Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203430303231.roa
File:                     38312e32322e33382e302f32342d3332203d3e203430303231.roa (raw, json)
Hash identifier:          Fq5NfxLUiQ5K4sZiQT14ORnKsVY7dyShaVHiM5AZ7ZI=
Subject key identifier:   7D:F4:B4:D4:A2:BB:BF:D7:54:1A:F4:2B:F4:66:1F:4B:05:C9:27:95
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       4097FC17D6B3B77C01ABA521C646787B090B680F
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203430303231.roa
Signing time:             Tue 12 Mar 2024 20:00:11 +0000
ROA not before:           Tue 12 Mar 2024 19:55:11 +0000
ROA not after:            Tue 11 Mar 2025 20:00:11 +0000
asID:                     40021
IP address blocks:        81.22.38.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:97:fc:17:d6:b3:b7:7c:01:ab:a5:21:c6:46:78:7b:09:0b:68:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Mar 12 19:55:11 2024 GMT
            Not After : Mar 11 20:00:11 2025 GMT
        Subject: CN=7DF4B4D4A2BBBFD7541AF42BF4661F4B05C92795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:29:2f:7a:4e:ab:dc:0c:36:7d:bb:b1:4c:62:
                    46:93:e6:21:7b:36:9e:2b:24:02:7c:5e:62:9e:5a:
                    80:d6:ae:bd:3a:dc:c9:6a:51:5c:81:aa:d3:cd:95:
                    48:e2:e7:f3:e2:f0:68:c4:4b:2e:92:99:54:9c:9d:
                    33:a0:0d:26:13:fc:88:96:8e:aa:2f:a2:58:24:78:
                    77:5e:c4:f1:13:bd:b9:cb:b3:5d:4c:09:87:f6:ae:
                    5e:dd:24:e0:98:df:65:c7:c1:67:da:e4:15:10:e0:
                    26:ea:fd:32:9d:41:c1:b2:cf:72:04:0a:aa:ad:b0:
                    23:61:2e:fe:2c:e3:22:90:4e:3a:0d:1d:d6:b2:66:
                    fc:28:ea:5b:52:a2:15:c2:fd:d8:0e:cf:51:35:54:
                    03:5c:d8:13:18:fa:1f:41:a6:25:27:6b:48:9a:c5:
                    e8:44:fb:48:9f:cd:54:18:b9:27:a0:6f:60:3d:f9:
                    70:30:c4:51:00:e3:a1:8d:24:38:30:3a:43:b7:ef:
                    51:89:83:38:c0:f1:77:24:b6:f7:e4:78:a6:e0:02:
                    3c:c1:02:68:43:a4:6a:af:ee:73:6d:55:0c:af:90:
                    ab:d9:01:80:48:16:29:62:cb:c7:0e:e6:83:c0:ea:
                    d0:0b:52:6e:52:f2:91:9d:30:ac:22:cf:dc:10:b4:
                    d6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F4:B4:D4:A2:BB:BF:D7:54:1A:F4:2B:F4:66:1F:4B:05:C9:27:95
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d7:6a:56:af:d2:a1:51:79:20:7a:fc:a5:06:02:bb:51:b9:
         d0:8e:21:0f:1f:b2:34:76:50:10:c3:16:ee:5b:05:49:0d:d5:
         91:41:f9:40:03:b9:79:9d:e3:bc:0a:1a:aa:1f:4b:eb:f5:a3:
         b4:40:d7:2a:85:5b:70:2f:70:87:57:1f:ab:78:84:0f:58:d9:
         68:41:66:9d:67:39:d7:fa:b4:68:71:5b:eb:c4:c9:8a:04:45:
         af:b0:24:d2:36:ee:0c:f9:5a:69:54:9e:87:ce:8e:95:36:28:
         b6:52:6c:02:54:10:35:16:a0:b6:f5:13:e3:85:9a:90:64:14:
         d0:fc:c4:73:df:20:59:16:6e:d9:10:26:e2:73:3a:d9:20:f2:
         39:34:2a:ff:18:ef:4c:52:ba:c7:86:91:44:99:bd:8f:21:a9:
         64:f8:32:92:bb:99:8b:44:4f:b0:84:ff:a8:d5:3e:ff:f7:46:
         af:b8:a2:a3:9f:d5:72:20:25:46:ee:c8:b5:dd:0b:b4:51:34:
         c5:45:21:e7:b9:47:b6:81:88:c0:b6:8d:ca:50:31:d3:3e:0a:
         c5:32:a5:91:17:08:a6:2a:b5:e6:f5:88:be:48:e8:0d:aa:dc:
         f0:28:c6:d7:83:4a:11:a3:e5:91:56:be:a2:af:af:c9:8d:d1:
         5d:9b:52:e8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQJf8F9azt3wBq6UhxkZ4ewkLaA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAzMTIxOTU1MTFaFw0yNTAzMTEyMDAwMTFaMDMxMTAvBgNV
BAMTKDdERjRCNEQ0QTJCQkJGRDc1NDFBRjQyQkY0NjYxRjRCMDVDOTI3OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KS96TqvcDDZ9u7FMYkaT5iF7
Np4rJAJ8XmKeWoDWrr063MlqUVyBqtPNlUji5/Pi8GjESy6SmVScnTOgDSYT/IiW
jqovolgkeHdexPETvbnLs11MCYf2rl7dJOCY32XHwWfa5BUQ4Cbq/TKdQcGyz3IE
CqqtsCNhLv4s4yKQTjoNHdayZvwo6ltSohXC/dgOz1E1VANc2BMY+h9BpiUna0ia
xehE+0ifzVQYuSegb2A9+XAwxFEA46GNJDgwOkO371GJgzjA8XcktvfkeKbgAjzB
AmhDpGqv7nNtVQyvkKvZAYBIFiliy8cO5oPA6tALUm5S8pGdMKwiz9wQtNYLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUffS01KK7v9dUGvQr9GYfSwXJJ5UwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMTJlMzIzMjJlMzMzODJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABRFiYw
DQYJKoZIhvcNAQELBQADggEBAHvXalav0qFReSB6/KUGArtRudCOIQ8fsjR2UBDD
Fu5bBUkN1ZFB+UADuXmd47wKGqofS+v1o7RA1yqFW3AvcIdXH6t4hA9Y2WhBZp1n
Odf6tGhxW+vEyYoERa+wJNI27gz5WmlUnofOjpU2KLZSbAJUEDUWoLb1E+OFmpBk
FND8xHPfIFkWbtkQJuJzOtkg8jk0Kv8Y70xSuseGkUSZvY8hqWT4MpK7mYtET7CE
/6jVPv/3Rq+4oqOf1XIgJUbuyLXdC7RRNMVFIee5R7aBiMC2jcpQMdM+CsUypZEX
CKYqteb1iL5I6A2q3PAoxteDShGj5ZFWvqKvr8mN0V2bUug=
-----END CERTIFICATE-----