Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36322e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Z8cQk1sC1mZIUTn3C1QKjvW7FQTVaU51Ck0+ICuPGLA=
Subject key identifier:   9D:C3:08:CF:19:D3:F9:88:AE:97:5D:DF:5F:EC:FF:47:A3:04:A4:AC
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       7BD1C7E953D881730398614C5A667C6D2C47D3E7
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 10 Sep 2025 09:55:01 +0000
ROA not before:           Wed 10 Sep 2025 09:50:01 +0000
ROA not after:            Wed 09 Sep 2026 09:55:01 +0000
asID:                     61317
IP address blocks:        85.158.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d1:c7:e9:53:d8:81:73:03:98:61:4c:5a:66:7c:6d:2c:47:d3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 10 09:50:01 2025 GMT
            Not After : Sep  9 09:55:01 2026 GMT
        Subject: CN=9DC308CF19D3F988AE975DDF5FECFF47A304A4AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7c:f4:e3:e4:73:0b:ca:46:43:04:6c:2f:95:
                    05:02:41:be:2c:aa:71:4e:d9:5e:2b:72:71:d5:fd:
                    82:82:fe:28:36:47:92:c5:48:65:c2:f6:2a:57:7e:
                    c6:0f:e9:a5:d7:48:96:cc:92:8c:d1:48:d6:39:6e:
                    d5:b8:53:34:d7:52:81:70:f2:70:84:77:d0:a3:3d:
                    4d:9a:3e:62:5f:d0:4d:11:c0:2d:42:35:60:53:bf:
                    a7:3a:51:67:93:4e:e2:85:c5:ce:11:8e:5b:c6:d7:
                    63:f4:4a:b1:c8:8b:be:3f:5b:a0:2b:1e:05:2d:22:
                    da:ce:89:ef:c9:35:9e:3f:f1:84:b6:24:86:ce:88:
                    8f:ef:c0:df:62:7f:43:bc:7d:49:a3:80:b5:10:94:
                    4f:a9:1d:ca:ef:67:d8:b5:12:0d:8c:b6:96:00:03:
                    46:00:d1:6a:cd:9d:53:d3:13:bf:03:56:3a:ad:e7:
                    72:26:a9:ab:e1:28:d1:89:99:5c:0f:77:1d:16:08:
                    67:37:29:c5:c4:d1:ad:03:d0:d4:86:ff:4d:1f:36:
                    f8:cd:6f:e3:cf:7a:fc:41:75:16:de:54:dc:6b:11:
                    2b:07:ab:f1:d0:3f:eb:27:c6:9c:84:08:f1:7c:1d:
                    1a:43:dc:b2:23:14:0b:1f:cf:7c:ec:68:ac:7e:6d:
                    c6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C3:08:CF:19:D3:F9:88:AE:97:5D:DF:5F:EC:FF:47:A3:04:A4:AC
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:06:ca:ef:67:33:1c:c3:52:32:01:a4:40:96:54:41:cd:b0:
         a9:5d:47:4e:80:39:d6:ad:32:28:0b:b5:35:c8:b8:74:75:5d:
         9f:09:1e:7d:6d:a8:0a:90:71:15:f1:cd:80:d3:94:1d:57:33:
         c2:d4:95:03:74:89:84:49:11:53:06:79:91:13:9d:7b:ad:9b:
         af:a1:59:9c:6d:35:f5:65:21:1b:27:3e:8d:1b:3f:69:3f:35:
         55:16:ea:58:9c:17:f8:07:0a:c6:9e:83:bf:c3:ae:7f:4b:24:
         ab:08:e6:b2:60:16:ac:ab:ba:d6:52:27:ff:02:5a:85:f8:27:
         6c:2a:ed:de:9f:37:02:03:43:75:ea:8c:e3:12:b9:cd:7c:be:
         f3:e4:5c:46:16:1c:da:5b:27:c2:c4:6e:36:79:7f:a2:ab:98:
         b5:31:76:21:a1:99:b9:8c:bc:40:38:34:96:9f:44:cc:bb:91:
         36:40:cb:15:5e:63:2f:e3:b1:b9:29:85:b7:45:92:b0:6c:74:
         f2:1e:7d:2a:47:92:34:51:01:33:ea:5a:7a:30:89:8f:0f:ee:
         f3:63:cf:11:83:34:cb:d5:0b:c8:50:e8:25:28:db:63:8f:25:
         d5:6a:8d:28:63:31:06:18:c3:9e:59:e3:10:0e:68:87:86:8d:
         f8:89:2b:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUe9HH6VPYgXMDmGFMWmZ8bSxH0+cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDFaFw0yNjA5MDkwOTU1MDFaMDMxMTAvBgNV
BAMTKDlEQzMwOENGMTlEM0Y5ODhBRTk3NURERjVGRUNGRjQ3QTMwNEE0QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCefPTj5HMLykZDBGwvlQUCQb4s
qnFO2V4rcnHV/YKC/ig2R5LFSGXC9ipXfsYP6aXXSJbMkozRSNY5btW4UzTXUoFw
8nCEd9CjPU2aPmJf0E0RwC1CNWBTv6c6UWeTTuKFxc4RjlvG12P0SrHIi74/W6Ar
HgUtItrOie/JNZ4/8YS2JIbOiI/vwN9if0O8fUmjgLUQlE+pHcrvZ9i1Eg2MtpYA
A0YA0WrNnVPTE78DVjqt53ImqavhKNGJmVwPdx0WCGc3KcXE0a0D0NSG/00fNvjN
b+PPevxBdRbeVNxrESsHq/HQP+snxpyECPF8HRpD3LIjFAsfz3zsaKx+bcbPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUncMIzxnT+Yiul13fX+z/R6MEpKwwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PjANBgkqhkiG9w0BAQsFAAOCAQEAQAbK72czHMNSMgGkQJZUQc2wqV1HToA51q0y
KAu1Nci4dHVdnwkefW2oCpBxFfHNgNOUHVczwtSVA3SJhEkRUwZ5kROde62br6FZ
nG019WUhGyc+jRs/aT81VRbqWJwX+AcKxp6Dv8Ouf0skqwjmsmAWrKu61lIn/wJa
hfgnbCrt3p83AgNDdeqM4xK5zXy+8+RcRhYc2lsnwsRuNnl/oquYtTF2IaGZuYy8
QDg0lp9EzLuRNkDLFV5jL+OxuSmFt0WSsGx08h59KkeSNFEBM+paejCJjw/u82PP
EYM0y9ULyFDoJSjbY48l1WqNKGMxBhjDnlnjEA5oh4aN+Ikr/Q==
-----END CERTIFICATE-----