Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203239383032.roa
File:                     38352e3135382e35372e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          szsZFm/NKEjUnFL+gZEFO5SUJBlrs9lndyOEY38pE64=
Subject key identifier:   77:CA:1D:C3:C5:6B:E2:67:09:14:BD:13:92:03:C6:0E:93:3A:F6:51
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6A7C2F99B650D1D4B87EFEE6AD6842B72EDD7EAD
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203239383032.roa
Signing time:             Fri 10 Nov 2023 16:14:43 +0000
ROA not before:           Fri 10 Nov 2023 16:09:43 +0000
ROA not after:            Fri 08 Nov 2024 16:14:43 +0000
asID:                     29802
IP address blocks:        85.158.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 19:05:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7c:2f:99:b6:50:d1:d4:b8:7e:fe:e6:ad:68:42:b7:2e:dd:7e:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov 10 16:09:43 2023 GMT
            Not After : Nov  8 16:14:43 2024 GMT
        Subject: CN=77CA1DC3C56BE2670914BD139203C60E933AF651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d8:5f:e9:48:d8:0a:f4:15:c9:d4:9d:50:bf:
                    ec:7a:3e:8b:af:d9:b5:e6:4d:7d:a5:86:4d:78:cd:
                    56:20:5a:22:ab:ea:0d:8f:62:42:fc:b0:f6:5b:07:
                    4f:68:dc:7d:ff:ad:c9:ec:e8:dc:6b:6d:4d:ca:4e:
                    5e:05:c1:ed:db:c9:1f:5c:b9:88:a7:1f:63:7a:ec:
                    a0:aa:72:65:a0:54:53:fb:64:03:4a:ea:db:68:46:
                    41:db:c5:2a:0a:84:30:0f:88:b4:97:54:34:8d:6e:
                    0c:03:e0:ea:67:e4:d1:5d:dd:3e:36:fa:15:54:c1:
                    fd:fc:a0:c1:03:81:3f:5b:00:6b:1c:58:da:6c:b5:
                    ab:3c:75:d7:4e:91:09:c5:fa:d4:9f:8a:e9:32:8a:
                    69:a3:c6:bc:e1:ee:9c:37:54:6a:da:e2:ab:fa:75:
                    55:0a:b5:4f:31:11:fd:f9:84:60:58:44:6f:8d:e3:
                    2a:53:d2:97:0f:eb:ed:0e:cf:2a:db:37:13:2b:5c:
                    d3:e5:85:f4:05:07:29:ab:49:be:70:84:28:79:42:
                    97:7c:16:1c:b0:a3:02:58:21:1b:91:08:93:f0:48:
                    6d:6a:1e:41:cb:5a:46:ca:f4:c9:3b:b7:97:a2:55:
                    85:6b:31:b3:58:a9:a7:cc:b6:49:03:e7:14:46:d1:
                    17:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CA:1D:C3:C5:6B:E2:67:09:14:BD:13:92:03:C6:0E:93:3A:F6:51
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:c0:e1:cc:92:29:05:af:bc:01:ef:9d:1e:af:97:e2:f8:40:
         5f:6a:43:bb:0a:96:aa:7d:d7:09:ee:0b:f3:5e:b3:8f:c7:08:
         45:56:2e:d1:ff:88:cd:a8:2c:b4:00:89:f8:20:92:41:e1:87:
         dd:e8:4f:6f:aa:96:54:67:b9:3c:6b:e9:29:ca:31:32:56:2c:
         e9:4c:78:d7:f0:2e:fa:63:23:7c:c4:b9:5c:59:e6:16:70:a1:
         1d:00:cc:82:50:f3:88:95:c0:94:db:fa:da:c5:bd:27:a7:0b:
         88:76:a3:d0:20:f2:56:be:49:3b:2a:1a:c0:b9:66:4a:2b:47:
         c1:77:a6:73:1e:8c:75:d0:c4:d7:50:1b:4e:0a:5b:b2:e1:03:
         91:74:16:e1:2b:c2:2d:0e:69:44:9d:1e:2f:23:1f:72:b5:79:
         f4:ae:c9:5b:6b:46:e3:71:df:cb:0b:9c:8d:16:41:ce:94:5e:
         1e:b6:5f:ec:ff:79:4f:56:96:27:47:9d:59:e3:26:32:b3:c3:
         7a:4c:f5:06:05:04:2b:77:f9:df:fc:44:d1:09:9b:e0:c7:f5:
         3a:55:79:4a:2e:e2:a8:45:a0:9d:1c:45:0b:bf:cd:c4:09:c6:
         01:7d:07:3d:06:7c:f4:7a:50:9f:5b:fc:ea:97:89:74:e4:4c:
         32:a4:71:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUanwvmbZQ0dS4fv7mrWhCty7dfq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yMzExMTAxNjA5NDNaFw0yNDExMDgxNjE0NDNaMDMxMTAvBgNV
BAMTKDc3Q0ExREMzQzU2QkUyNjcwOTE0QkQxMzkyMDNDNjBFOTMzQUY2NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe2F/pSNgK9BXJ1J1Qv+x6Pouv
2bXmTX2lhk14zVYgWiKr6g2PYkL8sPZbB09o3H3/rcns6NxrbU3KTl4Fwe3byR9c
uYinH2N67KCqcmWgVFP7ZANK6ttoRkHbxSoKhDAPiLSXVDSNbgwD4Opn5NFd3T42
+hVUwf38oMEDgT9bAGscWNpstas8dddOkQnF+tSfiukyimmjxrzh7pw3VGra4qv6
dVUKtU8xEf35hGBYRG+N4ypT0pcP6+0OzyrbNxMrXNPlhfQFBymrSb5whCh5Qpd8
FhywowJYIRuRCJPwSG1qHkHLWkbK9Mk7t5eiVYVrMbNYqafMtkkD5xRG0Rd1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUd8odw8Vr4mcJFL0TkgPGDpM69lEwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
OTANBgkqhkiG9w0BAQsFAAOCAQEAZsDhzJIpBa+8Ae+dHq+X4vhAX2pDuwqWqn3X
Ce4L816zj8cIRVYu0f+IzagstACJ+CCSQeGH3ehPb6qWVGe5PGvpKcoxMlYs6Ux4
1/Au+mMjfMS5XFnmFnChHQDMglDziJXAlNv62sW9J6cLiHaj0CDyVr5JOyoawLlm
SitHwXemcx6MddDE11AbTgpbsuEDkXQW4SvCLQ5pRJ0eLyMfcrV59K7JW2tG43Hf
ywucjRZBzpReHrZf7P95T1aWJ0edWeMmMrPDekz1BgUEK3f53/xE0Qmb4Mf1OlV5
Si7iqEWgnRxFC7/NxAnGAX0HPQZ89HpQn1v86peJdORMMqRxug==
-----END CERTIFICATE-----