Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa
File:                     38352e3135382e35392e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          1qyyLeiXTGy3p0yzNbIU31rg8dfXqudLYeO0gvt55AA=
Subject key identifier:   AA:CB:A9:D0:6C:43:F5:9A:62:8F:B0:8A:1A:1E:3A:BA:60:C0:E2:61
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       1AEDB3588A3840EDCE85FD440F45D2427EDA958A
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa
Signing time:             Fri 07 Feb 2025 06:53:53 +0000
ROA not before:           Fri 07 Feb 2025 06:48:53 +0000
ROA not after:            Fri 06 Feb 2026 06:53:53 +0000
asID:                     54252
IP address blocks:        85.158.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ed:b3:58:8a:38:40:ed:ce:85:fd:44:0f:45:d2:42:7e:da:95:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb  7 06:48:53 2025 GMT
            Not After : Feb  6 06:53:53 2026 GMT
        Subject: CN=AACBA9D06C43F59A628FB08A1A1E3ABA60C0E261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:51:ee:d2:a0:bd:9a:14:07:46:ed:0b:70:
                    f0:c0:39:94:5f:40:59:17:e4:b0:b9:57:3f:0b:72:
                    f1:b4:a5:5a:7c:2c:2b:37:39:81:5a:78:16:b5:1d:
                    0f:ba:48:f3:6c:15:7d:54:b7:53:6b:7a:56:34:1c:
                    32:76:3c:2d:82:6e:29:8c:2b:79:de:a2:33:42:1e:
                    56:46:b7:c5:52:1b:91:76:87:d3:aa:35:95:2a:72:
                    cb:34:05:e5:25:ca:d2:e2:cd:35:75:da:09:33:d0:
                    83:44:02:ba:5a:00:61:ea:67:99:4b:02:8b:d5:15:
                    cf:23:58:01:50:3a:dd:7f:ae:91:f8:13:2c:d6:37:
                    4e:a7:d3:6e:a3:d3:56:d4:5a:fd:7b:d4:a9:51:1c:
                    11:0c:ab:6f:68:0d:38:d1:ce:0e:38:40:b8:80:d7:
                    cb:5b:b6:7c:f2:b4:64:2d:be:1e:70:4c:4d:46:e3:
                    cb:16:aa:bc:24:85:a0:fa:6f:bc:1b:e3:2f:aa:11:
                    d0:cc:5c:c6:af:47:77:b5:7d:6d:4a:0e:81:70:c5:
                    07:e1:08:90:ad:8f:aa:98:97:54:1f:ad:7e:47:6c:
                    2e:2d:5d:93:e3:bd:92:5f:58:c4:6d:bd:81:0b:6b:
                    bb:06:85:47:00:95:e8:a2:0f:03:99:e1:ce:42:e3:
                    80:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:CB:A9:D0:6C:43:F5:9A:62:8F:B0:8A:1A:1E:3A:BA:60:C0:E2:61
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e35392e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:05:e8:09:4f:35:b9:f7:b3:d6:07:00:bb:34:0e:09:e1:9e:
         eb:26:45:73:43:b7:57:5b:5a:ad:94:c3:94:9c:4f:16:bc:b0:
         c4:6b:2c:09:96:a2:22:98:85:d2:fc:64:d9:29:9c:ca:3e:a8:
         de:ed:f5:3f:7d:9e:7e:f2:1d:18:df:3e:9a:12:31:b5:d6:bc:
         63:de:7b:05:c6:60:38:1f:d0:e3:06:5c:8a:ed:88:85:77:1c:
         c9:b6:37:da:3a:72:b3:8c:51:6b:56:f0:3a:d7:19:b6:5f:36:
         cc:ca:78:9b:5e:3f:e0:31:41:c7:d1:de:e7:8b:48:2e:74:65:
         f0:da:46:6d:73:90:41:9e:3a:6c:24:4a:a5:69:8e:14:1d:71:
         46:02:28:79:8c:1f:12:c5:60:18:74:38:e2:d4:75:81:bc:08:
         a9:8e:b7:3c:f9:11:eb:25:f0:b3:62:5b:ac:44:e9:ba:51:e8:
         ec:98:83:c5:fa:c0:7b:2e:3b:40:b7:f6:5f:b2:33:4f:80:1a:
         2a:5d:c7:6c:c8:25:cc:9f:60:3e:ec:c7:f2:fd:bd:90:5c:8c:
         fc:78:ca:2b:57:a2:0d:f1:88:aa:5b:0b:8b:40:d2:f4:56:e3:
         28:26:18:0d:3c:d5:a0:b1:d7:95:0b:34:e1:c9:d3:8e:ff:a0:
         95:a8:4a:0b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGu2zWIo4QO3Ohf1ED0XSQn7alYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAyMDcwNjQ4NTNaFw0yNjAyMDYwNjUzNTNaMDMxMTAvBgNV
BAMTKEFBQ0JBOUQwNkM0M0Y1OUE2MjhGQjA4QTFBMUUzQUJBNjBDMEUyNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC4VHu0qC9mhQHRu0LcPDAOZRf
QFkX5LC5Vz8LcvG0pVp8LCs3OYFaeBa1HQ+6SPNsFX1Ut1NrelY0HDJ2PC2CbimM
K3neojNCHlZGt8VSG5F2h9OqNZUqcss0BeUlytLizTV12gkz0INEArpaAGHqZ5lL
AovVFc8jWAFQOt1/rpH4EyzWN06n026j01bUWv171KlRHBEMq29oDTjRzg44QLiA
18tbtnzytGQtvh5wTE1G48sWqrwkhaD6b7wb4y+qEdDMXMavR3e1fW1KDoFwxQfh
CJCtj6qYl1QfrX5HbC4tXZPjvZJfWMRtvYELa7sGhUcAleiiDwOZ4c5C44BPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqsup0GxD9Zpij7CKGh46umDA4mEwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMyMzUzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
OzANBgkqhkiG9w0BAQsFAAOCAQEAcgXoCU81ufez1gcAuzQOCeGe6yZFc0O3V1ta
rZTDlJxPFrywxGssCZaiIpiF0vxk2Smcyj6o3u31P32efvIdGN8+mhIxtda8Y957
BcZgOB/Q4wZciu2IhXccybY32jpys4xRa1bwOtcZtl82zMp4m14/4DFBx9He54tI
LnRl8NpGbXOQQZ46bCRKpWmOFB1xRgIoeYwfEsVgGHQ44tR1gbwIqY63PPkR6yXw
s2JbrETpulHo7JiDxfrAey47QLf2X7IzT4AaKl3HbMglzJ9gPuzH8v29kFyM/HjK
K1eiDfGIqlsLi0DS9FbjKCYYDTzVoLHXlQs04cnTjv+glahKCw==
-----END CERTIFICATE-----