Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36332e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          hHpcsv+tuh+ZtHw3KwGTT2jRHtxH0I9TWeYNmOjGews=
Subject key identifier:   07:2E:3A:F7:49:4C:9D:27:88:2D:A1:1D:42:0B:15:73:82:D0:14:0C
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       7F3581E6EA17602AC3D1E0CC8BED53CB9B108733
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 09 Oct 2024 09:43:24 +0000
ROA not before:           Wed 09 Oct 2024 09:38:24 +0000
ROA not after:            Wed 08 Oct 2025 09:43:24 +0000
asID:                     61317
IP address blocks:        85.158.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:35:81:e6:ea:17:60:2a:c3:d1:e0:cc:8b:ed:53:cb:9b:10:87:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:24 2024 GMT
            Not After : Oct  8 09:43:24 2025 GMT
        Subject: CN=072E3AF7494C9D27882DA11D420B157382D0140C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cc:71:da:b5:f2:bd:13:47:fb:57:5d:d0:fd:
                    a3:82:94:05:05:c2:26:b1:73:cf:8e:13:be:10:ab:
                    d4:0b:bb:6f:60:e6:03:91:56:fb:f2:f1:3b:d4:c9:
                    74:cf:36:67:3d:f9:fc:07:e2:1d:c5:d6:f4:cd:f2:
                    67:6c:1c:12:0d:67:23:ee:b1:1a:78:24:4a:e9:29:
                    45:e8:7c:bb:5e:07:81:fa:e2:4e:8f:c9:54:fa:32:
                    bc:e4:a6:7e:bc:00:93:52:ee:e0:b4:e3:ac:34:a6:
                    27:ba:0d:cd:c8:0f:52:b7:78:21:b5:e1:c7:07:91:
                    47:e4:ea:fb:64:16:86:0d:a6:92:f1:51:6f:f1:50:
                    fa:cc:e0:5d:e7:b8:0b:94:e9:b1:2a:bf:5d:a8:71:
                    0f:3d:35:85:86:df:fb:80:dd:3a:e8:14:f6:29:2c:
                    28:91:1f:2f:87:a7:90:ea:e7:0d:23:0f:6a:c9:3b:
                    a6:42:36:c6:32:21:77:1d:79:7f:d7:4d:0a:46:f5:
                    8b:44:ba:c3:91:72:94:4a:ba:ee:d6:a9:f4:fd:89:
                    10:7b:f3:d4:88:f1:06:6e:4e:07:04:65:f5:1f:19:
                    9b:a2:8e:34:23:92:3e:75:d7:4c:f6:7c:a2:19:0a:
                    12:4f:72:ae:2e:35:5c:56:ab:c1:c0:79:ff:0f:20:
                    62:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:2E:3A:F7:49:4C:9D:27:88:2D:A1:1D:42:0B:15:73:82:D0:14:0C
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a7:9d:46:f7:dc:de:86:ec:38:a5:97:b5:aa:5e:3c:89:4c:
         93:d5:7d:65:d7:d5:c0:65:de:ef:ca:96:37:98:3c:a6:5e:49:
         f6:dd:89:75:a1:98:fa:58:22:a6:45:d3:0e:af:f5:b7:db:f4:
         8b:84:1c:8e:f2:b3:82:5e:28:d9:fc:d1:a0:9b:67:00:d0:29:
         ad:7b:e5:28:53:5c:7d:35:fe:d9:2f:f3:c5:20:93:2c:a3:f3:
         3a:fb:40:c1:a6:96:2a:47:02:ab:29:6d:16:e3:23:f8:e9:e3:
         8f:f3:06:8b:0c:d1:ab:5f:9f:0b:ea:6e:a4:62:10:fb:1e:ed:
         28:f9:35:26:7a:7c:ca:d8:db:f3:ee:94:e6:f4:2b:80:70:9c:
         f1:de:bb:7f:b8:59:db:3a:db:32:eb:ec:34:ac:9a:5e:e0:f2:
         63:83:86:2d:b5:4f:a3:77:4d:d3:07:d9:c9:0d:dd:1f:3e:b0:
         0c:23:f9:c2:20:74:3b:09:25:5f:ca:e5:4e:10:82:53:cc:a1:
         e2:e9:b6:4d:0c:65:b8:88:c9:0c:32:fa:f8:23:1d:c6:32:1f:
         cb:25:ed:53:2a:a4:ba:a9:3c:2c:8d:55:9f:9e:e0:33:ca:d8:
         83:d3:c1:4c:89:d3:15:c7:1a:33:14:f7:cd:8a:3a:f1:8c:48:
         38:82:4d:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfzWB5uoXYCrD0eDMi+1Ty5sQhzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjRaFw0yNTEwMDgwOTQzMjRaMDMxMTAvBgNV
BAMTKDA3MkUzQUY3NDk0QzlEMjc4ODJEQTExRDQyMEIxNTczODJEMDE0MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtzHHatfK9E0f7V13Q/aOClAUF
wiaxc8+OE74Qq9QLu29g5gORVvvy8TvUyXTPNmc9+fwH4h3F1vTN8mdsHBINZyPu
sRp4JErpKUXofLteB4H64k6PyVT6Mrzkpn68AJNS7uC046w0pie6Dc3ID1K3eCG1
4ccHkUfk6vtkFoYNppLxUW/xUPrM4F3nuAuU6bEqv12ocQ89NYWG3/uA3TroFPYp
LCiRHy+Hp5Dq5w0jD2rJO6ZCNsYyIXcdeX/XTQpG9YtEusORcpRKuu7WqfT9iRB7
89SI8QZuTgcEZfUfGZuijjQjkj5110z2fKIZChJPcq4uNVxWq8HAef8PIGIHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBy4690lMnSeILaEdQgsVc4LQFAwwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PzANBgkqhkiG9w0BAQsFAAOCAQEAAKedRvfc3obsOKWXtapePIlMk9V9ZdfVwGXe
78qWN5g8pl5J9t2JdaGY+lgipkXTDq/1t9v0i4QcjvKzgl4o2fzRoJtnANAprXvl
KFNcfTX+2S/zxSCTLKPzOvtAwaaWKkcCqyltFuMj+Onjj/MGiwzRq1+fC+pupGIQ
+x7tKPk1Jnp8ytjb8+6U5vQrgHCc8d67f7hZ2zrbMuvsNKyaXuDyY4OGLbVPo3dN
0wfZyQ3dHz6wDCP5wiB0OwklX8rlThCCU8yh4um2TQxluIjJDDL6+CMdxjIfyyXt
Uyqkuqk8LI1Vn57gM8rYg9PBTInTFccaMxT3zYo68YxIOIJNZA==
-----END CERTIFICATE-----