Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e203631333137.roa
File:                     3138352e39332e33352e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          NrNt9NzzB26NoPdjCsQHzDJJpDGB5WJ+J3rKByK+VhU=
Subject key identifier:   AD:24:23:89:96:01:13:AE:5D:5A:B5:E5:4E:1E:B9:3E:26:5A:A4:74
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       13C49CE6B6B157AE1058BE15F601C1E29C6EB4F0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 09 Oct 2024 09:43:22 +0000
ROA not before:           Wed 09 Oct 2024 09:38:22 +0000
ROA not after:            Wed 08 Oct 2025 09:43:22 +0000
asID:                     61317
IP address blocks:        185.93.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c4:9c:e6:b6:b1:57:ae:10:58:be:15:f6:01:c1:e2:9c:6e:b4:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:22 2024 GMT
            Not After : Oct  8 09:43:22 2025 GMT
        Subject: CN=AD242389960113AE5D5AB5E54E1EB93E265AA474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1c:f0:0f:bd:f0:37:62:9b:5e:39:7c:e4:13:
                    0b:1a:68:9b:f5:73:87:d5:81:4f:e7:61:45:2f:8c:
                    b3:de:87:7b:e2:b3:bf:ce:6f:8f:1e:06:06:b6:d2:
                    bd:1a:5c:9c:b5:91:e0:87:db:3c:cf:36:57:3f:1e:
                    d8:60:e9:10:e3:c1:a2:2e:5c:5e:e0:2f:d3:f9:a5:
                    52:7a:ed:25:2b:3f:6a:02:8e:62:1b:55:d0:db:e6:
                    c9:6e:1d:ff:26:af:6a:7d:c4:eb:4e:29:b7:15:00:
                    57:b1:94:b0:60:a5:dc:65:49:db:5c:34:1e:26:dc:
                    7e:2c:ad:01:45:57:1b:f4:9e:6d:c1:50:1b:ec:6b:
                    d7:1f:14:80:bc:bb:32:f4:99:11:69:76:5c:b0:5b:
                    43:fc:f7:41:cd:3a:72:27:56:fb:5a:ea:d2:5d:09:
                    68:a6:f6:d8:e0:e6:5d:6a:87:ad:e5:e5:d7:53:00:
                    70:94:73:4e:9c:a3:38:40:ca:3b:bd:ea:b8:55:37:
                    42:95:d0:6a:83:83:fe:4d:37:80:f3:43:59:75:6a:
                    5a:9b:dd:71:bd:b3:26:7b:72:26:f3:13:a0:fc:ad:
                    4b:5e:84:e9:13:5d:0f:b0:33:b7:19:21:ac:e8:57:
                    e6:5d:76:04:cd:e1:2e:b4:76:8d:8b:1c:49:0d:b9:
                    f3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:24:23:89:96:01:13:AE:5D:5A:B5:E5:4E:1E:B9:3E:26:5A:A4:74
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/3138352e39332e33352e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:54:43:80:fb:f2:fd:e2:9a:36:56:50:9c:90:04:84:87:ca:
         09:57:b1:46:85:1d:69:78:69:ce:02:83:33:c2:bd:cd:e7:08:
         2a:3d:a2:2a:06:20:e8:e0:3f:60:0a:14:90:39:57:77:2b:3c:
         fd:82:4f:b9:41:a8:2f:d3:bd:c0:0c:40:bd:05:09:72:b1:b6:
         2a:68:a7:87:02:cf:c7:9a:77:d4:6f:fd:4a:c7:bd:c3:13:de:
         b0:bc:5f:91:19:ed:1b:2c:a3:cd:af:5a:21:05:1e:49:f8:7b:
         0b:43:ed:e0:3e:27:5a:72:28:f6:9a:6b:7a:8e:fd:66:1c:7d:
         f1:1e:a2:9c:d2:37:f7:36:26:c6:4e:30:79:b7:b0:e9:1d:15:
         df:b5:da:83:a4:f4:d6:65:7c:68:2e:29:85:f7:ec:f3:83:eb:
         f8:04:01:60:c9:59:18:4a:a9:41:44:91:78:26:ef:11:eb:db:
         51:64:57:a8:cd:de:07:10:56:4a:ac:15:91:82:4e:3b:d2:fa:
         54:ce:54:ba:4e:9e:ad:39:09:17:ab:04:14:03:04:44:50:58:
         5e:33:e9:28:f2:d9:41:e0:ac:55:00:c5:40:8f:42:12:48:b0:
         cd:75:11:0f:2e:c8:75:e1:ce:74:bf:44:ea:38:21:34:1c:ab:
         a8:6a:9b:ed
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE8Sc5raxV64QWL4V9gHB4pxutPAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjJaFw0yNTEwMDgwOTQzMjJaMDMxMTAvBgNV
BAMTKEFEMjQyMzg5OTYwMTEzQUU1RDVBQjVFNTRFMUVCOTNFMjY1QUE0NzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtHPAPvfA3YpteOXzkEwsaaJv1
c4fVgU/nYUUvjLPeh3vis7/Ob48eBga20r0aXJy1keCH2zzPNlc/Hthg6RDjwaIu
XF7gL9P5pVJ67SUrP2oCjmIbVdDb5sluHf8mr2p9xOtOKbcVAFexlLBgpdxlSdtc
NB4m3H4srQFFVxv0nm3BUBvsa9cfFIC8uzL0mRFpdlywW0P890HNOnInVvta6tJd
CWim9tjg5l1qh63l5ddTAHCUc06cozhAyju96rhVN0KV0GqDg/5NN4DzQ1l1alqb
3XG9syZ7cibzE6D8rUtehOkTXQ+wM7cZIazoV+ZddgTN4S60do2LHEkNufPvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrSQjiZYBE65dWrXlTh65PiZapHQwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzEzODM1MmUzOTMzMmUzMzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALld
IzANBgkqhkiG9w0BAQsFAAOCAQEAQFRDgPvy/eKaNlZQnJAEhIfKCVexRoUdaXhp
zgKDM8K9zecIKj2iKgYg6OA/YAoUkDlXdys8/YJPuUGoL9O9wAxAvQUJcrG2Kmin
hwLPx5p31G/9Sse9wxPesLxfkRntGyyjza9aIQUeSfh7C0Pt4D4nWnIo9ppreo79
Zhx98R6inNI39zYmxk4webew6R0V37Xag6T01mV8aC4phffs84Pr+AQBYMlZGEqp
QUSReCbvEevbUWRXqM3eBxBWSqwVkYJOO9L6VM5Uuk6erTkJF6sEFAMERFBYXjPp
KPLZQeCsVQDFQI9CEkiwzXURDy7IdeHOdL9E6jghNByrqGqb7Q==
-----END CERTIFICATE-----