Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa
File:                     38312e31362e32382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          q0AK7eBweU+A6zd0az2jqmOrtGn/BFsJAqMD4CwYuRw=
Subject key identifier:   51:D6:63:04:B6:04:12:9C:C5:53:99:F4:F1:26:65:AC:B9:EE:2E:48
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       27405FA78C9CB3AA68DAC2FFCDF4896701DA655C
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:43 +0000
ROA not before:           Mon 26 Feb 2024 08:47:43 +0000
ROA not after:            Mon 24 Feb 2025 08:52:43 +0000
asID:                     47583
IP address blocks:        81.16.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:40:5f:a7:8c:9c:b3:aa:68:da:c2:ff:cd:f4:89:67:01:da:65:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:43 2024 GMT
            Not After : Feb 24 08:52:43 2025 GMT
        Subject: CN=51D66304B604129CC55399F4F12665ACB9EE2E48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c7:49:bc:db:c2:5b:42:ff:da:12:f2:8a:e6:
                    b3:5d:bf:0f:64:32:9d:f2:8f:f3:88:77:a2:5e:d4:
                    2e:98:35:a6:8f:81:44:6d:5c:19:48:e2:63:69:31:
                    1d:a9:64:ef:d2:65:bd:68:a6:ea:77:6f:cc:33:d4:
                    2c:df:a0:09:f0:40:75:c2:eb:25:0a:59:45:c7:c0:
                    97:16:4d:bc:3f:e9:f4:da:c3:ad:99:44:8e:a0:c8:
                    17:82:e9:06:cb:bb:07:37:a1:54:0f:df:17:98:2a:
                    7f:3d:08:93:f3:61:b7:0f:8a:42:f1:c9:95:71:18:
                    b4:74:9a:5e:1c:c8:f6:fa:6c:5d:35:b2:1e:ec:e4:
                    bf:c4:10:d1:e3:19:74:22:0f:37:44:02:e4:7d:c2:
                    68:48:ad:ca:50:e3:87:56:58:e5:b0:72:5a:47:90:
                    a5:3e:ae:84:cb:a7:7a:c3:6d:71:66:96:db:0b:db:
                    36:c9:bc:71:13:0d:fb:c5:79:7d:90:95:9e:1e:4e:
                    e8:d9:71:5e:49:6b:bc:a5:ea:c9:7a:fe:dc:3d:83:
                    42:7b:9f:8c:31:db:c9:ef:cc:09:69:a1:84:21:12:
                    9f:21:f1:ed:41:f9:ed:d8:fa:af:f2:d6:ea:f8:1c:
                    65:9d:82:7b:e8:91:00:4b:0c:1f:78:23:cb:be:10:
                    66:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D6:63:04:B6:04:12:9C:C5:53:99:F4:F1:26:65:AC:B9:EE:2E:48
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.16.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:0f:aa:50:56:6b:87:1b:a8:1b:d8:2a:d3:93:62:ce:c2:28:
         8a:48:a5:32:7a:70:4e:a6:30:8a:55:1c:e7:3a:5c:77:c8:67:
         4f:e9:90:ef:97:82:38:91:a7:67:ae:16:b8:d7:02:2a:d2:75:
         34:3b:95:92:ce:48:0c:8b:62:24:b2:a8:fa:e0:06:e4:e9:11:
         08:fb:36:45:c4:76:9e:0b:27:2c:9e:f7:6a:f0:eb:09:b4:bf:
         9a:b7:51:cf:8a:be:ac:81:c6:30:4a:83:cd:f9:c2:c9:36:f4:
         c3:7a:eb:23:60:9b:d0:85:7e:c6:fb:c6:52:46:89:d6:26:e8:
         6c:6d:a6:9e:28:7f:98:d8:a2:0e:a7:1b:f9:12:ce:f0:b8:57:
         cb:0d:92:0d:3a:72:cc:4e:0c:1e:6e:74:a7:58:69:a1:32:16:
         eb:37:d3:1d:7c:14:f3:05:41:cc:cc:30:0d:af:54:01:bb:9b:
         08:1e:86:a3:d5:9f:13:fc:91:89:89:6b:c8:52:e3:4e:c1:cc:
         43:c1:89:13:02:70:63:bb:a3:d3:96:95:80:fb:57:7f:85:aa:
         50:fc:a5:f4:09:1e:cd:ee:f9:49:e0:59:7f:40:30:97:29:2f:
         31:bf:bb:19:0e:36:90:ae:35:3b:71:61:34:74:ad:e2:9f:0d:
         bb:f6:11:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJ0Bfp4ycs6po2sL/zfSJZwHaZVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDNaFw0yNTAyMjQwODUyNDNaMDMxMTAvBgNV
BAMTKDUxRDY2MzA0QjYwNDEyOUNDNTUzOTlGNEYxMjY2NUFDQjlFRTJFNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPx0m828JbQv/aEvKK5rNdvw9k
Mp3yj/OId6Je1C6YNaaPgURtXBlI4mNpMR2pZO/SZb1opup3b8wz1CzfoAnwQHXC
6yUKWUXHwJcWTbw/6fTaw62ZRI6gyBeC6QbLuwc3oVQP3xeYKn89CJPzYbcPikLx
yZVxGLR0ml4cyPb6bF01sh7s5L/EENHjGXQiDzdEAuR9wmhIrcpQ44dWWOWwclpH
kKU+roTLp3rDbXFmltsL2zbJvHETDfvFeX2QlZ4eTujZcV5Ja7yl6sl6/tw9g0J7
n4wx28nvzAlpoYQhEp8h8e1B+e3Y+q/y1ur4HGWdgnvokQBLDB94I8u+EGb1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUdZjBLYEEpzFU5n08SZlrLnuLkgwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzgzMTJlMzEzNjJlMzIzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJREBww
DQYJKoZIhvcNAQELBQADggEBAFoPqlBWa4cbqBvYKtOTYs7CKIpIpTJ6cE6mMIpV
HOc6XHfIZ0/pkO+XgjiRp2euFrjXAirSdTQ7lZLOSAyLYiSyqPrgBuTpEQj7NkXE
dp4LJyye92rw6wm0v5q3Uc+KvqyBxjBKg835wsk29MN66yNgm9CFfsb7xlJGidYm
6Gxtpp4of5jYog6nG/kSzvC4V8sNkg06csxODB5udKdYaaEyFus30x18FPMFQczM
MA2vVAG7mwgehqPVnxP8kYmJa8hS407BzEPBiRMCcGO7o9OWlYD7V3+FqlD8pfQJ
Hs3u+UngWX9AMJcpLzG/uxkONpCuNTtxYTR0reKfDbv2ERo=
-----END CERTIFICATE-----