Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33372e302f32342d3234203d3e20313336373837.roa
File:                     38312e32322e33372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          7CbJtAlzGFQYPoeuOYyqtjR/WCm1N9lrz3GNmYQpEik=
Subject key identifier:   07:E8:49:C1:D7:2F:79:BA:C9:17:06:96:BC:06:29:76:1F:8A:2E:18
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       17209F3AF0716DCE058E03685E923DC1C91DD8D6
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33372e302f32342d3234203d3e20313336373837.roa
Signing time:             Fri 08 Mar 2024 12:58:25 +0000
ROA not before:           Fri 08 Mar 2024 12:53:25 +0000
ROA not after:            Fri 07 Mar 2025 12:58:25 +0000
asID:                     136787
IP address blocks:        81.22.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:20:9f:3a:f0:71:6d:ce:05:8e:03:68:5e:92:3d:c1:c9:1d:d8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar  8 12:53:25 2024 GMT
            Not After : Mar  7 12:58:25 2025 GMT
        Subject: CN=07E849C1D72F79BAC9170696BC0629761F8A2E18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a8:9c:de:b5:6a:58:89:87:fd:18:54:ca:00:
                    9c:8d:78:39:45:35:1c:ae:c6:c1:4c:ff:80:d3:40:
                    dc:4d:e2:ab:fb:84:12:f3:3b:65:88:91:00:9d:36:
                    3d:ab:58:89:ba:a9:7e:78:b6:f6:ab:6a:a5:40:72:
                    27:f6:db:eb:7a:95:3c:b4:18:07:ba:dd:9a:27:75:
                    b4:d3:c0:07:9b:38:42:b1:8e:4a:66:e3:c7:df:94:
                    d1:24:e6:3c:a4:55:ab:4c:f5:7a:38:26:cf:8f:db:
                    68:19:56:03:19:d1:e5:f2:16:99:60:6c:42:a8:88:
                    52:68:92:83:58:1b:87:dd:68:d5:ba:b4:c8:66:dc:
                    12:83:0c:84:51:21:75:05:60:ef:af:89:63:51:a4:
                    c9:50:24:78:13:15:28:a2:83:60:9d:08:ab:63:e8:
                    86:60:24:ff:d3:45:25:9a:6a:24:85:8a:4d:ae:38:
                    31:69:2e:48:74:f9:41:81:d5:da:4f:ed:19:1c:b6:
                    09:4f:2e:05:b5:40:31:b5:a8:c4:7c:ec:0b:aa:72:
                    c5:61:ad:8c:e0:83:c5:e4:dc:aa:fd:5f:b4:a6:b6:
                    9c:a7:96:64:05:dd:0d:ba:f5:09:e9:85:d1:a1:47:
                    59:1d:0b:92:5c:e7:99:a1:ff:3f:de:ff:ab:74:7d:
                    36:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E8:49:C1:D7:2F:79:BA:C9:17:06:96:BC:06:29:76:1F:8A:2E:18
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:6d:85:a3:d2:65:b2:38:9f:e2:c6:5a:9f:22:b3:10:e7:d4:
         5b:3e:4a:7e:55:37:2f:9f:bc:73:9c:ad:0f:23:6c:61:0e:35:
         2c:c8:b3:37:f4:70:39:ca:a4:7e:23:07:74:f3:79:27:3c:1e:
         e2:10:3e:9c:ba:7d:c9:30:54:52:c5:c9:92:a3:e5:ca:10:32:
         89:b4:fd:af:a6:df:2c:31:cf:5a:29:c1:86:7b:5b:e3:64:eb:
         89:30:ad:49:22:3a:ba:d0:45:1e:a5:ea:47:fd:9c:70:2c:a5:
         b0:5a:73:b6:d7:be:c7:6a:34:af:0a:a1:7b:ec:eb:05:af:df:
         4d:e8:d3:bd:0c:a4:4d:02:00:de:29:ce:6e:73:47:08:c6:de:
         42:35:b1:ef:f3:4e:d1:39:15:46:ce:b2:a8:9b:e7:d3:e5:21:
         6d:04:c1:5b:75:4b:c0:53:33:dc:29:e5:e7:26:ef:1c:c9:8a:
         43:39:cd:90:1b:cc:aa:f7:92:52:b5:c5:fb:44:39:c7:49:2e:
         21:bf:a5:89:a1:a2:2f:a2:2a:35:fb:79:f0:f4:d1:05:db:84:
         52:bb:54:ca:3d:d1:2d:2a:e5:b5:2d:f2:e7:a0:d7:c4:4a:99:
         ff:c1:23:ca:0c:d8:59:68:dc:fb:5f:51:8d:e0:fe:27:24:d1:
         27:74:17:3a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFyCfOvBxbc4FjgNoXpI9wckd2NYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMDgxMjUzMjVaFw0yNTAzMDcxMjU4MjVaMDMxMTAvBgNV
BAMTKDA3RTg0OUMxRDcyRjc5QkFDOTE3MDY5NkJDMDYyOTc2MUY4QTJFMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFqJzetWpYiYf9GFTKAJyNeDlF
NRyuxsFM/4DTQNxN4qv7hBLzO2WIkQCdNj2rWIm6qX54tvaraqVAcif22+t6lTy0
GAe63ZondbTTwAebOEKxjkpm48fflNEk5jykVatM9Xo4Js+P22gZVgMZ0eXyFplg
bEKoiFJokoNYG4fdaNW6tMhm3BKDDIRRIXUFYO+viWNRpMlQJHgTFSiig2CdCKtj
6IZgJP/TRSWaaiSFik2uODFpLkh0+UGB1dpP7RkctglPLgW1QDG1qMR87AuqcsVh
rYzgg8Xk3Kr9X7SmtpynlmQF3Q269QnphdGhR1kdC5Jc55mh/z/e/6t0fTYRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUB+hJwdcvebrJFwaWvAYpdh+KLhgwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMTJlMzIzMjJlMzMzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFEW
JTANBgkqhkiG9w0BAQsFAAOCAQEAWG2Fo9Jlsjif4sZanyKzEOfUWz5KflU3L5+8
c5ytDyNsYQ41LMizN/RwOcqkfiMHdPN5Jzwe4hA+nLp9yTBUUsXJkqPlyhAyibT9
r6bfLDHPWinBhntb42TriTCtSSI6utBFHqXqR/2ccCylsFpztte+x2o0rwqhe+zr
Ba/fTejTvQykTQIA3inObnNHCMbeQjWx7/NO0TkVRs6yqJvn0+UhbQTBW3VLwFMz
3Cnl5ybvHMmKQznNkBvMqveSUrXF+0Q5x0kuIb+liaGiL6IqNft58PTRBduEUrtU
yj3RLSrltS3y56DXxEqZ/8EjygzYWWjc+19RjeD+JyTRJ3QXOg==
-----END CERTIFICATE-----