Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e35372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          4/DKKEWXUcr2rM68TO1danyOfqzWFdZUjCplYdqNEkc=
Subject key identifier:   C9:16:FD:33:03:D2:AD:18:F1:BB:C0:8C:00:61:8C:13:C7:13:F9:5B
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       02E9BB461C62E42FE146EB256EDADB0B86FFA792
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 08 Nov 2023 09:21:34 +0000
ROA not before:           Wed 08 Nov 2023 09:16:34 +0000
ROA not after:            Wed 06 Nov 2024 09:21:34 +0000
asID:                     61317
IP address blocks:        85.158.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e9:bb:46:1c:62:e4:2f:e1:46:eb:25:6e:da:db:0b:86:ff:a7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov  8 09:16:34 2023 GMT
            Not After : Nov  6 09:21:34 2024 GMT
        Subject: CN=C916FD3303D2AD18F1BBC08C00618C13C713F95B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:37:70:24:e6:43:de:d5:df:69:7f:a4:b5:38:
                    89:68:02:3b:3e:29:2d:f5:d0:de:35:f0:23:f6:1e:
                    d0:f7:fa:1c:47:89:e1:c4:ab:9b:ef:4f:a8:79:ab:
                    40:88:c6:a0:0a:a8:17:45:33:56:d1:60:28:a9:61:
                    d9:66:24:e9:88:c1:70:fb:e1:5b:91:6e:03:44:0e:
                    51:d0:11:51:f5:4b:34:79:ce:c6:2f:fe:e1:e5:22:
                    f4:52:8c:73:d4:d1:9c:bb:3a:c0:f1:d5:2a:da:e9:
                    90:70:13:55:dd:54:91:58:4b:28:50:7c:1d:5f:40:
                    22:5a:4e:2b:e9:e1:f5:ee:d9:c9:15:b3:95:1d:ce:
                    b4:19:d4:33:a3:45:35:8b:1e:36:8f:05:ea:11:4c:
                    9c:1e:49:b3:c6:7f:72:ec:ec:3b:19:7f:c3:02:7b:
                    32:02:6d:60:5f:81:80:ab:a5:7f:da:9e:92:b5:00:
                    cb:04:7f:2e:d8:a1:65:5f:f8:91:88:7d:6a:cb:f0:
                    d4:c4:11:13:b3:11:fc:cb:0b:0b:d3:08:35:14:d7:
                    57:ee:ef:4f:18:4c:81:0c:2b:6f:71:fd:21:1a:24:
                    85:fb:12:5b:c5:2a:f4:59:c0:2a:fb:52:e8:f6:ac:
                    e0:f6:61:cf:71:ee:0b:4f:18:a2:bb:79:79:90:89:
                    f6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:16:FD:33:03:D2:AD:18:F1:BB:C0:8C:00:61:8C:13:C7:13:F9:5B
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:0d:65:df:6a:3c:4d:0d:dd:a1:24:c3:09:98:cd:62:3f:06:
         57:86:cb:fe:33:27:ef:d2:e9:1d:3a:3d:df:b5:7a:8f:e4:ce:
         e4:82:8d:ad:d3:3f:a1:79:83:f9:5e:25:7f:0b:15:eb:d2:70:
         1a:a5:38:4f:75:db:8b:23:60:d7:65:ab:3d:39:cf:6f:bc:b8:
         ed:ca:f8:89:45:5d:93:5d:c1:9a:4f:82:0a:58:89:46:c1:1b:
         98:f6:bb:35:30:c9:60:cb:f1:e4:61:e0:c8:75:0b:ae:7f:29:
         2e:46:42:92:e6:96:86:04:10:ab:59:e6:1a:4e:72:b4:fe:78:
         0d:3d:a7:cb:09:cb:2a:6b:12:80:b9:ea:5c:80:ef:0c:23:ca:
         95:a2:01:26:74:dc:d2:eb:c0:4b:24:38:74:b5:49:ef:d2:3e:
         12:f4:03:42:5f:06:b1:f4:cb:63:ee:82:7f:fd:1b:e1:d9:2c:
         b3:5d:c2:c4:6f:ea:6a:17:be:95:4c:9d:44:42:98:e2:a6:a7:
         59:eb:b1:48:9d:de:21:4c:02:4e:08:25:a4:44:ac:3d:64:a6:
         b1:30:1f:0a:be:d3:0a:4a:15:3c:90:98:cf:14:09:6c:70:03:
         28:f7:5d:13:5e:24:81:e3:8d:1b:bf:28:c4:b2:5a:16:93:fd:
         03:f4:e8:59
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAum7Rhxi5C/hRuslbtrbC4b/p5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yMzExMDgwOTE2MzRaFw0yNDExMDYwOTIxMzRaMDMxMTAvBgNV
BAMTKEM5MTZGRDMzMDNEMkFEMThGMUJCQzA4QzAwNjE4QzEzQzcxM0Y5NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4N3Ak5kPe1d9pf6S1OIloAjs+
KS310N418CP2HtD3+hxHieHEq5vvT6h5q0CIxqAKqBdFM1bRYCipYdlmJOmIwXD7
4VuRbgNEDlHQEVH1SzR5zsYv/uHlIvRSjHPU0Zy7OsDx1Sra6ZBwE1XdVJFYSyhQ
fB1fQCJaTivp4fXu2ckVs5UdzrQZ1DOjRTWLHjaPBeoRTJweSbPGf3Ls7DsZf8MC
ezICbWBfgYCrpX/anpK1AMsEfy7YoWVf+JGIfWrL8NTEEROzEfzLCwvTCDUU11fu
708YTIEMK29x/SEaJIX7ElvFKvRZwCr7Uuj2rOD2Yc9x7gtPGKK7eXmQifbBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyRb9MwPSrRjxu8CMAGGME8cT+VswHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
OTANBgkqhkiG9w0BAQsFAAOCAQEALQ1l32o8TQ3doSTDCZjNYj8GV4bL/jMn79Lp
HTo937V6j+TO5IKNrdM/oXmD+V4lfwsV69JwGqU4T3XbiyNg12WrPTnPb7y47cr4
iUVdk13Bmk+CCliJRsEbmPa7NTDJYMvx5GHgyHULrn8pLkZCkuaWhgQQq1nmGk5y
tP54DT2nywnLKmsSgLnqXIDvDCPKlaIBJnTc0uvASyQ4dLVJ79I+EvQDQl8GsfTL
Y+6Cf/0b4dkss13CxG/qahe+lUydREKY4qanWeuxSJ3eIUwCTgglpESsPWSmsTAf
Cr7TCkoVPJCYzxQJbHADKPddE14kgeONG78oxLJaFpP9A/ToWQ==
-----END CERTIFICATE-----