Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa
File:                     38352e3135382e35392e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          FTTgynpKurnrMo6v5UC0d8CxweicxakjqKnXX3akymE=
Subject key identifier:   9C:2E:55:14:7A:46:F2:A0:BB:6F:D9:02:1C:62:67:E6:F1:D6:4D:45
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       62410D4110618F9EF11E8A1D267F7D1EF84D84CF
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa
Signing time:             Fri 08 Mar 2024 05:59:46 +0000
ROA not before:           Fri 08 Mar 2024 05:54:46 +0000
ROA not after:            Fri 07 Mar 2025 05:59:46 +0000
asID:                     54252
IP address blocks:        85.158.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:41:0d:41:10:61:8f:9e:f1:1e:8a:1d:26:7f:7d:1e:f8:4d:84:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Mar  8 05:54:46 2024 GMT
            Not After : Mar  7 05:59:46 2025 GMT
        Subject: CN=9C2E55147A46F2A0BB6FD9021C6267E6F1D64D45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3a:7f:0e:ee:b2:3a:2c:29:e7:24:8e:d5:26:
                    09:be:28:db:02:78:fd:37:88:df:99:32:98:bc:20:
                    83:07:d6:5d:60:9c:44:d7:6d:6d:ce:ec:4a:7d:49:
                    fd:c6:c1:d1:0f:18:84:cd:62:6a:59:a5:5e:bd:4a:
                    16:53:af:fe:13:ca:d2:f6:f5:b2:69:18:ca:27:46:
                    56:b5:10:f7:08:1e:d7:c0:b2:7b:da:3a:6b:5a:76:
                    61:3a:e9:a4:50:54:6f:5c:20:9d:82:c6:dc:d6:6e:
                    58:af:26:6c:87:d6:8d:e5:ee:5c:0d:c4:03:0c:2a:
                    51:6c:4e:a5:34:07:85:9c:07:f7:2e:c0:3e:90:b9:
                    9a:29:7e:73:a6:bf:9f:69:31:66:bd:bd:cb:5e:f1:
                    f5:27:f8:09:6e:e4:41:10:fd:96:28:63:11:9c:6e:
                    da:73:51:27:80:65:c9:80:d2:f4:ba:5c:e3:bb:7a:
                    71:a4:b5:a0:d2:1a:54:f0:14:cd:ec:94:fe:3a:f9:
                    14:2b:02:eb:4c:83:30:42:8d:48:fc:e8:48:54:64:
                    ed:dc:4f:97:0e:67:2c:69:1a:58:5c:4d:f6:f1:9e:
                    9e:72:86:e5:11:7d:fa:88:cd:90:40:65:f0:e9:90:
                    47:85:1b:1c:64:84:b5:c2:d5:85:3b:5f:e9:4a:60:
                    ab:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:2E:55:14:7A:46:F2:A0:BB:6F:D9:02:1C:62:67:E6:F1:D6:4D:45
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:4c:8e:85:2a:bc:2d:b3:e8:b3:46:4a:88:d0:b9:d2:56:73:
         28:cb:29:fc:5a:7d:70:fc:84:7f:8e:b3:da:f4:b8:4d:1e:38:
         57:9e:ea:1a:d6:f4:94:5b:82:ad:8d:ce:82:1d:57:d6:9a:da:
         0a:9a:ae:bc:c0:c8:57:c2:7b:73:66:3a:45:3d:b1:53:ac:c5:
         a4:d6:4f:b9:72:51:15:1c:67:e9:7b:b6:bd:6e:84:11:e0:8d:
         b0:50:47:97:7e:b9:97:b0:d4:d3:bc:6f:ce:98:88:c8:4e:ef:
         99:ee:04:96:23:b3:27:b6:00:ef:d9:24:46:ba:f3:f5:ee:2a:
         7a:56:a0:80:11:66:26:e4:10:9c:cc:ff:28:7b:8f:9c:19:ad:
         0b:6c:d2:bb:eb:50:d7:70:36:fb:3e:1f:d2:9b:96:35:4d:1e:
         d0:e0:db:df:3c:ec:56:fa:22:d7:c2:40:ba:67:36:b0:8e:e1:
         48:82:ba:7f:26:b7:92:fb:39:cb:15:70:7d:67:9c:8f:1b:fd:
         1a:21:d2:6d:22:d1:97:d9:c3:26:41:27:05:5b:3c:3f:ff:6d:
         31:e6:54:2d:3b:5c:bd:de:17:97:88:14:6b:da:7b:46:9a:cc:
         b1:38:34:21:b0:72:5a:57:7f:3c:d3:76:fa:32:8d:a8:fe:b3:
         3c:b7:e9:8f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYkENQRBhj57xHoodJn99HvhNhM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDAzMDgwNTU0NDZaFw0yNTAzMDcwNTU5NDZaMDMxMTAvBgNV
BAMTKDlDMkU1NTE0N0E0NkYyQTBCQjZGRDkwMjFDNjI2N0U2RjFENjRENDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClOn8O7rI6LCnnJI7VJgm+KNsC
eP03iN+ZMpi8IIMH1l1gnETXbW3O7Ep9Sf3GwdEPGITNYmpZpV69ShZTr/4TytL2
9bJpGMonRla1EPcIHtfAsnvaOmtadmE66aRQVG9cIJ2CxtzWblivJmyH1o3l7lwN
xAMMKlFsTqU0B4WcB/cuwD6QuZopfnOmv59pMWa9vcte8fUn+Alu5EEQ/ZYoYxGc
btpzUSeAZcmA0vS6XOO7enGktaDSGlTwFM3slP46+RQrAutMgzBCjUj86EhUZO3c
T5cOZyxpGlhcTfbxnp5yhuURffqIzZBAZfDpkEeFGxxkhLXC1YU7X+lKYKs1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnC5VFHpG8qC7b9kCHGJn5vHWTUUwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMyMzUzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
OzANBgkqhkiG9w0BAQsFAAOCAQEAUEyOhSq8LbPos0ZKiNC50lZzKMsp/Fp9cPyE
f46z2vS4TR44V57qGtb0lFuCrY3Ogh1X1praCpquvMDIV8J7c2Y6RT2xU6zFpNZP
uXJRFRxn6Xu2vW6EEeCNsFBHl365l7DU07xvzpiIyE7vme4EliOzJ7YA79kkRrrz
9e4qelaggBFmJuQQnMz/KHuPnBmtC2zSu+tQ13A2+z4f0puWNU0e0ODb3zzsVvoi
18JAumc2sI7hSIK6fya3kvs5yxVwfWecjxv9GiHSbSLRl9nDJkEnBVs8P/9tMeZU
LTtcvd4Xl4gUa9p7RprMsTg0IbByWld/PNN2+jKNqP6zPLfpjw==
-----END CERTIFICATE-----