Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36322e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          fMEIAX1GcgZL+0KLFq26Tcbcmik43Puh8gRZND27KvY=
Subject key identifier:   7B:79:A1:1F:70:38:5F:35:70:2D:1C:29:50:5B:13:00:26:4F:A3:50
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       66272D969CBA2C43E6F6D996F414960125640602
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 09 Oct 2024 09:43:23 +0000
ROA not before:           Wed 09 Oct 2024 09:38:23 +0000
ROA not after:            Wed 08 Oct 2025 09:43:23 +0000
asID:                     61317
IP address blocks:        85.158.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:27:2d:96:9c:ba:2c:43:e6:f6:d9:96:f4:14:96:01:25:64:06:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:23 2024 GMT
            Not After : Oct  8 09:43:23 2025 GMT
        Subject: CN=7B79A11F70385F35702D1C29505B1300264FA350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:28:ec:6d:5a:fd:ae:48:bf:35:af:46:3e:ee:
                    4b:0a:59:f6:5d:4a:bc:de:c7:47:9f:58:75:97:46:
                    5e:7e:36:6d:c8:b3:65:e8:1f:33:b0:7d:1e:35:59:
                    2a:bb:0f:dc:74:50:7e:aa:99:09:5f:77:76:c0:74:
                    cd:7e:e3:61:f8:b4:b9:02:8d:a6:6b:a4:70:f2:64:
                    48:b3:97:ac:e5:59:51:47:f3:d7:cc:85:90:27:5f:
                    7b:e8:34:f8:60:d3:f9:85:f3:fe:e7:92:88:66:e4:
                    26:d4:85:66:16:ae:26:66:f3:16:ff:cb:99:23:eb:
                    79:9e:be:fd:7d:7a:e6:ab:41:2f:58:c4:7b:83:38:
                    8c:cd:60:66:54:18:31:87:53:6e:2e:91:d6:ad:b1:
                    e4:f5:9e:7a:bf:f4:78:b8:55:a0:20:97:37:d2:4a:
                    f9:91:60:94:7f:ae:d3:56:76:2d:3d:75:b5:49:1a:
                    c2:1c:e3:d1:a0:7b:8b:64:f9:f8:ae:48:6c:ce:bf:
                    02:9d:16:2d:db:e1:ee:c7:fc:fe:5d:d0:04:b1:73:
                    9b:57:66:0d:b9:61:64:df:f0:37:98:5c:56:62:a3:
                    7b:9a:4f:6a:31:e8:d4:9b:77:f4:8b:ae:d6:4f:a2:
                    ac:a1:15:bc:c9:16:dd:99:f6:fe:71:a6:ba:78:b2:
                    6c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:79:A1:1F:70:38:5F:35:70:2D:1C:29:50:5B:13:00:26:4F:A3:50
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36322e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:7d:f4:ec:fc:44:90:43:79:f1:e9:7a:e3:65:fd:ff:41:d5:
         89:a7:a0:1e:20:d2:83:a8:5b:d3:0c:81:04:0f:d8:27:13:f6:
         76:e4:b2:72:7d:e8:af:eb:c7:b1:b9:90:4a:2c:f5:5d:95:49:
         7d:17:d9:5b:ec:ec:17:0b:b3:db:1e:ad:d4:df:64:75:86:b0:
         7c:a9:2d:93:05:2e:0f:c2:9a:4d:eb:0d:9c:ab:01:fd:fb:44:
         ed:a9:aa:4e:62:fc:06:2c:4f:11:5c:aa:80:ad:0c:4e:57:56:
         69:1a:ea:40:46:af:dc:ae:e5:86:a1:97:00:20:0e:cb:50:b6:
         fb:72:f2:d6:c0:c9:05:d8:39:79:ca:19:91:4c:53:1c:f0:c9:
         69:2b:80:4d:9e:dd:3b:02:2c:54:01:80:19:f8:03:21:b1:28:
         14:62:68:6f:d7:41:83:91:71:4f:f2:a3:3c:42:43:2f:6f:be:
         9b:f3:e3:03:8b:2c:7c:5e:7f:f0:ce:f1:4a:9a:b7:f7:a6:ab:
         5d:6c:c9:e5:49:02:e5:33:70:4a:77:b1:2b:a2:65:58:63:8b:
         b6:6a:83:0f:b0:2b:8d:27:27:f3:a4:84:f3:f0:eb:cf:61:ab:
         7f:86:7b:e2:83:61:68:06:0d:15:35:78:35:b5:5c:9c:20:95:
         e3:dc:21:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZictlpy6LEPm9tmW9BSWASVkBgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjNaFw0yNTEwMDgwOTQzMjNaMDMxMTAvBgNV
BAMTKDdCNzlBMTFGNzAzODVGMzU3MDJEMUMyOTUwNUIxMzAwMjY0RkEzNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyKOxtWv2uSL81r0Y+7ksKWfZd
Srzex0efWHWXRl5+Nm3Is2XoHzOwfR41WSq7D9x0UH6qmQlfd3bAdM1+42H4tLkC
jaZrpHDyZEizl6zlWVFH89fMhZAnX3voNPhg0/mF8/7nkohm5CbUhWYWriZm8xb/
y5kj63mevv19euarQS9YxHuDOIzNYGZUGDGHU24ukdatseT1nnq/9Hi4VaAglzfS
SvmRYJR/rtNWdi09dbVJGsIc49Gge4tk+fiuSGzOvwKdFi3b4e7H/P5d0ASxc5tX
Zg25YWTf8DeYXFZio3uaT2ox6NSbd/SLrtZPoqyhFbzJFt2Z9v5xprp4smwLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUe3mhH3A4XzVwLRwpUFsTACZPo1AwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PjANBgkqhkiG9w0BAQsFAAOCAQEAb3307PxEkEN58el642X9/0HViaegHiDSg6hb
0wyBBA/YJxP2duSycn3or+vHsbmQSiz1XZVJfRfZW+zsFwuz2x6t1N9kdYawfKkt
kwUuD8KaTesNnKsB/ftE7amqTmL8BixPEVyqgK0MTldWaRrqQEav3K7lhqGXACAO
y1C2+3Ly1sDJBdg5ecoZkUxTHPDJaSuATZ7dOwIsVAGAGfgDIbEoFGJob9dBg5Fx
T/KjPEJDL2++m/PjA4ssfF5/8M7xSpq396arXWzJ5UkC5TNwSnexK6JlWGOLtmqD
D7ArjScn86SE8/Drz2Grf4Z74oNhaAYNFTV4NbVcnCCV49whEA==
-----END CERTIFICATE-----