Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/38352e3139332e37372e302f32342d3234203d3e20383334.roa
File:                     38352e3139332e37372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dNHpugVvVC8uQYA7rwKEilD7uNHgu86VkwTpGtOrrR0=
Subject key identifier:   81:1D:2B:7B:00:45:FE:B4:1A:E0:ED:67:C8:19:15:7E:EE:A9:C2:45
Certificate issuer:       /CN=ca1437e9f35edc54a3c0cd31167b996e60de1504
Certificate serial:       7CE175F9753776F05C72FF5B93FC9F6992C7BDF2
Authority key identifier: CA:14:37:E9:F3:5E:DC:54:A3:C0:CD:31:16:7B:99:6E:60:DE:15:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yhQ36fNe3FSjwM0xFnuZbmDeFQQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/38352e3139332e37372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 14 Dec 2024 17:36:47 +0000
ROA not before:           Sat 14 Dec 2024 17:31:47 +0000
ROA not after:            Sat 13 Dec 2025 17:36:47 +0000
asID:                     834
IP address blocks:        85.193.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/CA1437E9F35EDC54A3C0CD31167B996E60DE1504.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/CA1437E9F35EDC54A3C0CD31167B996E60DE1504.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yhQ36fNe3FSjwM0xFnuZbmDeFQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:28:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:e1:75:f9:75:37:76:f0:5c:72:ff:5b:93:fc:9f:69:92:c7:bd:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca1437e9f35edc54a3c0cd31167b996e60de1504
        Validity
            Not Before: Dec 14 17:31:47 2024 GMT
            Not After : Dec 13 17:36:47 2025 GMT
        Subject: CN=811D2B7B0045FEB41AE0ED67C819157EEEA9C245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e0:d1:17:71:e6:6c:26:55:1f:15:c4:4e:3d:
                    29:66:4e:da:5d:a8:a4:14:3f:eb:7e:8b:72:cb:63:
                    48:91:cd:d2:13:60:33:5e:df:79:78:45:ee:ed:7b:
                    bc:f0:f4:e8:be:d4:47:40:fb:5a:48:b7:9e:68:cb:
                    81:9c:44:bd:3f:2e:12:ca:2b:7e:9d:16:c0:73:73:
                    2f:b9:ad:6a:f2:b3:e5:b1:36:68:41:6d:be:1d:7e:
                    81:1f:3f:b1:d9:a8:2b:5d:33:13:90:e2:f8:a7:3d:
                    8f:49:1e:78:f0:38:de:8a:c7:61:0a:8e:6b:e7:3e:
                    4e:c3:ad:1c:30:59:82:ad:78:b5:f4:30:a3:23:ba:
                    2d:6a:bc:27:a0:9c:03:57:48:07:21:66:b1:93:b3:
                    ad:cd:94:a1:3a:b9:22:c7:7e:1f:d7:5e:70:6d:a8:
                    b4:3c:a9:27:c4:d5:b1:31:08:f1:92:96:71:55:51:
                    1e:16:3c:26:2e:b5:20:db:cb:88:0c:42:50:7d:5d:
                    ae:c5:85:b5:27:17:53:95:d4:a1:e8:3e:34:45:d4:
                    0a:ce:fa:2c:83:9d:ff:be:dc:a1:f2:f8:e3:33:cb:
                    32:cb:c3:74:07:96:fa:44:1a:42:1a:39:36:fb:c2:
                    77:f9:d3:6e:bf:eb:41:09:0e:ee:e7:1b:8b:7c:fe:
                    1f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1D:2B:7B:00:45:FE:B4:1A:E0:ED:67:C8:19:15:7E:EE:A9:C2:45
            X509v3 Authority Key Identifier:
