Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3231312e302f32342d3332203d3e203531313637.roa
File:                     38302e36352e3231312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          RkPf3MNqQOOd3IzPHS11RWluh15C++7Symo7tJ3Nujk=
Subject key identifier:   67:C9:11:E6:17:9D:28:87:1E:A7:10:DB:D8:44:65:65:0B:98:30:10
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       33D47DAD0A15082785707045C75588283E91C736
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3231312e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:50 +0000
ROA not before:           Mon 26 Feb 2024 08:48:50 +0000
ROA not after:            Mon 24 Feb 2025 08:53:50 +0000
asID:                     51167
IP address blocks:        80.65.211.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:d4:7d:ad:0a:15:08:27:85:70:70:45:c7:55:88:28:3e:91:c7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:50 2024 GMT
            Not After : Feb 24 08:53:50 2025 GMT
        Subject: CN=67C911E6179D28871EA710DBD84465650B983010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:68:b9:79:19:af:3f:5d:bc:11:7e:c6:a2:bf:
                    db:d4:4d:03:bf:44:23:1f:14:bd:4e:68:92:63:e8:
                    b8:e4:cc:41:cd:a4:86:fb:09:a2:31:8b:0c:87:28:
                    05:ec:7f:f8:a5:73:f8:ce:c7:19:76:84:d7:38:d1:
                    c0:4a:f6:0e:b7:23:6b:a9:e1:f9:41:5a:e9:d1:21:
                    f0:00:8e:a0:93:cd:3e:2f:9c:6f:da:00:3e:4b:d3:
                    99:c6:08:bd:c9:a2:da:71:ff:18:47:8e:37:56:87:
                    6e:bf:7d:f0:b4:9f:3b:4c:36:b1:bb:63:ee:2d:72:
                    4d:c4:ce:06:63:c7:13:d5:5e:7d:80:9d:af:a8:bb:
                    56:58:0c:f3:ed:dc:b1:e4:db:42:5c:a3:04:e1:63:
                    5c:98:a3:58:77:be:a3:c4:45:2e:d1:82:91:2c:0d:
                    79:be:fa:2d:96:85:7a:55:32:b8:fb:f7:ed:54:03:
                    d9:bb:a8:2b:f5:85:1b:49:b9:ca:ea:ec:59:81:66:
                    6a:0e:96:a1:29:1b:56:b9:6e:0b:8d:46:d5:90:9f:
                    bd:b2:0a:2f:a7:fd:19:c0:64:9a:9c:b0:b5:ea:65:
                    28:11:46:62:3e:9f:46:de:41:75:aa:4e:ee:1b:15:
                    55:8d:51:f0:00:7d:e8:12:8d:66:ad:d6:cf:ad:ca:
                    da:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C9:11:E6:17:9D:28:87:1E:A7:10:DB:D8:44:65:65:0B:98:30:10
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38302e36352e3231312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.65.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:57:c5:a1:f5:b4:44:d7:60:b4:5d:7a:ae:5e:ef:90:fd:32:
         35:32:97:11:58:65:3f:51:b5:94:6e:99:3a:6d:4b:8a:ec:ab:
         2d:3b:00:bf:76:14:e8:b0:d9:18:c9:62:3e:32:9e:13:3b:ea:
         50:34:d6:22:ff:6f:aa:38:56:ff:9a:30:a2:c6:e1:44:84:aa:
         09:bb:b4:84:16:ff:a2:50:04:d1:10:00:a4:84:09:37:80:be:
         71:26:4e:05:4b:d4:de:42:ad:1e:5a:77:97:d1:4b:0e:13:7c:
         1c:5c:20:67:25:75:b4:a1:c7:78:f7:fd:72:a8:60:67:99:19:
         db:6d:48:fa:91:a9:a6:f1:39:3a:16:fc:f5:fa:d7:5c:de:f7:
         db:4b:84:21:90:32:99:3b:84:43:f8:0a:17:4c:c4:0d:9b:ab:
         91:1c:1f:7e:46:d9:ea:09:67:50:20:bf:d1:55:fc:eb:85:88:
         c7:96:5d:ae:27:e9:3d:37:53:25:a8:72:db:8b:a5:d3:7f:d5:
         2e:19:94:dc:66:65:af:b3:c4:22:0a:d0:36:12:f2:b1:0a:9e:
         46:7a:c0:d1:9d:76:e2:b0:2c:81:04:33:7e:ba:db:d7:f2:40:
         6a:77:3c:da:dd:50:0e:80:0a:1a:27:ad:11:96:fa:c6:5f:58:
         60:8e:34:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUM9R9rQoVCCeFcHBFx1WIKD6RxzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NTBaFw0yNTAyMjQwODUzNTBaMDMxMTAvBgNV
BAMTKDY3QzkxMUU2MTc5RDI4ODcxRUE3MTBEQkQ4NDQ2NTY1MEI5ODMwMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtaLl5Ga8/XbwRfsaiv9vUTQO/
RCMfFL1OaJJj6LjkzEHNpIb7CaIxiwyHKAXsf/ilc/jOxxl2hNc40cBK9g63I2up
4flBWunRIfAAjqCTzT4vnG/aAD5L05nGCL3Jotpx/xhHjjdWh26/ffC0nztMNrG7
Y+4tck3EzgZjxxPVXn2Ana+ou1ZYDPPt3LHk20JcowThY1yYo1h3vqPERS7RgpEs
DXm++i2WhXpVMrj79+1UA9m7qCv1hRtJucrq7FmBZmoOlqEpG1a5bguNRtWQn72y
Ci+n/RnAZJqcsLXqZSgRRmI+n0beQXWqTu4bFVWNUfAAfegSjWat1s+tytqpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZ8kR5hedKIcepxDb2ERlZQuYMBAwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMDJlMzYzNTJlMzIzMTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBB
0zANBgkqhkiG9w0BAQsFAAOCAQEAO1fFofW0RNdgtF16rl7vkP0yNTKXEVhlP1G1
lG6ZOm1LiuyrLTsAv3YU6LDZGMliPjKeEzvqUDTWIv9vqjhW/5owosbhRISqCbu0
hBb/olAE0RAApIQJN4C+cSZOBUvU3kKtHlp3l9FLDhN8HFwgZyV1tKHHePf9cqhg
Z5kZ221I+pGppvE5Ohb89frXXN7320uEIZAymTuEQ/gKF0zEDZurkRwffkbZ6gln
UCC/0VX864WIx5ZdrifpPTdTJahy24ul03/VLhmU3GZlr7PEIgrQNhLysQqeRnrA
0Z124rAsgQQzfrrb1/JAanc82t1QDoAKGietEZb6xl9YYI40EA==
-----END CERTIFICATE-----