Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35362e302f32342d3234203d3e20323131333733.roa
File:                     38352e3135382e35362e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          03v1ZHpn2dPxaU7GFS9z/QIadn91uNGRBmmh4QRDZDE=
Subject key identifier:   E7:60:80:FA:33:20:14:E8:14:67:B9:56:A3:B1:A0:0B:95:38:8C:80
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       2225D28B2804E4128B47BBF4A3155C27C11EE573
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35362e302f32342d3234203d3e20323131333733.roa
Signing time:             Wed 09 Oct 2024 09:43:24 +0000
ROA not before:           Wed 09 Oct 2024 09:38:24 +0000
ROA not after:            Wed 08 Oct 2025 09:43:24 +0000
asID:                     211373
IP address blocks:        85.158.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Dec 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:25:d2:8b:28:04:e4:12:8b:47:bb:f4:a3:15:5c:27:c1:1e:e5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:24 2024 GMT
            Not After : Oct  8 09:43:24 2025 GMT
        Subject: CN=E76080FA332014E81467B956A3B1A00B95388C80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:23:f2:87:7d:db:4a:c5:49:c9:ca:a0:ff:bc:
                    d9:43:aa:d5:2f:eb:bc:28:d4:e4:3d:60:f6:c7:60:
                    39:72:ea:76:2b:48:83:13:b1:28:1b:c1:bc:01:ad:
                    30:26:64:df:eb:f9:6d:99:38:3c:19:71:53:c7:6d:
                    02:c3:91:bc:22:c5:be:ee:80:1a:09:00:88:0e:c7:
                    e5:21:f1:ff:af:91:aa:4e:b9:3c:98:71:e9:57:18:
                    cd:59:d3:c1:7e:84:2a:24:d7:86:57:ad:02:e3:65:
                    02:9b:39:47:03:71:d3:ac:5b:8c:ee:06:de:bf:41:
                    bd:7b:81:a8:bb:6d:f4:cf:aa:b1:39:5a:9c:c3:72:
                    c7:82:cb:2c:48:08:00:5f:f8:00:70:7b:38:de:70:
                    48:98:2a:49:79:62:ae:f7:2c:58:0f:4c:fe:97:c9:
                    2a:25:0e:92:22:c2:06:b9:05:b6:4e:0f:c1:cf:24:
                    39:ca:22:02:89:e0:9c:94:a3:65:54:a7:02:bc:37:
                    12:61:be:76:a6:8c:86:ed:34:13:56:6c:41:27:e7:
                    9f:5b:cd:1c:5a:b1:52:18:e1:b1:21:99:4e:3f:94:
                    b6:d2:0f:73:03:89:7f:46:85:e8:4e:06:29:82:53:
                    7f:60:25:fd:ac:20:ec:c2:6e:b8:43:3c:e9:98:7c:
                    f4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:60:80:FA:33:20:14:E8:14:67:B9:56:A3:B1:A0:0B:95:38:8C:80
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35362e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:73:a9:84:c0:9b:af:89:58:77:a5:4f:85:c2:90:c6:5a:70:
         85:4a:af:29:85:52:3a:75:cb:b4:ed:1f:b3:dd:bc:76:83:a4:
         d7:3d:41:5d:16:d0:a6:5b:0e:4b:37:61:a7:38:0e:7d:85:57:
         98:14:e6:bf:4f:f0:67:55:fd:3b:6d:25:30:48:a0:fb:57:95:
         c5:c5:d2:bd:20:a3:cb:19:87:e9:58:32:32:bf:25:56:51:60:
         50:26:d9:cb:39:b4:e2:7f:7e:ae:aa:ae:29:49:81:de:c7:cb:
         d9:b2:c2:4d:ca:eb:9b:fd:62:aa:62:b0:5d:d8:d6:97:92:cc:
         d4:cc:4a:d4:7e:e3:58:a2:f3:b2:8e:14:22:75:77:79:a2:10:
         af:46:ee:e0:22:82:85:6f:b7:60:48:80:80:fd:54:d7:ec:26:
         0a:19:a2:08:08:4a:32:f3:fd:d1:0e:17:16:83:e6:db:d8:00:
         21:80:b7:f4:4e:e5:58:51:15:46:dd:cd:31:e2:3b:d0:b7:3a:
         e0:26:9d:a3:85:b7:48:42:39:5c:28:ec:5b:45:7e:91:a7:f6:
         11:ba:dc:7e:ed:53:8b:e7:6a:0c:53:c6:94:d1:67:bc:67:0f:
         9c:b1:df:25:ee:99:07:2b:92:a1:b2:39:cd:e7:30:f1:9c:6f:
         64:ca:dd:61
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUIiXSiygE5BKLR7v0oxVcJ8Ee5XMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjRaFw0yNTEwMDgwOTQzMjRaMDMxMTAvBgNV
BAMTKEU3NjA4MEZBMzMyMDE0RTgxNDY3Qjk1NkEzQjFBMDBCOTUzODhDODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFI/KHfdtKxUnJyqD/vNlDqtUv
67wo1OQ9YPbHYDly6nYrSIMTsSgbwbwBrTAmZN/r+W2ZODwZcVPHbQLDkbwixb7u
gBoJAIgOx+Uh8f+vkapOuTyYcelXGM1Z08F+hCok14ZXrQLjZQKbOUcDcdOsW4zu
Bt6/Qb17gai7bfTPqrE5WpzDcseCyyxICABf+ABwezjecEiYKkl5Yq73LFgPTP6X
ySolDpIiwga5BbZOD8HPJDnKIgKJ4JyUo2VUpwK8NxJhvnamjIbtNBNWbEEn559b
zRxasVIY4bEhmU4/lLbSD3MDiX9GhehOBimCU39gJf2sIOzCbrhDPOmYfPRbAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU52CA+jMgFOgUZ7lWo7GgC5U4jIAwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMxMzMzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VZ44MA0GCSqGSIb3DQEBCwUAA4IBAQAIc6mEwJuviVh3pU+FwpDGWnCFSq8phVI6
dcu07R+z3bx2g6TXPUFdFtCmWw5LN2GnOA59hVeYFOa/T/BnVf07bSUwSKD7V5XF
xdK9IKPLGYfpWDIyvyVWUWBQJtnLObTif36uqq4pSYHex8vZssJNyuub/WKqYrBd
2NaXkszUzErUfuNYovOyjhQidXd5ohCvRu7gIoKFb7dgSICA/VTX7CYKGaIICEoy
8/3RDhcWg+bb2AAhgLf0TuVYURVG3c0x4jvQtzrgJp2jhbdIQjlcKOxbRX6Rp/YR
utx+7VOL52oMU8aU0We8Zw+csd8l7pkHK5KhsjnN5zDxnG9kyt1h
-----END CERTIFICATE-----
Generated at Fri Dec 13 14:11:20 2024 by rpki-client on console-fra.rpki-client.org