Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3230392e302f32342d3234203d3e20383334.roa
File:                     38302e36352e3230392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          zmme24JG5LkMXkmGf2/mqVWYyUajBQ+l5C/Z7/SQ4qI=
Subject key identifier:   70:F5:10:76:F0:C2:C4:65:2C:E7:2F:BC:B5:7B:A2:17:2F:EF:78:33
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       44D3C4776EB7C95DB8BE37020B5DECB3E4396BC0
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3230392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 15 Mar 2024 09:09:09 +0000
ROA not before:           Fri 15 Mar 2024 09:04:09 +0000
ROA not after:            Fri 14 Mar 2025 09:09:09 +0000
asID:                     834
IP address blocks:        80.65.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d3:c4:77:6e:b7:c9:5d:b8:be:37:02:0b:5d:ec:b3:e4:39:6b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar 15 09:04:09 2024 GMT
            Not After : Mar 14 09:09:09 2025 GMT
        Subject: CN=70F51076F0C2C4652CE72FBCB57BA2172FEF7833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:33:c0:c6:8b:3d:dd:da:2e:a4:12:2e:7e:47:
                    d1:79:69:0c:3d:6f:f3:72:2b:fe:46:df:4b:58:f5:
                    89:5e:9d:20:f5:57:eb:2d:d5:fe:7d:1b:f5:97:c7:
                    c4:b6:40:aa:7c:5e:80:4a:fe:fd:e6:43:27:ab:75:
                    a2:09:3c:b3:72:7e:64:57:fe:d6:14:e6:40:61:7c:
                    e0:5e:af:ad:88:03:db:e0:d0:67:ab:f1:1b:ee:ab:
                    7d:31:4d:66:ed:5a:0a:5b:bb:c7:47:30:0e:21:39:
                    49:32:1f:5f:dd:94:ff:d2:71:22:99:dd:22:10:85:
                    f2:94:3b:2a:24:22:c6:e1:00:7f:86:6d:46:93:f4:
                    c0:be:95:b9:80:50:8c:ef:17:6d:8c:f9:e4:84:6a:
                    30:ef:91:6b:88:99:f0:21:73:cd:f9:87:62:a3:30:
                    ac:a9:f7:39:ad:4a:c1:a3:80:86:c8:d3:71:d1:4d:
                    d0:d4:0f:9f:1d:b2:2c:48:49:00:1e:a2:e8:09:c9:
                    40:75:72:89:1b:a7:33:e5:f5:5c:c0:f4:ba:03:f4:
                    09:19:9e:84:a0:08:dc:a9:6a:56:e2:6a:89:81:cc:
                    e8:40:ff:d8:9a:02:25:1f:a5:12:71:aa:bd:08:34:
                    66:4b:fe:f1:2b:9a:b8:6e:e6:d8:9b:f2:5e:81:c9:
                    8f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F5:10:76:F0:C2:C4:65:2C:E7:2F:BC:B5:7B:A2:17:2F:EF:78:33
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3230392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.65.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:26:31:31:e1:45:cf:f0:31:5f:c2:c3:90:ca:2d:33:0d:7b:
         97:05:19:f5:af:89:02:66:a9:4b:72:9c:58:d6:07:4b:01:38:
         2a:b5:55:ac:78:44:15:6c:69:74:cb:d1:8f:5e:2c:4a:65:6a:
         1c:e8:85:0c:38:08:48:71:11:32:d4:57:7c:a0:b6:8f:b1:98:
         05:de:51:13:aa:db:12:c8:74:a7:95:90:54:b1:71:1e:fc:13:
         8f:8c:5f:31:c7:b1:a1:a5:cc:7b:7f:c6:28:51:f6:92:22:c0:
         75:e5:a9:b5:1c:cd:62:6f:d5:8c:c2:5b:40:e8:38:97:53:e1:
         63:8f:2d:cf:23:de:1b:f5:2b:00:de:c0:f3:4c:5f:b5:72:54:
         fb:6c:42:90:bb:a5:26:66:a3:b7:24:18:c4:a0:b6:f0:f7:d9:
         5f:6c:da:04:ea:6e:12:61:63:af:09:5c:95:49:dd:e0:77:e7:
         27:2c:42:29:04:df:ed:8f:56:9d:67:b8:45:51:76:ca:f1:5d:
         e2:ce:b4:e2:16:fb:42:7f:de:c1:ca:27:95:1b:6d:cc:c0:bc:
         42:26:9d:e6:69:e6:41:3a:63:ce:31:55:c1:77:33:d9:1d:7e:
         d8:93:51:74:fa:75:29:36:e2:14:66:af:5f:8c:16:2b:ff:ed:
         fa:db:70:93
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURNPEd263yV24vjcCC13ss+Q5a8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMTUwOTA0MDlaFw0yNTAzMTQwOTA5MDlaMDMxMTAvBgNV
BAMTKDcwRjUxMDc2RjBDMkM0NjUyQ0U3MkZCQ0I1N0JBMjE3MkZFRjc4MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2M8DGiz3d2i6kEi5+R9F5aQw9
b/NyK/5G30tY9YlenSD1V+st1f59G/WXx8S2QKp8XoBK/v3mQyerdaIJPLNyfmRX
/tYU5kBhfOBer62IA9vg0Ger8Rvuq30xTWbtWgpbu8dHMA4hOUkyH1/dlP/ScSKZ
3SIQhfKUOyokIsbhAH+GbUaT9MC+lbmAUIzvF22M+eSEajDvkWuImfAhc835h2Kj
MKyp9zmtSsGjgIbI03HRTdDUD58dsixISQAeougJyUB1cokbpzPl9VzA9LoD9AkZ
noSgCNypalbiaomBzOhA/9iaAiUfpRJxqr0INGZL/vErmrhu5tib8l6ByY/XAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUcPUQdvDCxGUs5y+8tXuiFy/veDMwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMDJlMzYzNTJlMzIzMDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEHRMA0G
CSqGSIb3DQEBCwUAA4IBAQAzJjEx4UXP8DFfwsOQyi0zDXuXBRn1r4kCZqlLcpxY
1gdLATgqtVWseEQVbGl0y9GPXixKZWoc6IUMOAhIcREy1Fd8oLaPsZgF3lETqtsS
yHSnlZBUsXEe/BOPjF8xx7Ghpcx7f8YoUfaSIsB15am1HM1ib9WMwltA6DiXU+Fj
jy3PI94b9SsA3sDzTF+1clT7bEKQu6UmZqO3JBjEoLbw99lfbNoE6m4SYWOvCVyV
Sd3gd+cnLEIpBN/tj1adZ7hFUXbK8V3izrTiFvtCf97ByieVG23MwLxCJp3maeZB
OmPOMVXBdzPZHX7Yk1F0+nUpNuIUZq9fjBYr/+3623CT
-----END CERTIFICATE-----