                keyid:CA:14:37:E9:F3:5E:DC:54:A3:C0:CD:31:16:7B:99:6E:60:DE:15:04

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/CA1437E9F35EDC54A3C0CD31167B996E60DE1504.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yhQ36fNe3FSjwM0xFnuZbmDeFQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/53bd2bc1-4ea6-4bc5-a2a5-97e465472776/0/38352e3139332e37372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:41:54:60:84:0b:d9:a8:4e:5f:9d:ca:ac:82:62:1a:93:f5:
         28:7f:bc:a6:2b:b5:c3:d7:38:3a:e7:63:d4:e3:3f:8f:3e:2b:
         d5:8b:01:fb:a2:88:4f:8a:e8:96:ba:6c:d9:42:81:40:b8:77:
         c0:52:72:f9:5b:a1:20:0c:00:b1:e4:29:4a:d2:8e:37:aa:8a:
         55:00:75:f7:4f:08:c5:77:c8:39:33:57:69:92:2b:e0:29:5f:
         e0:e9:76:b7:70:c2:e1:63:1b:8d:7a:dd:89:d1:31:98:f0:94:
         fc:49:d0:fc:7b:36:43:bc:7f:82:9e:4e:de:d8:42:73:7b:fb:
         d9:d7:95:74:06:d1:ba:76:f4:71:9b:73:71:ff:97:f1:e6:fe:
         4c:fc:5e:aa:70:ed:30:d7:52:99:78:ad:84:1c:ca:46:9e:b1:
         16:00:a6:5f:80:be:16:bb:2b:8a:72:d1:af:9b:49:5c:e2:da:
         16:88:17:e4:0c:1f:88:c4:2e:c3:7e:ed:a8:f5:d0:37:0e:56:
         60:ee:93:ec:02:d4:8e:03:d8:e6:13:25:1e:51:9f:88:11:f4:
         f7:ab:0b:b2:e3:ce:c2:06:30:7f:b0:7f:ef:5a:d6:b2:1d:2e:
         c7:05:b8:43:c6:41:27:75:f3:ca:ff:43:a1:1a:ea:5f:4f:f0:
         20:e3:9d:cf
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfOF1+XU3dvBccv9bk/yfaZLHvfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2ExNDM3ZTlmMzVlZGM1NGEzYzBjZDMxMTY3Yjk5NmU2
MGRlMTUwNDAeFw0yNDEyMTQxNzMxNDdaFw0yNTEyMTMxNzM2NDdaMDMxMTAvBgNV
BAMTKDgxMUQyQjdCMDA0NUZFQjQxQUUwRUQ2N0M4MTkxNTdFRUVBOUMyNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ4NEXceZsJlUfFcROPSlmTtpd
qKQUP+t+i3LLY0iRzdITYDNe33l4Re7te7zw9Oi+1EdA+1pIt55oy4GcRL0/LhLK
K36dFsBzcy+5rWrys+WxNmhBbb4dfoEfP7HZqCtdMxOQ4vinPY9JHnjwON6Kx2EK
jmvnPk7DrRwwWYKteLX0MKMjui1qvCegnANXSAchZrGTs63NlKE6uSLHfh/XXnBt
qLQ8qSfE1bExCPGSlnFVUR4WPCYutSDby4gMQlB9Xa7FhbUnF1OV1KHoPjRF1ArO
+iyDnf++3KHy+OMzyzLLw3QHlvpEGkIaOTb7wnf5026/60EJDu7nG4t8/h/fAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgR0rewBF/rQa4O1nyBkVfu6pwkUwHwYDVR0j
BBgwFoAUyhQ36fNe3FSjwM0xFnuZbmDeFQQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTNiZDJiYzEtNGVhNi00YmM1LWEyYTUtOTdlNDY1NDcy
Nzc2LzAvQ0ExNDM3RTlGMzVFREM1NEEzQzBDRDMxMTY3Qjk5NkU2MERFMTUwNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3loUTM2Zk5lM0ZTandNMHhGbnVaYm1E
ZUZRUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTNiZDJiYzEt
NGVhNi00YmM1LWEyYTUtOTdlNDY1NDcyNzc2LzAvMzgzNTJlMzEzOTMzMmUzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcFNMA0G
CSqGSIb3DQEBCwUAA4IBAQC5QVRghAvZqE5fncqsgmIak/Uof7ymK7XD1zg652PU
4z+PPivViwH7oohPiuiWumzZQoFAuHfAUnL5W6EgDACx5ClK0o43qopVAHX3TwjF
d8g5M1dpkivgKV/g6Xa3cMLhYxuNet2J0TGY8JT8SdD8ezZDvH+Cnk7e2EJze/vZ
15V0BtG6dvRxm3Nx/5fx5v5M/F6qcO0w11KZeK2EHMpGnrEWAKZfgL4WuyuKctGv
m0lc4toWiBfkDB+IxC7Dfu2o9dA3DlZg7pPsAtSOA9jmEyUeUZ+IEfT3qwuy487C
BjB/sH/vWtayHS7HBbhDxkEndfPK/0OhGupfT/Ag453P
-----END CERTIFICATE-----