Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137312e302f32342d3332203d3e203531313637.roa
File:                     38342e32312e3137312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          6Nl0s/NR6HkB8YVTev3gjjr9VlvFa26ithDgc1VHv/Q=
Subject key identifier:   76:47:F2:48:70:75:F0:59:C0:9D:D5:68:92:53:98:15:3A:0B:7F:4B
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       216451594E509C139DFBFFB7B7B2501A61591043
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137312e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:49 +0000
ROA not before:           Mon 26 Feb 2024 08:48:49 +0000
ROA not after:            Mon 24 Feb 2025 08:53:49 +0000
asID:                     51167
IP address blocks:        84.21.171.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:64:51:59:4e:50:9c:13:9d:fb:ff:b7:b7:b2:50:1a:61:59:10:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:49 2024 GMT
            Not After : Feb 24 08:53:49 2025 GMT
        Subject: CN=7647F2487075F059C09DD568925398153A0B7F4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:a4:04:56:04:bc:46:2f:08:e5:44:6b:39:2a:
                    1b:d8:50:81:bb:07:fb:31:e5:c6:10:38:38:79:97:
                    c0:60:3d:13:0c:34:11:02:b6:2e:4c:a6:ca:e9:be:
                    ba:22:ce:cf:38:6e:0b:e6:fa:c5:d8:4b:07:df:bf:
                    22:cb:1a:94:d7:0b:b0:50:5a:41:c7:5c:83:db:41:
                    84:c8:e0:8f:41:d6:cd:70:de:2c:66:ad:3c:8f:80:
                    92:41:c5:2c:75:8d:61:7c:e9:fd:1f:14:e3:e7:26:
                    8a:aa:6e:7d:3b:50:e2:f7:0b:41:67:b4:59:b0:a7:
                    b0:2a:a3:1f:71:69:14:b6:b0:be:1b:f6:1a:93:29:
                    24:7b:1e:fd:f9:d2:18:6b:34:60:04:16:b6:9d:dc:
                    35:66:26:09:23:08:27:3b:9e:43:40:eb:be:b1:79:
                    5b:41:65:64:91:2b:e3:46:d5:5d:af:c2:4e:cb:5a:
                    d9:a2:d7:e5:b6:3a:9b:9b:ea:aa:36:b3:72:ed:9c:
                    ee:e1:94:90:a6:41:6f:d7:f8:ea:f9:dc:55:89:94:
                    ab:97:ea:9d:07:6e:63:ee:37:8a:2e:fa:70:d9:5f:
                    2b:35:66:99:94:29:f0:9b:1d:3c:76:6d:14:1d:2f:
                    b6:25:51:e4:59:b2:ff:99:71:7d:39:79:db:be:44:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:47:F2:48:70:75:F0:59:C0:9D:D5:68:92:53:98:15:3A:0B:7F:4B
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/38342e32312e3137312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:89:02:1a:c8:b5:78:8d:12:a1:6e:50:fe:08:15:cb:26:3b:
         18:ea:8c:8c:13:b3:9f:6e:e0:01:2f:ca:e9:f2:0f:08:00:41:
         21:bd:e6:99:e2:c7:b5:1e:0e:13:d8:0b:3f:3b:7d:11:e7:cc:
         b7:1e:67:0c:a3:53:94:13:f0:ae:2c:69:8c:46:a0:e5:fc:e8:
         a4:67:58:4d:94:45:2b:51:e4:86:06:1f:55:54:73:41:29:15:
         b4:f3:b4:f8:49:42:e9:2b:6b:e8:e9:63:03:f7:8f:b9:60:8e:
         07:cd:ff:82:d0:1e:b6:ca:22:ec:d0:f7:d8:97:ab:52:1d:ad:
         16:ad:1c:1f:e0:5b:4d:08:81:24:e8:45:1a:3c:41:80:2d:27:
         9b:a8:7d:7a:b4:4a:37:40:98:81:5f:67:39:5d:73:b0:51:a3:
         6f:37:73:f4:d7:8d:b1:bb:1b:c0:53:a7:fa:e5:0a:ce:6f:d1:
         bd:1d:de:f4:85:2a:16:66:99:6c:6f:15:69:e7:b7:a2:a7:5a:
         d2:4b:84:39:c8:4c:c5:17:ee:25:77:48:e9:c0:5e:f6:9c:b2:
         31:d3:b2:24:b1:26:4a:a0:da:19:0d:db:10:02:d8:38:f4:e8:
         81:fd:bd:30:7e:b1:09:4a:a5:70:31:9c:6d:b1:76:f8:76:b4:
         58:51:92:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIWRRWU5QnBOd+/+3t7JQGmFZEEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDlaFw0yNTAyMjQwODUzNDlaMDMxMTAvBgNV
BAMTKDc2NDdGMjQ4NzA3NUYwNTlDMDlERDU2ODkyNTM5ODE1M0EwQjdGNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzpARWBLxGLwjlRGs5KhvYUIG7
B/sx5cYQODh5l8BgPRMMNBECti5Mpsrpvroizs84bgvm+sXYSwffvyLLGpTXC7BQ
WkHHXIPbQYTI4I9B1s1w3ixmrTyPgJJBxSx1jWF86f0fFOPnJoqqbn07UOL3C0Fn
tFmwp7Aqox9xaRS2sL4b9hqTKSR7Hv350hhrNGAEFrad3DVmJgkjCCc7nkNA676x
eVtBZWSRK+NG1V2vwk7LWtmi1+W2Opub6qo2s3LtnO7hlJCmQW/X+Or53FWJlKuX
6p0HbmPuN4ou+nDZXys1ZpmUKfCbHTx2bRQdL7YlUeRZsv+ZcX05edu+RIdzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdkfySHB18FnAndVoklOYFToLf0swHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzgzNDJlMzIzMTJlMzEzNzMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQV
qzANBgkqhkiG9w0BAQsFAAOCAQEAKIkCGsi1eI0SoW5Q/ggVyyY7GOqMjBOzn27g
AS/K6fIPCABBIb3mmeLHtR4OE9gLPzt9EefMtx5nDKNTlBPwrixpjEag5fzopGdY
TZRFK1HkhgYfVVRzQSkVtPO0+ElC6Str6OljA/ePuWCOB83/gtAetsoi7ND32Jer
Uh2tFq0cH+BbTQiBJOhFGjxBgC0nm6h9erRKN0CYgV9nOV1zsFGjbzdz9NeNsbsb
wFOn+uUKzm/RvR3e9IUqFmaZbG8Vaee3oqda0kuEOchMxRfuJXdI6cBe9pyyMdOy
JLEmSqDaGQ3bEALYOPTogf29MH6xCUqlcDGcbbF2+Ha0WFGSbQ==
-----END CERTIFICATE-----