Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa
File:                     38312e32322e33382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          O1ndg3eKZPYTgw4iXjCVL0rYpRWfwjsrrmBazz8MU3E=
Subject key identifier:   3A:21:6F:82:E5:0B:26:3B:11:20:D8:53:E1:DE:06:CF:F9:AF:81:22
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       77BD53ECBA25C572390CA674F1A2F373FC64A0CC
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 21 Jul 2023 07:20:31 +0000
ROA not before:           Fri 21 Jul 2023 07:15:31 +0000
ROA not after:            Fri 19 Jul 2024 07:20:31 +0000
asID:                     51167
IP address blocks:        81.22.38.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:bd:53:ec:ba:25:c5:72:39:0c:a6:74:f1:a2:f3:73:fc:64:a0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Jul 21 07:15:31 2023 GMT
            Not After : Jul 19 07:20:31 2024 GMT
        Subject: CN=3A216F82E50B263B1120D853E1DE06CFF9AF8122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:33:43:3b:2e:36:46:5f:b5:36:8c:c6:b0:0b:
                    45:8b:4c:36:e3:c1:00:68:8f:00:cd:1c:a1:23:78:
                    36:32:d9:c7:42:be:3a:97:91:e9:00:1a:98:3f:1c:
                    7b:d9:65:d0:6d:0a:a0:06:6c:33:f1:7e:88:51:5e:
                    95:17:7e:59:d5:33:14:26:a0:2d:27:17:08:f3:0e:
                    11:e7:9a:6c:1f:b0:f7:5d:0d:a1:be:c2:b7:15:fc:
                    19:a8:8f:9a:55:29:84:b5:8a:da:56:48:2a:cc:8b:
                    e4:27:c5:04:ef:57:8e:f5:4c:17:33:66:b1:20:8a:
                    1c:c9:6c:8e:ac:41:32:99:38:ed:01:25:ac:14:e2:
                    20:e5:80:1f:58:ac:98:3e:90:b7:32:45:54:e8:34:
                    c3:c3:72:93:81:21:26:ca:6c:8b:29:ac:55:2a:39:
                    b5:aa:23:24:82:52:7d:5d:92:8c:52:42:d3:cf:25:
                    f2:ae:c7:49:3a:fe:03:68:6a:65:39:b0:3a:3f:b4:
                    a9:8d:e6:7f:ec:83:cf:d9:10:0c:aa:51:48:1a:09:
                    d8:f0:ca:3b:5b:8f:eb:5d:e0:be:eb:b1:f9:e0:5a:
                    83:64:30:28:fa:e0:4c:eb:65:fc:be:23:07:a1:f2:
                    00:7c:36:80:f2:3d:b2:44:84:31:a7:f4:ff:1a:84:
                    d6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:21:6F:82:E5:0B:26:3B:11:20:D8:53:E1:DE:06:CF:F9:AF:81:22
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:b9:00:e5:c3:a3:de:36:3e:bf:3a:7d:79:d4:5e:18:57:8a:
         44:92:21:e0:83:48:a2:d5:d6:5e:58:54:31:80:1f:8f:01:32:
         91:31:43:b1:9c:c3:eb:b6:2c:c8:70:7c:07:97:51:e9:7b:4b:
         16:30:b8:6b:bf:98:64:c0:cd:17:44:8f:9f:91:38:5e:7a:f1:
         97:5d:35:4b:84:e4:bd:13:44:ab:3b:62:82:79:36:74:c4:50:
         eb:be:28:98:36:ca:6b:2e:b5:ca:ac:73:a9:0c:c1:12:05:b5:
         ea:84:be:de:1d:28:ae:83:c7:d8:c9:38:4f:54:ee:6c:7d:3b:
         f8:2f:e7:26:c0:c5:e5:a5:26:68:ef:cc:17:8a:e1:6a:e6:6d:
         1e:fa:f5:b6:59:f5:5a:2e:ac:c6:0e:26:47:0e:ef:a8:a0:55:
         63:50:51:d2:c2:ab:31:11:d8:f2:26:f3:e8:a4:58:4b:d4:4d:
         1d:95:92:9a:7b:a5:97:24:1b:e4:34:21:75:f7:fb:cf:39:14:
         83:9d:31:9f:73:cb:a1:8f:95:cc:1a:35:87:14:ca:2a:45:86:
         c2:9e:0e:39:93:45:52:59:96:32:77:60:7f:4f:eb:7f:1b:ed:
         7e:c1:4a:d2:ac:62:99:10:e1:e0:58:11:f0:ae:50:a7:f6:d6:
         8e:03:1a:0d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd71T7LolxXI5DKZ08aLzc/xkoMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yMzA3MjEwNzE1MzFaFw0yNDA3MTkwNzIwMzFaMDMxMTAvBgNV
BAMTKDNBMjE2RjgyRTUwQjI2M0IxMTIwRDg1M0UxREUwNkNGRjlBRjgxMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjM0M7LjZGX7U2jMawC0WLTDbj
wQBojwDNHKEjeDYy2cdCvjqXkekAGpg/HHvZZdBtCqAGbDPxfohRXpUXflnVMxQm
oC0nFwjzDhHnmmwfsPddDaG+wrcV/Bmoj5pVKYS1itpWSCrMi+QnxQTvV471TBcz
ZrEgihzJbI6sQTKZOO0BJawU4iDlgB9YrJg+kLcyRVToNMPDcpOBISbKbIsprFUq
ObWqIySCUn1dkoxSQtPPJfKux0k6/gNoamU5sDo/tKmN5n/sg8/ZEAyqUUgaCdjw
yjtbj+td4L7rsfngWoNkMCj64EzrZfy+Iweh8gB8NoDyPbJEhDGn9P8ahNaFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOiFvguULJjsRINhT4d4Gz/mvgSIwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMTJlMzIzMjJlMzMzODJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABRFiYw
DQYJKoZIhvcNAQELBQADggEBAJq5AOXDo942Pr86fXnUXhhXikSSIeCDSKLV1l5Y
VDGAH48BMpExQ7Gcw+u2LMhwfAeXUel7SxYwuGu/mGTAzRdEj5+ROF568ZddNUuE
5L0TRKs7YoJ5NnTEUOu+KJg2ymsutcqsc6kMwRIFteqEvt4dKK6Dx9jJOE9U7mx9
O/gv5ybAxeWlJmjvzBeK4WrmbR769bZZ9VourMYOJkcO76igVWNQUdLCqzER2PIm
8+ikWEvUTR2Vkpp7pZckG+Q0IXX3+885FIOdMZ9zy6GPlcwaNYcUyipFhsKeDjmT
RVJZljJ3YH9P638b7X7BStKsYpkQ4eBYEfCuUKf21o4DGg0=
-----END CERTIFICATE-----