Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36312e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          jPNSuSf5Wf8Z2yLXDmp897wmIrwrqCMcJgvZpyEWlyM=
Subject key identifier:   1C:29:81:C8:30:44:47:7E:5E:FB:B6:D9:A5:1D:22:71:C6:99:A6:AC
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       436DD983B98CC081FF832135415EE21A1C014F89
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 10 Sep 2025 09:55:01 +0000
ROA not before:           Wed 10 Sep 2025 09:50:01 +0000
ROA not after:            Wed 09 Sep 2026 09:55:01 +0000
asID:                     61317
IP address blocks:        85.158.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 00:06:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:6d:d9:83:b9:8c:c0:81:ff:83:21:35:41:5e:e2:1a:1c:01:4f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 10 09:50:01 2025 GMT
            Not After : Sep  9 09:55:01 2026 GMT
        Subject: CN=1C2981C83044477E5EFBB6D9A51D2271C699A6AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8d:a2:0a:34:85:02:8c:99:06:16:c6:df:41:
                    8e:9e:59:0b:30:d6:f4:23:88:51:de:1b:59:d1:69:
                    56:c5:77:07:c0:3b:31:53:e2:88:fc:4d:29:84:4c:
                    59:15:9f:a1:82:49:b3:b5:f3:23:06:ce:4e:6b:96:
                    2e:2b:c8:06:62:06:c4:25:2d:23:e2:6d:cd:3f:ca:
                    d4:2d:f5:85:43:e5:0a:5c:12:1e:49:48:24:d7:41:
                    48:f0:46:ab:32:cc:26:a6:4f:85:18:eb:99:58:e4:
                    e3:88:3e:b9:12:85:85:35:50:24:0b:40:e7:be:b0:
                    90:8c:43:e4:f7:28:cb:87:d8:07:32:f4:d4:94:72:
                    c9:fe:d9:ab:a8:d4:cc:51:8a:5d:0f:b3:87:53:b3:
                    aa:31:83:72:ce:c0:f5:9a:86:c7:0f:64:9f:05:71:
                    ff:9f:b0:3c:b3:ba:45:fa:d4:d9:18:89:60:7d:6d:
                    59:8b:9e:4e:e6:db:37:7d:25:04:77:b1:53:ca:37:
                    39:45:82:1d:36:70:46:da:2d:33:86:3d:4f:b9:81:
                    5a:95:3b:de:be:b9:9e:75:40:f4:ee:30:85:65:67:
                    ee:13:10:3f:97:30:5b:0b:c8:7c:11:8a:75:be:f7:
                    63:8b:17:18:72:dc:07:fd:aa:8f:24:0c:25:ea:c0:
                    31:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:29:81:C8:30:44:47:7E:5E:FB:B6:D9:A5:1D:22:71:C6:99:A6:AC
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36312e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:13:84:89:2d:6f:b6:9f:11:41:09:35:91:50:fd:0b:f1:15:
         92:78:4a:67:97:c1:bb:04:41:14:ed:70:d7:ea:ac:3d:e4:14:
         17:30:a6:2a:d0:fa:99:38:30:2b:8b:83:34:21:f7:3a:4a:fb:
         e2:d1:13:17:31:69:33:43:47:b0:cf:70:e4:af:6e:b6:a2:b7:
         9c:94:45:c8:68:5c:ad:81:8d:ad:2a:34:c1:29:de:ea:86:b5:
         cc:9e:20:9b:08:c2:56:5b:42:cb:7b:1d:ce:1d:1c:e8:7b:2b:
         2f:d2:b2:36:ad:07:98:fd:1d:4e:18:3c:60:ea:90:b5:a4:5d:
         40:23:5b:a5:d7:00:59:bd:76:c4:68:2d:c2:ee:b3:05:71:16:
         3e:8d:c0:a9:4c:1c:a3:fe:a9:27:f6:4d:a5:52:c1:39:5b:eb:
         ff:a2:e9:b4:29:8f:f6:7b:a8:90:b3:ce:cd:5e:53:a9:e2:9c:
         5e:89:f5:70:ee:2e:9a:2c:98:2f:09:f4:f0:8c:41:ec:3e:ac:
         94:da:75:c4:ce:89:f7:6a:e9:0e:3e:81:a3:01:d8:b4:aa:83:
         1d:7e:9b:d2:c5:5b:55:fd:c3:16:b5:e8:cc:27:46:fb:c8:9d:
         10:20:59:30:c3:83:a8:d2:b5:1a:87:17:66:bb:3c:6f:dd:ab:
         f1:4f:a7:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQ23Zg7mMwIH/gyE1QV7iGhwBT4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDFaFw0yNjA5MDkwOTU1MDFaMDMxMTAvBgNV
BAMTKDFDMjk4MUM4MzA0NDQ3N0U1RUZCQjZEOUE1MUQyMjcxQzY5OUE2QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgjaIKNIUCjJkGFsbfQY6eWQsw
1vQjiFHeG1nRaVbFdwfAOzFT4oj8TSmETFkVn6GCSbO18yMGzk5rli4ryAZiBsQl
LSPibc0/ytQt9YVD5QpcEh5JSCTXQUjwRqsyzCamT4UY65lY5OOIPrkShYU1UCQL
QOe+sJCMQ+T3KMuH2Acy9NSUcsn+2auo1MxRil0Ps4dTs6oxg3LOwPWahscPZJ8F
cf+fsDyzukX61NkYiWB9bVmLnk7m2zd9JQR3sVPKNzlFgh02cEbaLTOGPU+5gVqV
O96+uZ51QPTuMIVlZ+4TED+XMFsLyHwRinW+92OLFxhy3Af9qo8kDCXqwDFtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHCmByDBER35e+7bZpR0iccaZpqwwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PTANBgkqhkiG9w0BAQsFAAOCAQEAixOEiS1vtp8RQQk1kVD9C/EVknhKZ5fBuwRB
FO1w1+qsPeQUFzCmKtD6mTgwK4uDNCH3Okr74tETFzFpM0NHsM9w5K9utqK3nJRF
yGhcrYGNrSo0wSne6oa1zJ4gmwjCVltCy3sdzh0c6HsrL9KyNq0HmP0dThg8YOqQ
taRdQCNbpdcAWb12xGgtwu6zBXEWPo3AqUwco/6pJ/ZNpVLBOVvr/6LptCmP9nuo
kLPOzV5TqeKcXon1cO4umiyYLwn08IxB7D6slNp1xM6J92rpDj6BowHYtKqDHX6b
0sVbVf3DFrXozCdG+8idECBZMMODqNK1GocXZrs8b92r8U+n8w==
-----END CERTIFICATE-----