Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa
File:                     38312e32322e33382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          UgnlDrAbXzSxHVxHqiyuhJ3cSheXm+eUoGy7J1/AOqU=
Subject key identifier:   86:AC:7D:C0:37:EF:23:70:F8:B2:3A:CE:3F:1C:DC:B3:A0:E8:2D:DE
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       7FAEEFC41AC9FF3DD785507977523663D99014A2
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa
Signing time:             Fri 21 Jun 2024 08:03:59 +0000
ROA not before:           Fri 21 Jun 2024 07:58:59 +0000
ROA not after:            Fri 20 Jun 2025 08:03:59 +0000
asID:                     51167
IP address blocks:        81.22.38.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:ae:ef:c4:1a:c9:ff:3d:d7:85:50:79:77:52:36:63:d9:90:14:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Jun 21 07:58:59 2024 GMT
            Not After : Jun 20 08:03:59 2025 GMT
        Subject: CN=86AC7DC037EF2370F8B23ACE3F1CDCB3A0E82DDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:01:02:59:0e:c1:33:75:64:3f:53:fb:7d:75:
                    9e:0e:9e:04:f9:88:03:6e:e0:b1:9a:ab:a8:1f:d3:
                    9e:c9:c1:2b:07:f1:59:7b:eb:fd:8d:14:e1:e3:e8:
                    a6:14:07:03:23:85:d4:39:1f:fd:60:fe:00:b4:00:
                    48:54:41:ee:df:1d:72:4d:f9:86:06:29:05:96:69:
                    e4:ef:db:68:ea:94:00:fc:21:ad:6e:af:de:09:d7:
                    ee:c5:70:18:47:92:22:ae:b4:26:e4:13:a7:76:10:
                    ca:9f:51:94:62:f5:4c:b9:c3:62:b1:cd:e1:87:33:
                    25:18:c3:ab:02:3f:b6:68:ad:48:a5:c9:0c:47:62:
                    da:61:59:11:7c:e5:92:11:f2:b3:c2:74:7c:e3:9d:
                    83:01:d5:a7:b8:92:86:e3:70:eb:46:fb:e4:79:c3:
                    02:0f:36:fb:d8:00:c6:fc:40:65:40:ca:68:6e:9e:
                    48:28:37:c7:55:37:70:03:cf:48:6a:1f:da:6d:37:
                    cd:58:6d:d1:d5:c9:70:ed:36:bf:b0:87:b5:c5:34:
                    97:7b:27:4f:52:43:e7:82:a1:35:d7:39:a2:11:c0:
                    fd:05:a8:83:30:ff:49:4d:30:fc:8e:21:44:16:9d:
                    76:ed:02:c8:16:92:68:68:74:27:5f:0b:22:14:67:
                    47:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AC:7D:C0:37:EF:23:70:F8:B2:3A:CE:3F:1C:DC:B3:A0:E8:2D:DE
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38312e32322e33382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:29:34:6b:0e:e4:a3:ed:fe:f8:8f:3e:45:78:87:ab:2d:b9:
         f4:02:ea:bb:00:64:db:dc:cc:5d:66:ca:da:9a:44:fa:7c:61:
         0d:06:7e:c9:40:0f:2e:cd:85:7c:3e:17:ba:fe:95:3a:a6:5a:
         54:f4:92:57:4d:84:f2:18:07:b9:4c:92:26:d4:41:6c:92:bf:
         b9:70:a1:d3:8f:ed:9d:a9:d1:90:24:11:8c:6d:4b:0b:11:7d:
         f4:11:69:67:8b:08:85:a5:5b:19:fe:c9:1b:c8:1c:4a:b0:c6:
         0d:9f:a9:b9:48:1b:09:b1:03:06:d5:31:d9:8f:a8:6a:e6:cc:
         09:d4:67:33:43:ab:bb:f5:6d:91:36:92:9e:01:4c:16:3e:8a:
         f3:3f:a1:fb:f6:55:af:40:92:31:c8:0c:50:26:dd:94:2a:c5:
         d7:12:5f:56:b0:80:e2:03:22:22:91:d9:4d:5a:92:66:99:65:
         94:07:4e:1b:a5:67:5b:dd:51:97:8b:dd:31:b6:30:7b:6d:e3:
         7c:1d:0d:ff:b3:90:a8:81:bd:15:a3:06:2b:31:d8:ec:a0:44:
         56:a8:f1:fd:f7:87:eb:84:d9:9e:eb:65:7a:03:8b:62:45:6c:
         cb:f4:38:8a:b4:dd:e6:e6:8d:7e:60:a8:27:15:67:ea:cb:ca:
         07:24:6b:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUf67vxBrJ/z3XhVB5d1I2Y9mQFKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDA2MjEwNzU4NTlaFw0yNTA2MjAwODAzNTlaMDMxMTAvBgNV
BAMTKDg2QUM3REMwMzdFRjIzNzBGOEIyM0FDRTNGMUNEQ0IzQTBFODJEREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/AQJZDsEzdWQ/U/t9dZ4OngT5
iANu4LGaq6gf057JwSsH8Vl76/2NFOHj6KYUBwMjhdQ5H/1g/gC0AEhUQe7fHXJN
+YYGKQWWaeTv22jqlAD8Ia1ur94J1+7FcBhHkiKutCbkE6d2EMqfUZRi9Uy5w2Kx
zeGHMyUYw6sCP7ZorUilyQxHYtphWRF85ZIR8rPCdHzjnYMB1ae4kobjcOtG++R5
wwIPNvvYAMb8QGVAymhunkgoN8dVN3ADz0hqH9ptN81YbdHVyXDtNr+wh7XFNJd7
J09SQ+eCoTXXOaIRwP0FqIMw/0lNMPyOIUQWnXbtAsgWkmhodCdfCyIUZ0epAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUhqx9wDfvI3D4sjrOPxzcs6DoLd4wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzMTJlMzIzMjJlMzMzODJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABRFiYw
DQYJKoZIhvcNAQELBQADggEBAIcpNGsO5KPt/viPPkV4h6stufQC6rsAZNvczF1m
ytqaRPp8YQ0GfslADy7NhXw+F7r+lTqmWlT0kldNhPIYB7lMkibUQWySv7lwodOP
7Z2p0ZAkEYxtSwsRffQRaWeLCIWlWxn+yRvIHEqwxg2fqblIGwmxAwbVMdmPqGrm
zAnUZzNDq7v1bZE2kp4BTBY+ivM/ofv2Va9AkjHIDFAm3ZQqxdcSX1awgOIDIiKR
2U1akmaZZZQHThulZ1vdUZeL3TG2MHtt43wdDf+zkKiBvRWjBisx2OygRFao8f33
h+uE2Z7rZXoDi2JFbMv0OIq03ebmjX5gqCcVZ+rLygcka7U=
-----END CERTIFICATE-----