Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          egY7p6N92wk9qCD5TWS38i8XjllnjburgJ5lQdg+fuE=
Subject key identifier:   AE:62:5A:56:3B:CC:B6:98:F3:2F:1C:D0:AD:23:98:CB:6C:16:65:35
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       2E26994FE2F7DA64ED362E579CEB02E6E153348A
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 09 Oct 2024 09:43:24 +0000
ROA not before:           Wed 09 Oct 2024 09:38:24 +0000
ROA not after:            Wed 08 Oct 2025 09:43:24 +0000
asID:                     61317
IP address blocks:        85.158.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:26:99:4f:e2:f7:da:64:ed:36:2e:57:9c:eb:02:e6:e1:53:34:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:24 2024 GMT
            Not After : Oct  8 09:43:24 2025 GMT
        Subject: CN=AE625A563BCCB698F32F1CD0AD2398CB6C166535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:da:85:4a:45:7e:d1:e8:85:23:f5:2f:e8:c1:
                    cf:0c:97:6f:eb:99:20:8a:90:e3:a7:7b:10:07:e6:
                    ed:b2:3a:b1:b9:08:4b:f1:12:f2:b5:63:b4:51:d0:
                    8d:5f:26:a6:58:1c:e7:99:f9:09:34:f3:24:f1:be:
                    a9:c0:e4:b3:56:17:b0:3a:e0:42:07:75:98:e5:c5:
                    70:20:f7:23:80:46:65:dd:d8:62:61:16:17:50:33:
                    0f:87:fd:48:1a:11:3e:c1:72:77:9b:77:78:a9:af:
                    49:99:f8:08:e4:1f:14:63:fd:a9:cc:e9:79:7d:a5:
                    48:63:27:1b:1b:2f:77:68:25:68:98:5d:c1:ac:20:
                    d9:d6:ce:8a:91:7a:c6:e4:d7:09:2c:5e:85:ff:b4:
                    fa:89:0e:9c:ed:af:3d:69:a2:44:eb:52:dc:24:06:
                    a5:38:82:89:53:c9:77:d3:6b:7e:89:76:e6:6d:fb:
                    93:7e:4c:5d:1e:22:e4:d3:ce:d8:53:33:06:f1:00:
                    e6:37:00:72:32:96:13:8f:79:dd:b3:6e:e9:55:b3:
                    63:99:4b:5e:96:ee:94:0b:b7:9b:05:cf:3f:29:1d:
                    bc:50:af:36:9f:bf:3d:ae:33:4f:c9:38:35:89:03:
                    72:dc:67:73:ce:7d:77:39:11:2f:c0:2d:7d:b4:f9:
                    c3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:62:5A:56:3B:CC:B6:98:F3:2F:1C:D0:AD:23:98:CB:6C:16:65:35
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:f1:26:4e:b3:31:72:b9:93:ba:26:2e:c4:c3:81:f6:8f:5d:
         db:2c:e5:40:90:f2:bb:2b:4a:fc:b1:44:48:32:64:40:e5:32:
         f7:2a:6c:9e:5f:dd:96:89:9c:8e:20:7b:3e:94:4b:d4:2d:19:
         ee:e3:4a:28:70:04:d5:16:c1:e2:33:1b:da:0e:a9:17:3e:0f:
         f0:a8:b3:f5:5c:84:8e:98:eb:ff:b0:b7:19:4a:20:e2:84:7e:
         1a:c2:21:09:30:78:27:c5:83:bd:e3:68:88:cd:cb:56:2d:07:
         a2:6d:25:34:51:91:53:79:c2:cc:41:ba:17:0a:c4:e8:e0:14:
         61:b9:15:bf:c5:15:9a:cb:c2:86:e0:f2:c2:75:02:54:52:d9:
         0f:57:f7:51:b1:e4:71:97:73:29:f1:3a:61:93:6d:6b:b4:61:
         39:ba:94:bf:45:f8:f1:6a:4f:5d:94:a8:56:84:d2:61:4f:f0:
         c7:63:c7:33:27:bc:b2:80:8b:d7:d1:0b:65:ab:ef:23:0a:8d:
         81:15:40:4c:cf:0b:8d:a4:f0:e0:1f:a2:ab:b4:23:53:76:d3:
         6d:d6:42:5b:e0:3e:d0:f4:84:62:8d:d8:f0:9e:b8:8d:12:e5:
         c7:9d:0b:e2:4d:1f:4f:3f:7c:11:11:a4:32:d1:56:30:74:29:
         5b:3a:4b:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULiaZT+L32mTtNi5XnOsC5uFTNIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjRaFw0yNTEwMDgwOTQzMjRaMDMxMTAvBgNV
BAMTKEFFNjI1QTU2M0JDQ0I2OThGMzJGMUNEMEFEMjM5OENCNkMxNjY1MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2oVKRX7R6IUj9S/owc8Ml2/r
mSCKkOOnexAH5u2yOrG5CEvxEvK1Y7RR0I1fJqZYHOeZ+Qk08yTxvqnA5LNWF7A6
4EIHdZjlxXAg9yOARmXd2GJhFhdQMw+H/UgaET7Bcnebd3ipr0mZ+AjkHxRj/anM
6Xl9pUhjJxsbL3doJWiYXcGsINnWzoqResbk1wksXoX/tPqJDpztrz1pokTrUtwk
BqU4golTyXfTa36JduZt+5N+TF0eIuTTzthTMwbxAOY3AHIylhOPed2zbulVs2OZ
S16W7pQLt5sFzz8pHbxQrzafvz2uM0/JODWJA3LcZ3POfXc5ES/ALX20+cM1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrmJaVjvMtpjzLxzQrSOYy2wWZTUwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PDANBgkqhkiG9w0BAQsFAAOCAQEAUPEmTrMxcrmTuiYuxMOB9o9d2yzlQJDyuytK
/LFESDJkQOUy9ypsnl/dlomcjiB7PpRL1C0Z7uNKKHAE1RbB4jMb2g6pFz4P8Kiz
9VyEjpjr/7C3GUog4oR+GsIhCTB4J8WDveNoiM3LVi0Hom0lNFGRU3nCzEG6FwrE
6OAUYbkVv8UVmsvChuDywnUCVFLZD1f3UbHkcZdzKfE6YZNta7RhObqUv0X48WpP
XZSoVoTSYU/wx2PHMye8soCL19ELZavvIwqNgRVATM8LjaTw4B+iq7QjU3bTbdZC
W+A+0PSEYo3Y8J64jRLlx50L4k0fTz98ERGkMtFWMHQpWzpLPA==
-----END CERTIFICATE-----