Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203239383032.roa
File:                     38352e3230392e31372e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          0K2B87iNGfwJ9jUVp3r1xMrdworqeaWKEe8Ob0M/J7Y=
Subject key identifier:   05:1A:9D:A4:FD:6E:DE:86:94:0C:DB:36:EB:0D:B6:39:12:D2:BB:AB
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       1337EA83C21C1116EBB0424FDEC1C666FBC4B5D9
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203239383032.roa
Signing time:             Sun 17 Sep 2023 04:21:23 +0000
ROA not before:           Sun 17 Sep 2023 04:16:23 +0000
ROA not after:            Sun 15 Sep 2024 04:21:23 +0000
asID:                     29802
IP address blocks:        85.209.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 19:05:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:37:ea:83:c2:1c:11:16:eb:b0:42:4f:de:c1:c6:66:fb:c4:b5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Sep 17 04:16:23 2023 GMT
            Not After : Sep 15 04:21:23 2024 GMT
        Subject: CN=051A9DA4FD6EDE86940CDB36EB0DB63912D2BBAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a2:af:9e:33:a4:1c:10:6e:f2:7e:89:ee:34:
                    5e:1b:be:44:a1:6d:8b:e1:0f:d5:26:f0:3f:e0:95:
                    b3:5c:f9:0c:44:c7:11:9c:3f:4d:89:5b:da:c2:15:
                    0b:b4:15:7c:52:95:ce:f6:d7:11:b6:f3:3c:8b:20:
                    7f:54:aa:12:4e:e3:33:e5:40:84:f0:fb:24:9f:ed:
                    09:5d:00:82:e0:7f:a2:f8:de:b7:42:c8:06:46:d0:
                    b7:9d:d0:b5:02:58:fd:8a:08:d8:2e:59:82:40:a4:
                    f9:95:ce:34:b6:e8:4f:d3:62:df:27:e5:44:7c:9f:
                    1f:fe:d8:49:69:66:c1:65:98:62:7d:4c:8f:63:e4:
                    8d:b5:7d:57:36:0f:c1:ca:db:c6:a2:18:3f:6a:73:
                    0d:ac:e7:06:ba:11:fd:3e:48:b8:ee:d1:54:20:bc:
                    8d:75:c0:1d:48:bc:ed:38:44:7c:56:29:af:a9:9e:
                    3f:78:17:bb:83:7b:b2:e5:51:81:ab:8d:ee:21:ce:
                    d1:3c:66:c5:cc:03:38:f1:c3:f6:63:59:8c:e2:84:
                    ba:20:5f:47:42:b8:51:21:d9:bb:09:7d:70:75:50:
                    f9:c3:bb:9d:7e:7c:54:b7:e9:b9:bf:8e:f6:50:fb:
                    dd:99:34:3b:cf:2b:a5:1e:f2:a8:92:ea:0a:98:58:
                    4d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1A:9D:A4:FD:6E:DE:86:94:0C:DB:36:EB:0D:B6:39:12:D2:BB:AB
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:e8:dc:c5:1c:33:45:fd:2f:ce:07:3e:4d:53:34:40:dd:b6:
         db:5c:ff:a1:d8:ab:d6:93:ff:05:0c:1f:89:89:c5:8c:48:e9:
         84:e9:37:0b:22:6e:f3:cd:0d:2a:1b:39:98:04:37:68:45:15:
         8b:ec:03:39:b2:ac:53:9a:b2:f1:f8:4f:33:b0:06:f4:7a:17:
         2d:01:af:1f:52:44:28:59:74:ca:d1:f2:60:c9:c6:9f:f6:4b:
         61:4a:ed:cc:18:65:c2:ac:c0:f5:95:e3:f8:42:e4:bc:2e:a1:
         75:e5:27:4d:f4:03:b5:4f:92:56:ba:e2:ac:bc:f9:ed:ba:dc:
         89:bd:7c:48:62:87:f4:ce:c6:c7:8e:ba:71:d1:bc:17:bc:35:
         30:eb:ef:8b:1c:a6:de:92:33:c5:2a:81:f7:6e:a9:8d:0e:0d:
         c1:86:7f:14:47:43:44:18:67:a2:85:69:7e:f8:02:86:75:e6:
         17:18:fc:1c:88:00:22:6c:c8:7d:98:90:3f:bd:55:86:aa:1e:
         fc:cf:52:eb:fe:ee:3d:ae:6a:7f:24:31:dd:1a:55:8b:33:a4:
         4e:f1:52:e4:c0:15:d1:6d:dd:f6:fe:2a:88:0c:28:bd:c2:35:
         61:e8:4a:3b:15:69:2d:3e:53:90:da:8c:5a:e9:1b:76:f6:13:
         9e:dd:bf:0c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEzfqg8IcERbrsEJP3sHGZvvEtdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzA5MTcwNDE2MjNaFw0yNDA5MTUwNDIxMjNaMDMxMTAvBgNV
BAMTKDA1MUE5REE0RkQ2RURFODY5NDBDREIzNkVCMERCNjM5MTJEMkJCQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIoq+eM6QcEG7yfonuNF4bvkSh
bYvhD9Um8D/glbNc+QxExxGcP02JW9rCFQu0FXxSlc721xG28zyLIH9UqhJO4zPl
QITw+ySf7QldAILgf6L43rdCyAZG0Led0LUCWP2KCNguWYJApPmVzjS26E/TYt8n
5UR8nx/+2ElpZsFlmGJ9TI9j5I21fVc2D8HK28aiGD9qcw2s5wa6Ef0+SLju0VQg
vI11wB1IvO04RHxWKa+pnj94F7uDe7LlUYGrje4hztE8ZsXMAzjxw/ZjWYzihLog
X0dCuFEh2bsJfXB1UPnDu51+fFS36bm/jvZQ+92ZNDvPK6Ue8qiS6gqYWE17AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBRqdpP1u3oaUDNs26w22ORLSu6swHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
ETANBgkqhkiG9w0BAQsFAAOCAQEAy+jcxRwzRf0vzgc+TVM0QN2221z/odir1pP/
BQwfiYnFjEjphOk3CyJu880NKhs5mAQ3aEUVi+wDObKsU5qy8fhPM7AG9HoXLQGv
H1JEKFl0ytHyYMnGn/ZLYUrtzBhlwqzA9ZXj+ELkvC6hdeUnTfQDtU+SVrrirLz5
7brcib18SGKH9M7Gx466cdG8F7w1MOvvixym3pIzxSqB926pjQ4NwYZ/FEdDRBhn
ooVpfvgChnXmFxj8HIgAImzIfZiQP71Vhqoe/M9S6/7uPa5qfyQx3RpVizOkTvFS
5MAV0W3d9v4qiAwovcI1YehKOxVpLT5TkNqMWukbdvYTnt2/DA==
-----END CERTIFICATE-----