Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          /S4dZ+bIe4K36U0dh4o5F5NaxIL8hq1aQFoHmkhIBWg=
Subject key identifier:   04:CA:72:93:01:91:76:AA:42:50:B8:68:C0:56:22:15:E3:6E:E4:41
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       4646BC72DC0BA3AFD66052A3E66EBBEB7829ECB6
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 08 Nov 2023 09:21:36 +0000
ROA not before:           Wed 08 Nov 2023 09:16:36 +0000
ROA not after:            Wed 06 Nov 2024 09:21:36 +0000
asID:                     61317
IP address blocks:        85.158.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:46:bc:72:dc:0b:a3:af:d6:60:52:a3:e6:6e:bb:eb:78:29:ec:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov  8 09:16:36 2023 GMT
            Not After : Nov  6 09:21:36 2024 GMT
        Subject: CN=04CA7293019176AA4250B868C0562215E36EE441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:64:c3:b8:3e:8e:7b:81:06:83:cd:6b:db:02:
                    68:52:7f:ea:e5:b8:6a:1c:85:f0:fc:c5:90:3a:12:
                    17:33:ed:e9:f6:ea:05:63:52:b2:3a:fb:50:aa:8c:
                    fe:2b:5e:26:11:c8:ca:21:cf:15:ba:cb:7b:e5:0f:
                    ff:9b:be:15:d0:b9:77:82:39:9f:bd:0e:98:8b:59:
                    27:7d:d8:5e:27:87:ca:75:15:86:31:e2:00:4e:6e:
                    0e:40:6a:66:77:74:9e:17:66:4e:29:2b:95:65:3a:
                    b7:40:63:80:20:6c:ca:0f:49:e4:5c:6d:0a:13:a7:
                    cd:b0:cc:7a:d5:f5:c4:e0:25:f2:00:2d:f0:3e:5e:
                    16:b2:5f:76:44:c9:c6:cc:d3:b2:11:89:2d:27:01:
                    82:8e:ac:40:cc:93:34:6f:ed:10:1c:39:a2:99:64:
                    b2:8c:dd:b8:e0:1f:69:c3:da:8c:8e:75:1d:e3:d2:
                    6d:c2:00:bb:03:6e:d6:44:ce:06:77:34:09:63:1f:
                    46:52:76:85:e6:61:73:22:66:3d:90:01:b5:6f:fa:
                    76:90:c7:a8:f9:13:ea:cf:93:7f:92:0b:fd:1f:53:
                    5a:1e:1b:c5:c1:28:74:e2:7c:15:0b:9e:2d:27:74:
                    1e:ac:0b:71:37:b6:c8:f5:61:ef:a3:02:8f:eb:8e:
                    b7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:CA:72:93:01:91:76:AA:42:50:B8:68:C0:56:22:15:E3:6E:E4:41
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:95:dc:18:ea:ff:af:01:ec:55:f5:ed:1c:18:72:ef:c6:ee:
         58:7b:37:44:0b:0d:ad:2d:c5:90:21:be:98:d7:72:b0:5d:5b:
         67:d4:80:d1:19:ee:83:0d:29:e0:ab:df:0c:60:87:08:0c:ac:
         fd:2d:17:cf:06:e4:61:1d:6c:24:c2:3e:e4:bf:e3:09:41:86:
         f0:52:68:4c:8e:e9:05:0e:9a:1f:bd:40:45:ed:b1:9f:97:fa:
         c5:6e:73:77:d4:ab:97:e0:ed:56:25:08:3f:d6:ed:55:a4:ba:
         f3:6b:3a:d1:6d:fa:fb:64:c5:fe:08:60:92:c8:bc:e9:82:5a:
         9d:9f:5f:1a:d7:d3:fa:47:62:de:d0:1a:f3:50:b5:1d:32:0a:
         06:02:60:95:aa:cb:4b:02:cd:7c:f2:8e:14:d9:25:cd:de:1d:
         e8:ad:bf:59:8c:4b:3e:c3:19:d9:86:dd:c4:e7:07:0d:04:c6:
         d0:f1:ad:7f:3a:4d:30:08:d0:f0:23:26:97:63:c7:52:ae:f6:
         46:d7:b4:84:46:b7:78:c3:60:2a:e5:30:ce:17:c2:87:80:09:
         94:2c:7f:f3:03:55:ca:79:2e:05:c5:ff:19:43:95:01:2e:03:
         8c:d0:10:cc:ef:cc:7f:59:61:ec:8f:cd:f8:89:02:2e:2d:9b:
         64:3a:a6:fe
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURka8ctwLo6/WYFKj5m6763gp7LYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yMzExMDgwOTE2MzZaFw0yNDExMDYwOTIxMzZaMDMxMTAvBgNV
BAMTKDA0Q0E3MjkzMDE5MTc2QUE0MjUwQjg2OEMwNTYyMjE1RTM2RUU0NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpZMO4Po57gQaDzWvbAmhSf+rl
uGochfD8xZA6Ehcz7en26gVjUrI6+1CqjP4rXiYRyMohzxW6y3vlD/+bvhXQuXeC
OZ+9DpiLWSd92F4nh8p1FYYx4gBObg5AamZ3dJ4XZk4pK5VlOrdAY4AgbMoPSeRc
bQoTp82wzHrV9cTgJfIALfA+XhayX3ZEycbM07IRiS0nAYKOrEDMkzRv7RAcOaKZ
ZLKM3bjgH2nD2oyOdR3j0m3CALsDbtZEzgZ3NAljH0ZSdoXmYXMiZj2QAbVv+naQ
x6j5E+rPk3+SC/0fU1oeG8XBKHTifBULni0ndB6sC3E3tsj1Ye+jAo/rjrdlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBMpykwGRdqpCULhowFYiFeNu5EEwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PDANBgkqhkiG9w0BAQsFAAOCAQEAJ5XcGOr/rwHsVfXtHBhy78buWHs3RAsNrS3F
kCG+mNdysF1bZ9SA0Rnugw0p4KvfDGCHCAys/S0XzwbkYR1sJMI+5L/jCUGG8FJo
TI7pBQ6aH71ARe2xn5f6xW5zd9Srl+DtViUIP9btVaS682s60W36+2TF/ghgksi8
6YJanZ9fGtfT+kdi3tAa81C1HTIKBgJglarLSwLNfPKOFNklzd4d6K2/WYxLPsMZ
2YbdxOcHDQTG0PGtfzpNMAjQ8CMml2PHUq72Rte0hEa3eMNgKuUwzhfCh4AJlCx/
8wNVynkuBcX/GUOVAS4DjNAQzO/Mf1lh7I/N+IkCLi2bZDqm/g==
-----END CERTIFICATE-----