:8a:d6:bc:d3:1f:20:38:cc:ca:
                    a4:b9:4a:38:cb:08:07:a3:c9:95:cb:c7:4c:dc:cb:
                    35:ce:1a:44:04:72:3b:da:73:a3:d7:9d:a0:db:b6:
                    4f:a7:5b:43:63:53:f6:a5:ae:99:17:17:83:bf:aa:
                    f1:2a:cf:d1:71:01:47:50:95:2b:92:df:d6:aa:54:
                    aa:7d:e1:e7:63:97:f5:17:9a:f7:c3:1d:d5:06:9b:
                    41:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:43:E9:0A:B4:3F:01:92:27:73:39:3B:BC:D6:6A:7D:48:EC:38:14
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38392e34362e31302e302f32342d3234203d3e20323037313337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:d8:56:47:c1:e2:34:0a:df:f5:12:55:09:3b:4b:31:31:0a:
         80:8f:fb:3f:96:a0:87:4c:b4:53:de:52:2f:d4:1b:3a:e9:5b:
         7c:02:93:d7:db:2b:7e:42:ab:12:66:89:53:00:7e:59:fa:d9:
         d0:89:9c:5a:25:8c:32:3a:05:49:ca:78:17:bd:00:5a:33:f2:
         45:2f:1a:c4:6f:f5:3b:00:53:98:aa:66:7d:8d:53:82:fd:79:
         43:69:bc:d4:86:b2:d5:6a:57:ad:86:f6:4e:14:79:3b:9b:33:
         0a:b8:a8:25:0c:e3:52:a2:87:17:19:c2:98:af:9f:03:14:99:
         c3:78:5c:3a:d1:11:57:fc:1a:e2:c0:67:34:da:f0:9e:ba:bf:
         73:65:8b:39:13:42:3a:30:06:40:8f:ff:7f:08:e9:bf:35:7c:
         ca:78:58:8e:2b:77:b5:42:57:6a:13:74:7f:42:29:c8:7c:b6:
         01:e5:9a:8b:40:e5:3d:e1:98:25:0a:33:f5:76:09:94:d6:29:
         55:5d:c9:ca:cd:a1:07:70:53:2e:ec:5b:46:46:c7:5c:2a:58:
         24:f9:a9:5a:5f:ac:d7:ca:cd:6f:80:d1:75:71:b8:2b:fd:44:
         6c:ac:cf:25:ab:b1:5e:3e:eb:10:e5:60:4d:0e:4f:64:2e:0e:
         f3:9d:ff:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURqwV2dqGXlz3558/c0UiohgSStYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMTYxMDAyMDFaFw0yNjAxMTUxMDA3MDFaMDMxMTAvBgNV
BAMTKDA4NDNFOTBBQjQzRjAxOTIyNzczMzkzQkJDRDY2QTdENDhFQzM4MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxLbsTOneZ6xDUWJeP/f6RfZ9G
SHR/Y/T4IwZKiGfFOoE9q9QEnsB5Oo+Fn6OG6BipD+o42kPh5nDgL7I8ZkkNTTlS
lHC7HGK8b9LeEvQn+EIvoJc6eVdokkrM9IGCOwvBfK0VxumpZNk8n4LdmRysuKBZ
DA8V90sC5JSRb7Y1rhiqs1eLkgQQBrAfKnt+TSScckONpWpkiQsaZcr9hgAQqvOd
6qB8uWUR/orWvNMfIDjMyqS5SjjLCAejyZXLx0zcyzXOGkQEcjvac6PXnaDbtk+n
W0NjU/alrpkXF4O/qvEqz9FxAUdQlSuS39aqVKp94edjl/UXmvfDHdUGm0EFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCEPpCrQ/AZInczk7vNZqfUjsOBQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzOTJlMzQzNjJlMzEzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNzMxMzMzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFku
CjANBgkqhkiG9w0BAQsFAAOCAQEAGNhWR8HiNArf9RJVCTtLMTEKgI/7P5agh0y0
U95SL9QbOulbfAKT19srfkKrEmaJUwB+WfrZ0ImcWiWMMjoFScp4F70AWjPyRS8a
xG/1OwBTmKpmfY1Tgv15Q2m81Iay1WpXrYb2ThR5O5szCrioJQzjUqKHFxnCmK+f
AxSZw3hcOtERV/wa4sBnNNrwnrq/c2WLORNCOjAGQI//fwjpvzV8ynhYjit3tUJX
ahN0f0IpyHy2AeWai0DlPeGYJQoz9XYJlNYpVV3Jys2hB3BTLuxbRkbHXCpYJPmp
Wl+s18rNb4DRdXG4K/1EbKzPJauxXj7rEOVgTQ5PZC4O853/Bg==
-----END CERTIFICATE-----