Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e2039333034.roa
File:                     38352e3230392e3232392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          TKqHRwCUVnc7CRdC56DXSH6l4ApVuAdNtL61vrXPyTg=
Subject key identifier:   48:7B:CB:31:5A:8B:65:DD:8B:79:43:65:B0:B0:8A:D9:02:37:DD:25
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       24DDE193D121449EBAB82BA37CA471556DE59D39
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 03 Jul 2025 13:57:21 +0000
ROA not before:           Thu 03 Jul 2025 13:52:21 +0000
ROA not after:            Thu 02 Jul 2026 13:57:21 +0000
asID:                     9304
IP address blocks:        85.209.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Jul 2025 23:27:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:dd:e1:93:d1:21:44:9e:ba:b8:2b:a3:7c:a4:71:55:6d:e5:9d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jul  3 13:52:21 2025 GMT
            Not After : Jul  2 13:57:21 2026 GMT
        Subject: CN=487BCB315A8B65DD8B794365B0B08AD90237DD25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:59:ba:40:8e:98:a2:b7:0b:45:9c:14:12:41:
                    ea:c4:6a:03:95:bb:0e:d8:ce:20:5e:0e:ea:55:d3:
                    b4:6d:fb:1c:2a:9f:00:5a:69:8e:be:af:32:c9:fb:
                    db:28:71:94:d2:0f:4b:e6:12:ec:4f:d9:7f:2e:c2:
                    53:e2:ad:fb:fd:4a:92:80:02:b4:57:22:99:a5:61:
                    54:8e:13:b6:45:e5:06:0b:a1:34:f0:9b:77:f0:11:
                    28:8f:7f:fc:c0:df:10:09:af:25:76:0e:b9:8e:e9:
                    46:25:af:5b:67:3f:23:30:04:c7:bb:90:74:83:a4:
                    04:47:97:e8:ba:63:e6:ca:57:ed:42:3e:f5:4b:15:
                    2d:0e:d7:92:53:fb:f6:8d:0d:27:86:4e:54:b6:93:
                    7b:a0:b5:44:bb:24:62:c0:30:d3:84:bf:f4:e8:96:
                    2e:21:a8:6e:13:86:9d:30:3e:91:80:bb:d6:82:55:
                    dc:92:71:6f:bd:aa:ea:d8:e5:f2:e4:de:1b:39:34:
                    ae:0a:28:81:25:75:59:7f:f1:8c:03:92:d8:7f:a7:
                    ef:7d:44:c2:af:10:3c:ba:ee:ad:51:9c:84:72:30:
                    75:44:cd:44:ac:b7:22:95:55:1e:5d:08:48:c2:35:
                    0f:a7:be:a0:44:80:60:8c:59:51:b9:0b:af:ab:94:
                    9d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7B:CB:31:5A:8B:65:DD:8B:79:43:65:B0:B0:8A:D9:02:37:DD:25
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:73:a2:af:89:1c:29:c2:e8:03:88:05:15:f2:e3:d4:fa:5e:
         82:72:5b:00:56:20:c4:3d:42:ae:b6:6b:3b:ee:10:98:4f:10:
         29:e2:98:de:8e:8a:d0:53:7f:51:f3:ab:4c:e9:b1:96:50:1c:
         79:4c:3f:c4:54:57:cb:3e:d6:a3:31:1b:18:eb:f7:89:6f:6a:
         87:cc:6f:46:4f:a8:12:d0:c8:4b:34:03:f2:8a:5a:f0:29:26:
         89:31:4a:90:48:c4:77:07:a2:1c:88:62:ad:0f:5a:f7:d3:12:
         7a:f7:07:57:6e:f3:77:9d:d2:72:0b:39:d4:8f:02:f7:fc:03:
         65:a5:91:d2:26:00:99:34:24:89:26:46:8f:57:64:92:69:34:
         54:3b:cc:fa:73:e1:26:bb:be:ba:90:61:db:05:9e:ae:aa:16:
         04:7e:82:c6:32:24:d1:46:5c:96:d0:dd:6f:df:fb:87:06:fd:
         84:5a:a2:1b:cb:3d:9e:19:69:bc:76:c5:66:8b:de:48:fa:c7:
         01:22:c9:b9:29:05:57:cc:c6:07:5a:4c:fe:56:a3:ec:d0:77:
         36:ff:bf:06:44:34:28:50:5e:cb:34:bb:be:ae:27:01:c0:70:
         41:3c:09:7a:76:ec:aa:de:53:00:1b:a3:8d:1b:11:0d:2b:f3:
         90:d4:13:56
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJN3hk9EhRJ66uCujfKRxVW3lnTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA3MDMxMzUyMjFaFw0yNjA3MDIxMzU3MjFaMDMxMTAvBgNV
BAMTKDQ4N0JDQjMxNUE4QjY1REQ4Qjc5NDM2NUIwQjA4QUQ5MDIzN0REMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDWbpAjpiitwtFnBQSQerEagOV
uw7YziBeDupV07Rt+xwqnwBaaY6+rzLJ+9socZTSD0vmEuxP2X8uwlPirfv9SpKA
ArRXIpmlYVSOE7ZF5QYLoTTwm3fwESiPf/zA3xAJryV2DrmO6UYlr1tnPyMwBMe7
kHSDpARHl+i6Y+bKV+1CPvVLFS0O15JT+/aNDSeGTlS2k3ugtUS7JGLAMNOEv/To
li4hqG4Thp0wPpGAu9aCVdyScW+9qurY5fLk3hs5NK4KKIEldVl/8YwDkth/p+99
RMKvEDy67q1RnIRyMHVEzUSstyKVVR5dCEjCNQ+nvqBEgGCMWVG5C6+rlJ0hAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSHvLMVqLZd2LeUNlsLCK2QI33SUwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
5TANBgkqhkiG9w0BAQsFAAOCAQEAj3Oir4kcKcLoA4gFFfLj1PpegnJbAFYgxD1C
rrZrO+4QmE8QKeKY3o6K0FN/UfOrTOmxllAceUw/xFRXyz7WozEbGOv3iW9qh8xv
Rk+oEtDISzQD8opa8CkmiTFKkEjEdweiHIhirQ9a99MSevcHV27zd53Scgs51I8C
9/wDZaWR0iYAmTQkiSZGj1dkkmk0VDvM+nPhJru+upBh2wWerqoWBH6CxjIk0UZc
ltDdb9/7hwb9hFqiG8s9nhlpvHbFZoveSPrHASLJuSkFV8zGB1pM/laj7NB3Nv+/
BkQ0KFBeyzS7vq4nAcBwQTwJenbsqt5TABujjRsRDSvzkNQTVg==
-----END CERTIFICATE-----