Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa
File:                     38312e31362e32382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          t/NmDOCy1lhcwMiOkgL5yAnYwa0eK8gaAKp+migSoXM=
Subject key identifier:   A0:30:2D:C8:7A:89:EF:AE:8C:D4:AF:C0:9D:3A:49:8C:8A:FE:FB:AB
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       07242737707E6C86C686179D1E02EA23B72EE228
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:50 +0000
ROA not before:           Mon 27 Jan 2025 09:39:50 +0000
ROA not after:            Mon 26 Jan 2026 09:44:50 +0000
asID:                     47583
IP address blocks:        81.16.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:24:27:37:70:7e:6c:86:c6:86:17:9d:1e:02:ea:23:b7:2e:e2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:50 2025 GMT
            Not After : Jan 26 09:44:50 2026 GMT
        Subject: CN=A0302DC87A89EFAE8CD4AFC09D3A498C8AFEFBAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:c9:68:aa:de:a9:7c:95:47:17:f2:40:56:
                    f4:ed:35:de:4a:5d:93:4d:f2:0a:97:9d:3b:bb:8d:
                    9f:9c:08:2e:56:0c:ae:60:17:86:f7:ca:58:f2:69:
                    fb:c6:a4:aa:03:d4:10:68:6f:27:b2:3f:13:a9:6d:
                    9e:4e:89:6f:69:a5:1b:6e:ff:1a:99:11:fb:f2:f6:
                    e6:78:38:13:a5:32:17:d7:a7:2c:f3:2d:3b:7a:dd:
                    2f:de:1f:5a:a3:5f:b4:ec:d7:8a:71:f7:12:a3:7d:
                    c0:f8:26:20:d9:49:18:12:d9:94:ad:6b:b7:a6:81:
                    98:89:85:93:e5:32:49:13:05:cb:aa:1c:95:f1:42:
                    43:49:39:28:21:fe:1b:f3:fd:ff:dc:a7:46:e1:e6:
                    af:61:b3:78:f0:05:5c:22:98:5f:c9:75:c5:4e:b5:
                    18:4f:d5:56:a9:9e:1d:3d:e9:92:27:8a:97:24:4c:
                    0d:cc:2b:d2:38:14:3e:2e:b0:43:29:34:77:a1:c6:
                    7a:cf:e5:d8:72:a4:06:6c:0c:bc:d3:79:b6:7c:56:
                    05:a4:59:85:b8:19:d7:3f:91:99:a2:a3:f7:92:f7:
                    80:98:f3:9f:c3:ff:56:cc:61:a7:7e:83:2e:0d:58:
                    20:7e:94:d0:5c:05:4c:15:af:28:e3:fb:a9:4a:e4:
                    49:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:30:2D:C8:7A:89:EF:AE:8C:D4:AF:C0:9D:3A:49:8C:8A:FE:FB:AB
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/38312e31362e32382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.16.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:8f:a8:6b:4c:69:7b:b7:07:b9:32:74:20:fe:75:df:4b:ce:
         8e:45:06:4c:73:6a:07:93:5d:82:fe:86:ac:74:79:cd:c3:51:
         34:0e:44:0b:0f:a1:c6:7f:2d:d5:ef:40:cd:e4:1c:0e:41:82:
         18:58:c3:a2:c8:50:5d:e5:bb:19:90:6f:9e:c2:c0:3a:7b:a5:
         ca:eb:fd:15:c5:cb:d7:57:f4:9a:a9:70:8e:47:39:1d:da:bc:
         9e:83:12:99:81:03:0c:07:00:87:04:27:3c:4d:c2:df:10:21:
         ef:bd:99:3a:64:4b:3e:f3:a4:9e:f7:2e:93:de:08:a7:e3:e3:
         1c:93:a8:ee:84:18:bf:6a:f9:dd:b9:6b:57:84:c6:5f:45:2b:
         02:14:86:a3:a8:0e:8f:b6:c9:c4:3a:aa:4e:81:4d:a4:d9:f0:
         4e:1f:23:52:1a:17:24:47:02:b9:6e:ed:36:fc:11:ef:79:23:
         dc:cd:03:32:17:e6:09:96:40:fd:90:dc:85:4d:87:d7:98:bd:
         09:cb:f8:de:d2:9d:11:88:62:0e:87:80:3d:7c:81:f4:fe:b0:
         5f:67:44:ea:7f:30:a2:d3:56:a3:84:77:c0:5a:44:08:7e:2c:
         b8:7f:1f:e9:a3:50:17:81:49:7f:b4:d1:fc:fc:a5:51:d4:4e:
         f3:64:90:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUByQnN3B+bIbGhhedHgLqI7cu4igwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NTBaFw0yNjAxMjYwOTQ0NTBaMDMxMTAvBgNV
BAMTKEEwMzAyREM4N0E4OUVGQUU4Q0Q0QUZDMDlEM0E0OThDOEFGRUZCQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Jsloqt6pfJVHF/JAVvTtNd5K
XZNN8gqXnTu7jZ+cCC5WDK5gF4b3yljyafvGpKoD1BBobyeyPxOpbZ5OiW9ppRtu
/xqZEfvy9uZ4OBOlMhfXpyzzLTt63S/eH1qjX7Ts14px9xKjfcD4JiDZSRgS2ZSt
a7emgZiJhZPlMkkTBcuqHJXxQkNJOSgh/hvz/f/cp0bh5q9hs3jwBVwimF/JdcVO
tRhP1Vapnh096ZInipckTA3MK9I4FD4usEMpNHehxnrP5dhypAZsDLzTebZ8VgWk
WYW4Gdc/kZmio/eS94CY85/D/1bMYad+gy4NWCB+lNBcBUwVryjj+6lK5EmRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoDAtyHqJ766M1K/AnTpJjIr++6swHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzgzMTJlMzEzNjJlMzIzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJREBww
DQYJKoZIhvcNAQELBQADggEBAGmPqGtMaXu3B7kydCD+dd9Lzo5FBkxzageTXYL+
hqx0ec3DUTQORAsPocZ/LdXvQM3kHA5BghhYw6LIUF3luxmQb57CwDp7pcrr/RXF
y9dX9JqpcI5HOR3avJ6DEpmBAwwHAIcEJzxNwt8QIe+9mTpkSz7zpJ73LpPeCKfj
4xyTqO6EGL9q+d25a1eExl9FKwIUhqOoDo+2ycQ6qk6BTaTZ8E4fI1IaFyRHArlu
7Tb8Ee95I9zNAzIX5gmWQP2Q3IVNh9eYvQnL+N7SnRGIYg6HgD18gfT+sF9nROp/
MKLTVqOEd8BaRAh+LLh/H+mjUBeBSX+00fz8pVHUTvNkkKU=
-----END CERTIFICATE-----