Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35382e302f32342d3234203d3e20383334.roa
File:                     38352e3135382e35382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          SIbmRaziwbt/HFQbv56hGUbfAdku2mpMOkk9/B6bnFU=
Subject key identifier:   12:36:71:99:5B:A8:6F:AC:8E:8B:C7:BD:50:74:01:6D:B5:58:BA:D4
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       609AEEE42DC287F6BA5BF3787BFE32B7FDBE8717
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35382e302f32342d3234203d3e20383334.roa
Signing time:             Tue 30 Apr 2024 00:02:03 +0000
ROA not before:           Mon 29 Apr 2024 23:57:03 +0000
ROA not after:            Tue 29 Apr 2025 00:02:03 +0000
asID:                     834
IP address blocks:        85.158.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 17:11:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:9a:ee:e4:2d:c2:87:f6:ba:5b:f3:78:7b:fe:32:b7:fd:be:87:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Apr 29 23:57:03 2024 GMT
            Not After : Apr 29 00:02:03 2025 GMT
        Subject: CN=123671995BA86FAC8E8BC7BD5074016DB558BAD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:68:c5:65:d3:e4:41:3a:79:78:4d:ed:82:40:
                    13:2d:47:cb:16:24:25:bf:c9:f9:cf:38:09:74:12:
                    72:bb:6d:71:56:37:81:6b:e1:bd:31:b0:65:9c:f6:
                    d9:69:94:ea:1b:45:2f:cf:47:ec:ef:a5:39:48:8e:
                    be:0a:69:ef:84:57:c1:ff:05:70:ef:13:7f:a1:a0:
                    9a:63:87:b6:53:a7:ee:e4:c3:47:b3:27:ef:5b:d1:
                    c6:b6:42:75:cd:dd:5e:9b:02:d3:1b:b1:70:7c:8f:
                    32:db:55:34:cc:2e:5a:40:56:01:d7:06:83:5b:96:
                    a9:14:b7:62:cf:24:7d:f4:14:33:35:e3:34:6c:8c:
                    d6:c9:1e:7b:86:3e:46:9b:ad:01:2e:f9:0b:77:cd:
                    ca:75:12:7e:3e:31:46:22:87:e1:fc:6f:3d:ca:11:
                    26:ac:a3:56:d8:42:32:e9:0a:eb:69:20:3b:80:d7:
                    57:34:3c:79:0a:00:c5:fe:19:25:65:bc:59:9a:e1:
                    67:89:84:0a:10:8b:19:3e:ae:9d:20:e6:d0:9c:73:
                    3b:43:29:b0:8b:b2:81:db:59:0d:05:39:8d:e5:fb:
                    8b:ee:c9:2f:39:82:a5:69:f4:56:93:57:60:27:2c:
                    34:97:e7:90:14:0f:06:2f:21:b4:e4:1e:b0:f5:6a:
                    b6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:36:71:99:5B:A8:6F:AC:8E:8B:C7:BD:50:74:01:6D:B5:58:BA:D4
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ab:5d:90:29:9b:e3:ea:e8:78:aa:b9:7e:e4:f6:63:4e:29:
         84:44:d3:79:4a:9c:7e:4f:fe:75:b7:97:f5:f3:91:95:9e:f0:
         99:e2:10:7b:79:02:e1:5e:28:97:fd:0f:e4:e2:2e:26:c3:aa:
         a3:f9:66:41:da:75:7d:87:81:be:44:59:7c:22:57:2c:bd:30:
         76:e9:e8:76:43:2b:85:2f:01:d7:22:20:0d:d3:18:f1:02:fc:
         dc:6e:ad:60:53:f8:34:0e:c0:22:f5:54:40:19:65:cc:b8:1b:
         f6:f6:8a:48:ac:4d:67:73:e1:21:9f:20:8a:77:9e:26:9e:62:
         38:69:87:77:9d:ab:27:8f:12:68:d2:b5:aa:31:5e:41:b5:14:
         30:d1:26:21:2a:9b:14:a3:da:40:8f:df:0c:02:9d:81:9a:f9:
         d6:d7:10:13:89:e7:dc:63:1a:7a:85:09:ef:be:ff:d9:ed:65:
         84:76:a0:24:17:ed:82:8a:fc:0c:72:50:0a:bf:04:1c:3f:5b:
         47:b9:b0:f2:c4:be:f4:4b:7b:45:5b:7b:00:a6:35:77:25:85:
         d6:35:78:00:fd:81:ba:0f:01:05:8e:fd:76:23:ee:cb:69:14:
         e5:98:40:83:24:94:f0:79:f3:86:e8:77:75:06:79:32:61:a4:
         b4:94:ac:69
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYJru5C3Ch/a6W/N4e/4yt/2+hxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA0MjkyMzU3MDNaFw0yNTA0MjkwMDAyMDNaMDMxMTAvBgNV
BAMTKDEyMzY3MTk5NUJBODZGQUM4RThCQzdCRDUwNzQwMTZEQjU1OEJBRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClaMVl0+RBOnl4Te2CQBMtR8sW
JCW/yfnPOAl0EnK7bXFWN4Fr4b0xsGWc9tlplOobRS/PR+zvpTlIjr4Kae+EV8H/
BXDvE3+hoJpjh7ZTp+7kw0ezJ+9b0ca2QnXN3V6bAtMbsXB8jzLbVTTMLlpAVgHX
BoNblqkUt2LPJH30FDM14zRsjNbJHnuGPkabrQEu+Qt3zcp1En4+MUYih+H8bz3K
ESaso1bYQjLpCutpIDuA11c0PHkKAMX+GSVlvFma4WeJhAoQixk+rp0g5tCccztD
KbCLsoHbWQ0FOY3l+4vuyS85gqVp9FaTV2AnLDSX55AUDwYvIbTkHrD1arZVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUEjZxmVuob6yOi8e9UHQBbbVYutQwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ46MA0G
CSqGSIb3DQEBCwUAA4IBAQBsq12QKZvj6uh4qrl+5PZjTimERNN5Spx+T/51t5f1
85GVnvCZ4hB7eQLhXiiX/Q/k4i4mw6qj+WZB2nV9h4G+RFl8IlcsvTB26eh2QyuF
LwHXIiAN0xjxAvzcbq1gU/g0DsAi9VRAGWXMuBv29opIrE1nc+EhnyCKd54mnmI4
aYd3nasnjxJo0rWqMV5BtRQw0SYhKpsUo9pAj98MAp2BmvnW1xATiefcYxp6hQnv
vv/Z7WWEdqAkF+2CivwMclAKvwQcP1tHubDyxL70S3tFW3sApjV3JYXWNXgA/YG6
DwEFjv12I+7LaRTlmECDJJTwefOG6Hd1BnkyYaS0lKxp
-----END CERTIFICATE-----