Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e20383334.roa
File:                     38352e3135382e35372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CkhQqNgmDSk1Gz4ugsO4dax7TtAbKxkYTo2DoY3uvPE=
Subject key identifier:   EF:28:E4:E3:B1:A6:AD:C9:89:AA:3C:DC:B2:F2:46:3E:C0:82:66:18
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       4EBDB603EBED43A1757340B4E1FBBF615DCE7A93
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e20383334.roa
Signing time:             Sun 19 Jan 2025 00:02:57 +0000
ROA not before:           Sat 18 Jan 2025 23:57:57 +0000
ROA not after:            Sun 18 Jan 2026 00:02:57 +0000
asID:                     834
IP address blocks:        85.158.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:bd:b6:03:eb:ed:43:a1:75:73:40:b4:e1:fb:bf:61:5d:ce:7a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan 18 23:57:57 2025 GMT
            Not After : Jan 18 00:02:57 2026 GMT
        Subject: CN=EF28E4E3B1A6ADC989AA3CDCB2F2463EC0826618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:45:81:39:95:80:12:02:22:39:28:33:e0:fa:
                    6b:91:14:c0:76:f1:ea:20:1a:8e:22:77:e6:2e:7d:
                    e6:d5:df:c9:e7:9f:42:ba:db:11:d8:84:8a:5c:01:
                    2d:d0:6f:dc:ef:46:05:5a:13:6f:02:9f:9b:07:28:
                    06:07:2a:9d:c9:82:27:9c:9d:d8:e5:f8:f1:25:ac:
                    38:a9:48:42:f4:a2:0b:f6:37:93:aa:e5:4a:2f:34:
                    38:74:61:e8:93:1f:4c:be:9b:38:99:35:11:e6:07:
                    22:e9:96:36:19:f6:96:fa:51:f3:fa:cb:cd:77:b3:
                    03:df:b4:c6:38:68:02:fd:76:4d:b3:22:f9:08:de:
                    47:69:f1:e0:29:96:b5:0e:de:ec:fe:2d:b5:d5:a1:
                    6b:f0:04:27:c6:34:1d:db:98:1a:cb:d8:b5:8e:20:
                    8d:60:98:a6:b5:5e:d4:69:4f:cf:37:f6:ed:dc:c5:
                    6a:04:f1:33:48:8f:42:60:7d:3a:68:23:6d:e8:9b:
                    d3:5b:a5:67:83:50:de:e5:ca:ee:2e:16:d8:ef:8b:
                    9e:48:7d:b6:b1:b9:17:43:61:b4:77:56:f2:cf:2a:
                    36:ec:28:0a:bb:78:5b:1f:d7:3e:33:ad:ec:a5:20:
                    16:04:c4:c2:e4:7b:be:41:1c:dc:84:05:b0:fd:7d:
                    b8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:28:E4:E3:B1:A6:AD:C9:89:AA:3C:DC:B2:F2:46:3E:C0:82:66:18
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e3:65:c5:a4:70:45:5d:cf:11:3e:ae:c3:a2:ff:3f:02:a0:
         50:56:88:f1:68:ac:66:70:08:24:34:6c:7d:b4:80:2d:ab:37:
         49:28:bc:5d:c5:6e:b8:50:94:eb:3e:09:42:ef:91:91:60:56:
         58:6c:39:0e:56:7b:82:f1:cc:82:e3:97:f5:47:86:11:25:b4:
         0b:7f:d8:2c:51:8d:67:16:bd:be:8c:f5:bb:a6:9e:95:15:e9:
         f1:c1:2d:75:96:dc:b6:fc:f5:c8:76:8d:84:fa:86:0e:1f:3b:
         00:87:73:f1:ca:83:7e:9d:19:8a:cb:43:46:55:e6:d8:18:be:
         36:6e:9c:dc:79:c2:72:fe:c4:1a:cd:fd:59:ab:4a:96:99:b0:
         b7:94:c7:cf:6f:b8:56:c1:9a:3d:2b:e6:50:78:d6:d1:8b:15:
         06:e5:4d:69:97:f8:8f:51:33:61:1e:af:32:14:30:6b:24:13:
         3a:6e:b3:e4:a8:9e:c8:c3:68:37:dc:e1:e9:75:59:53:bd:2f:
         79:9e:b4:32:54:28:68:ce:a0:82:af:6d:e0:24:0e:89:0b:7d:
         76:2e:6a:10:0d:58:c5:bc:49:54:d9:a2:a8:4d:16:cf:57:b3:
         42:2c:4a:72:c8:53:57:88:0d:d0:44:0f:3f:3a:68:b7:05:ae:
         3f:3a:02:6a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUTr22A+vtQ6F1c0C04fu/YV3OepMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMTgyMzU3NTdaFw0yNjAxMTgwMDAyNTdaMDMxMTAvBgNV
BAMTKEVGMjhFNEUzQjFBNkFEQzk4OUFBM0NEQ0IyRjI0NjNFQzA4MjY2MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnRYE5lYASAiI5KDPg+muRFMB2
8eogGo4id+YufebV38nnn0K62xHYhIpcAS3Qb9zvRgVaE28Cn5sHKAYHKp3Jgiec
ndjl+PElrDipSEL0ogv2N5Oq5UovNDh0YeiTH0y+mziZNRHmByLpljYZ9pb6UfP6
y813swPftMY4aAL9dk2zIvkI3kdp8eAplrUO3uz+LbXVoWvwBCfGNB3bmBrL2LWO
II1gmKa1XtRpT8839u3cxWoE8TNIj0JgfTpoI23om9NbpWeDUN7lyu4uFtjvi55I
fbaxuRdDYbR3VvLPKjbsKAq7eFsf1z4zreylIBYExMLke75BHNyEBbD9fbglAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU7yjk47GmrcmJqjzcsvJGPsCCZhgwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ45MA0G
CSqGSIb3DQEBCwUAA4IBAQAn42XFpHBFXc8RPq7Dov8/AqBQVojxaKxmcAgkNGx9
tIAtqzdJKLxdxW64UJTrPglC75GRYFZYbDkOVnuC8cyC45f1R4YRJbQLf9gsUY1n
Fr2+jPW7pp6VFenxwS11lty2/PXIdo2E+oYOHzsAh3PxyoN+nRmKy0NGVebYGL42
bpzcecJy/sQazf1Zq0qWmbC3lMfPb7hWwZo9K+ZQeNbRixUG5U1pl/iPUTNhHq8y
FDBrJBM6brPkqJ7Iw2g33OHpdVlTvS95nrQyVChozqCCr23gJA6JC312LmoQDVjF
vElU2aKoTRbPV7NCLEpyyFNXiA3QRA8/Omi3Ba4/OgJq
-----END CERTIFICATE-----