Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa
File:                     38352e3135382e36332e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          qn/zD4mU2O1vf43On1WE9hJ3Cpv3EMD3P8lwcc5wANg=
Subject key identifier:   E4:E5:67:E0:E6:BA:8B:0A:4F:97:BC:B6:3F:24:FD:FF:D9:96:5A:6A
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       2AA418BFE072D0B5984BA79D6292811A61D857E1
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa
Signing time:             Wed 10 Sep 2025 09:55:01 +0000
ROA not before:           Wed 10 Sep 2025 09:50:01 +0000
ROA not after:            Wed 09 Sep 2026 09:55:01 +0000
asID:                     61317
IP address blocks:        85.158.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:a4:18:bf:e0:72:d0:b5:98:4b:a7:9d:62:92:81:1a:61:d8:57:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 10 09:50:01 2025 GMT
            Not After : Sep  9 09:55:01 2026 GMT
        Subject: CN=E4E567E0E6BA8B0A4F97BCB63F24FDFFD9965A6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e2:4c:d9:a1:77:3b:f0:09:ce:b3:62:7d:ce:
                    dc:25:72:d7:29:20:cb:19:ba:1e:7e:25:fd:1d:0f:
                    83:01:00:20:b2:c8:36:42:70:1a:77:c1:1c:f2:d2:
                    98:04:f3:b3:96:20:e1:c3:e6:db:3c:2b:41:b3:19:
                    e3:e5:0e:e3:08:c3:d2:9b:27:4c:e2:27:cc:54:a6:
                    15:df:e7:b6:a6:58:35:7c:8f:e5:63:56:be:e4:3b:
                    4a:55:c2:b8:62:26:07:4e:0f:9d:83:e4:dd:31:46:
                    e7:be:a0:3b:3b:87:ed:cd:f5:4e:7c:d7:79:c3:d9:
                    eb:97:34:44:85:16:79:ff:78:5b:b9:d8:e4:ff:8a:
                    3b:ff:bd:d9:0b:be:60:b5:9c:08:3c:63:f8:36:a0:
                    d2:19:77:b0:54:36:42:3b:a5:55:e6:21:6f:e4:39:
                    d2:a1:d8:61:39:04:a2:e4:ae:ec:41:23:ff:91:60:
                    dd:15:1e:33:0d:7e:52:1c:10:37:0f:d5:60:f4:a3:
                    6f:1e:46:2b:3b:01:f2:e5:28:64:1c:80:25:7b:6f:
                    a6:d0:17:14:dd:b1:ad:aa:35:bf:43:bc:c5:de:65:
                    0a:0b:b6:6b:1a:fd:90:21:1d:bd:a7:1a:c2:b1:0b:
                    e0:31:fa:33:48:1a:e8:fc:cf:66:e8:87:46:e7:9b:
                    1f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E5:67:E0:E6:BA:8B:0A:4F:97:BC:B6:3F:24:FD:FF:D9:96:5A:6A
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3135382e36332e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:cb:59:4c:39:b6:d2:4d:45:97:18:1f:f5:e3:d7:ad:64:8d:
         dc:0e:9b:c1:37:75:85:c0:0d:3c:8b:12:37:2a:d7:25:d9:59:
         8b:54:93:e7:14:90:0b:8f:99:ed:66:43:f2:53:1c:8a:82:db:
         25:c6:99:dd:2b:96:4b:67:a6:91:2e:c9:78:ca:1d:84:33:be:
         3d:c5:19:7f:40:c3:33:ea:9e:65:a8:35:7d:66:28:6d:0d:c3:
         5d:d5:63:9c:69:06:21:20:49:21:77:41:5d:e8:85:54:89:b9:
         f9:0b:cf:a9:d1:b1:41:50:92:16:27:83:5a:10:30:35:4b:4d:
         e7:78:d4:a0:ec:df:81:cb:93:30:3e:9a:07:d8:0d:b5:4c:10:
         0a:67:8d:df:da:3f:38:66:0c:a9:de:28:87:b3:ee:e6:b7:1a:
         cf:a2:ac:32:28:10:d3:99:5b:e5:60:7d:27:04:88:28:77:fe:
         18:f8:f5:7a:0d:46:0b:80:f1:bd:d3:63:fc:7f:b8:9d:c4:53:
         02:41:5c:7d:32:2f:18:73:6d:65:61:68:66:58:80:e9:93:b0:
         69:09:a9:e1:1d:09:4d:02:98:fe:35:b0:94:8b:12:2c:1f:c9:
         ce:38:48:7d:93:ac:6b:c8:60:e9:93:61:1a:32:7f:d5:84:3c:
         f7:5c:1b:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKqQYv+By0LWYS6edYpKBGmHYV+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDFaFw0yNjA5MDkwOTU1MDFaMDMxMTAvBgNV
BAMTKEU0RTU2N0UwRTZCQThCMEE0Rjk3QkNCNjNGMjRGREZGRDk5NjVBNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR4kzZoXc78AnOs2J9ztwlctcp
IMsZuh5+Jf0dD4MBACCyyDZCcBp3wRzy0pgE87OWIOHD5ts8K0GzGePlDuMIw9Kb
J0ziJ8xUphXf57amWDV8j+VjVr7kO0pVwrhiJgdOD52D5N0xRue+oDs7h+3N9U58
13nD2euXNESFFnn/eFu52OT/ijv/vdkLvmC1nAg8Y/g2oNIZd7BUNkI7pVXmIW/k
OdKh2GE5BKLkruxBI/+RYN0VHjMNflIcEDcP1WD0o28eRis7AfLlKGQcgCV7b6bQ
FxTdsa2qNb9DvMXeZQoLtmsa/ZAhHb2nGsKxC+Ax+jNIGuj8z2boh0bnmx9NAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5OVn4Oa6iwpPl7y2PyT9/9mWWmowHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzEzNTM4MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PzANBgkqhkiG9w0BAQsFAAOCAQEAEctZTDm20k1Flxgf9ePXrWSN3A6bwTd1hcAN
PIsSNyrXJdlZi1ST5xSQC4+Z7WZD8lMcioLbJcaZ3SuWS2emkS7JeModhDO+PcUZ
f0DDM+qeZag1fWYobQ3DXdVjnGkGISBJIXdBXeiFVIm5+QvPqdGxQVCSFieDWhAw
NUtN53jUoOzfgcuTMD6aB9gNtUwQCmeN39o/OGYMqd4oh7Pu5rcaz6KsMigQ05lb
5WB9JwSIKHf+GPj1eg1GC4DxvdNj/H+4ncRTAkFcfTIvGHNtZWFoZliA6ZOwaQmp
4R0JTQKY/jWwlIsSLB/JzjhIfZOsa8hg6ZNhGjJ/1YQ891wbMw==
-----END CERTIFICATE-----