Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          AW5T2D7aSGAWHPzm4NHe8UpHtEfdBEgVeljGltALVAg=
Subject key identifier:   77:72:48:3C:6E:7D:D7:B0:31:74:9C:D5:C3:F6:64:2C:FF:81:2E:98
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       33731E791D4CCAFBA825899B30F56D9BF5F5E60D
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 09 Oct 2024 09:43:23 +0000
ROA not before:           Wed 09 Oct 2024 09:38:23 +0000
ROA not after:            Wed 08 Oct 2025 09:43:23 +0000
asID:                     61317
IP address blocks:        85.158.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:73:1e:79:1d:4c:ca:fb:a8:25:89:9b:30:f5:6d:9b:f5:f5:e6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:23 2024 GMT
            Not After : Oct  8 09:43:23 2025 GMT
        Subject: CN=7772483C6E7DD7B031749CD5C3F6642CFF812E98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cf:ca:c8:b2:a7:c5:6c:e6:09:66:22:2f:e9:
                    73:9b:20:39:7e:f6:14:f7:65:cd:b1:b8:cd:36:3b:
                    83:c3:c2:9a:6f:c7:1d:48:5c:d6:bb:67:11:a8:f7:
                    04:6e:9c:5d:f9:31:0e:39:f8:64:02:ba:68:a6:a1:
                    b8:22:37:0a:ca:ef:19:7d:e3:68:59:c4:f9:5b:b9:
                    5d:3f:8a:e3:99:d0:5d:65:e7:48:b4:31:ff:4d:0d:
                    66:d8:ca:2a:6e:a9:59:78:30:c6:9d:39:e4:f8:1e:
                    e4:d4:44:e7:09:63:e9:1c:c7:d5:bf:ce:0b:35:61:
                    81:e5:0a:7e:6a:1b:00:3c:96:cb:b0:06:ba:d1:2a:
                    cd:f8:98:13:1e:72:db:79:c3:c3:e9:89:34:c0:98:
                    fc:8e:87:40:0b:87:04:29:cc:16:d7:4d:f4:44:3c:
                    af:a1:6a:40:c6:8e:0e:4b:4f:af:ca:5c:fa:d5:ea:
                    82:52:f3:a7:e7:ef:9e:10:04:7d:56:1c:36:b4:0c:
                    13:08:78:db:4c:30:c2:72:55:ac:d5:e0:08:95:2c:
                    a1:74:ba:e6:5d:c8:83:51:1e:c9:49:f9:ca:5d:8e:
                    2f:27:ef:31:46:3f:9e:a4:87:24:7a:9d:db:65:fc:
                    7f:ef:b1:e3:dd:25:46:66:3a:23:ad:be:81:90:e0:
                    fe:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:72:48:3C:6E:7D:D7:B0:31:74:9C:D5:C3:F6:64:2C:FF:81:2E:98
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:69:0a:33:44:1d:89:61:dd:9f:f8:a6:0f:ca:82:10:f1:85:
         40:88:0e:a3:8d:a0:70:92:2c:aa:1b:fb:d4:5c:e4:bc:3a:82:
         0f:6e:6d:5e:1d:e0:07:a2:5f:8e:9b:0e:ab:ee:56:96:70:eb:
         34:f2:8d:1f:ab:86:55:ff:16:95:0f:89:3a:b1:30:b8:66:7f:
         99:9b:6b:2e:3f:87:ce:e3:de:f9:99:7e:09:44:72:4b:87:f7:
         6d:af:57:51:fc:74:a5:3d:48:e6:f5:53:53:43:66:51:c7:88:
         2a:08:b1:ec:d6:2c:45:cb:93:bd:99:bc:57:dd:5b:0e:f3:a2:
         e9:dd:ac:b7:74:53:ac:5a:ce:5e:a4:8f:b5:88:b2:3f:14:0e:
         cd:90:ad:b3:10:60:1b:de:a1:17:2a:86:80:19:d3:c6:78:37:
         0a:5b:ca:cf:c3:87:ba:44:d1:58:74:b6:59:40:16:1b:d1:e7:
         fd:0c:ee:7e:13:8a:b0:9a:5c:43:eb:35:fd:8f:92:25:fb:cb:
         c7:57:03:91:f3:d5:dd:5d:93:89:3b:cc:93:d3:56:6b:59:16:
         a1:37:6a:13:f8:48:8f:bf:d9:60:49:4f:fc:57:b1:0f:81:98:
         eb:d3:9f:44:9b:37:3f:3d:61:8b:ec:57:46:b7:b4:53:44:c5:
         94:45:46:a1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUM3MeeR1MyvuoJYmbMPVtm/X15g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjNaFw0yNTEwMDgwOTQzMjNaMDMxMTAvBgNV
BAMTKDc3NzI0ODNDNkU3REQ3QjAzMTc0OUNENUMzRjY2NDJDRkY4MTJFOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkz8rIsqfFbOYJZiIv6XObIDl+
9hT3Zc2xuM02O4PDwppvxx1IXNa7ZxGo9wRunF35MQ45+GQCumimobgiNwrK7xl9
42hZxPlbuV0/iuOZ0F1l50i0Mf9NDWbYyipuqVl4MMadOeT4HuTUROcJY+kcx9W/
zgs1YYHlCn5qGwA8lsuwBrrRKs34mBMectt5w8PpiTTAmPyOh0ALhwQpzBbXTfRE
PK+hakDGjg5LT6/KXPrV6oJS86fn754QBH1WHDa0DBMIeNtMMMJyVazV4AiVLKF0
uuZdyINRHslJ+cpdji8n7zFGP56khyR6ndtl/H/vsePdJUZmOiOtvoGQ4P5nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUd3JIPG5917AxdJzVw/ZkLP+BLpgwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PTANBgkqhkiG9w0BAQsFAAOCAQEAe2kKM0QdiWHdn/imD8qCEPGFQIgOo42gcJIs
qhv71FzkvDqCD25tXh3gB6JfjpsOq+5WlnDrNPKNH6uGVf8WlQ+JOrEwuGZ/mZtr
Lj+HzuPe+Zl+CURyS4f3ba9XUfx0pT1I5vVTU0NmUceIKgix7NYsRcuTvZm8V91b
DvOi6d2st3RTrFrOXqSPtYiyPxQOzZCtsxBgG96hFyqGgBnTxng3ClvKz8OHukTR
WHS2WUAWG9Hn/QzufhOKsJpcQ+s1/Y+SJfvLx1cDkfPV3V2TiTvMk9NWa1kWoTdq
E/hIj7/ZYElP/FexD4GY69OfRJs3Pz1hi+xXRre0U0TFlEVGoQ==
-----END CERTIFICATE-----