Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3230322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          u3m5aOj5+0l7gs03gBtOxmRHY8O1u98nAXwx06AkPeY=
Subject key identifier:   B3:46:F1:63:CB:D3:52:38:7D:F6:49:A2:76:CB:6D:4A:3D:0A:93:17
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6B3015F28C7009225489A870ADBEC7B5A9A2DCB1
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa
Signing time:             Sat 06 Apr 2024 00:02:45 +0000
ROA not before:           Fri 05 Apr 2024 23:57:45 +0000
ROA not after:            Sat 05 Apr 2025 00:02:45 +0000
asID:                     834
IP address blocks:        85.237.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:30:15:f2:8c:70:09:22:54:89:a8:70:ad:be:c7:b5:a9:a2:dc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Apr  5 23:57:45 2024 GMT
            Not After : Apr  5 00:02:45 2025 GMT
        Subject: CN=B346F163CBD352387DF649A276CB6D4A3D0A9317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:75:ea:ac:1c:f6:74:4b:00:61:b2:4c:84:69:
                    4b:cc:84:39:05:c6:12:e8:86:80:aa:35:0f:10:ac:
                    6a:d3:e0:6e:61:b9:85:de:01:0c:0e:ed:aa:51:b4:
                    a9:1b:a6:e1:66:0a:c4:8b:23:e2:e5:bc:48:e6:83:
                    6d:3c:94:02:5f:30:fe:a2:65:6a:77:cf:29:95:5d:
                    e8:ac:d1:cf:d6:04:39:42:87:41:bf:1c:a3:33:4e:
                    f7:a9:0b:9e:6f:51:48:26:dd:cf:9b:72:cc:76:02:
                    3c:c1:eb:74:55:8f:63:c3:74:12:12:67:d1:fd:db:
                    54:57:39:cc:3a:81:3d:a8:82:1b:7a:6f:c3:ee:8f:
                    b6:d1:0f:3a:ee:55:e0:b9:14:75:f6:1b:10:e1:df:
                    6e:32:77:b4:2e:cf:ce:22:9c:72:75:5a:32:78:24:
                    ca:18:30:62:28:7c:1c:ed:b6:8c:eb:53:ac:da:ce:
                    e4:7c:32:ea:de:29:70:d0:3c:a0:fd:b6:73:1a:64:
                    94:6e:7b:47:65:f9:57:91:8b:1c:f2:9e:cb:6d:63:
                    ab:63:56:61:54:7c:4d:45:df:08:19:e8:35:ae:67:
                    56:05:a8:9d:20:e8:ff:f1:9a:97:a2:a8:8e:4c:71:
                    cc:22:d4:2e:ff:c9:ee:84:a0:59:1e:e1:ec:62:5d:
                    fb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:46:F1:63:CB:D3:52:38:7D:F6:49:A2:76:CB:6D:4A:3D:0A:93:17
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:12:b1:2d:4e:f1:0a:71:9c:e7:95:a6:db:d7:2f:22:cd:74:
         7b:92:92:1b:c9:30:83:37:75:5b:2a:47:08:67:aa:c0:ed:4d:
         80:5f:45:ed:b5:b7:b8:d0:73:49:96:ed:0e:5a:84:7b:4b:a6:
         9d:4d:d4:d0:a2:b4:0e:aa:25:85:70:41:6e:ce:0d:54:f4:b5:
         79:e1:fd:2a:80:b2:60:70:e0:e5:0a:a2:f8:ee:10:c5:a9:37:
         f3:77:90:39:c4:9e:8d:72:76:07:73:48:b4:c7:83:cf:bf:6a:
         07:42:ef:64:2e:4e:f5:dc:7c:79:b4:45:0f:7f:db:03:31:d0:
         60:7d:e9:ed:89:12:04:ed:f3:91:71:f2:d3:ed:36:5c:fd:9d:
         69:24:a5:69:23:72:dd:a2:e8:11:a7:61:c0:da:00:0d:1d:34:
         92:0e:5a:b5:fe:8f:b5:e7:27:38:3a:45:ed:ad:0b:dd:3e:15:
         ca:6e:43:35:e6:3c:69:63:d4:1d:4b:e7:01:d4:86:ab:6a:b2:
         f7:2d:4e:fa:94:cb:14:d0:fb:7a:3b:66:0f:cb:ba:03:65:fe:
         66:f1:55:92:7a:c8:c5:fd:54:b5:ed:34:a3:9c:52:e6:9f:74:
         f3:7e:fe:ab:75:01:49:38:6b:86:2f:64:c7:61:d9:9f:7f:48:
         b7:8d:f0:b9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUazAV8oxwCSJUiahwrb7Htami3LEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA0MDUyMzU3NDVaFw0yNTA0MDUwMDAyNDVaMDMxMTAvBgNV
BAMTKEIzNDZGMTYzQ0JEMzUyMzg3REY2NDlBMjc2Q0I2RDRBM0QwQTkzMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPdeqsHPZ0SwBhskyEaUvMhDkF
xhLohoCqNQ8QrGrT4G5huYXeAQwO7apRtKkbpuFmCsSLI+LlvEjmg208lAJfMP6i
ZWp3zymVXeis0c/WBDlCh0G/HKMzTvepC55vUUgm3c+bcsx2AjzB63RVj2PDdBIS
Z9H921RXOcw6gT2oght6b8Puj7bRDzruVeC5FHX2GxDh324yd7Quz84inHJ1WjJ4
JMoYMGIofBzttozrU6zazuR8MureKXDQPKD9tnMaZJRue0dl+VeRixzynsttY6tj
VmFUfE1F3wgZ6DWuZ1YFqJ0g6P/xmpeiqI5Mccwi1C7/ye6EoFke4exiXft5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUs0bxY8vTUjh99kmidsttSj0KkxcwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7cow
DQYJKoZIhvcNAQELBQADggEBAGkSsS1O8QpxnOeVptvXLyLNdHuSkhvJMIM3dVsq
RwhnqsDtTYBfRe21t7jQc0mW7Q5ahHtLpp1N1NCitA6qJYVwQW7ODVT0tXnh/SqA
smBw4OUKovjuEMWpN/N3kDnEno1ydgdzSLTHg8+/agdC72QuTvXcfHm0RQ9/2wMx
0GB96e2JEgTt85Fx8tPtNlz9nWkkpWkjct2i6BGnYcDaAA0dNJIOWrX+j7XnJzg6
Re2tC90+FcpuQzXmPGlj1B1L5wHUhqtqsvctTvqUyxTQ+3o7Zg/LugNl/mbxVZJ6
yMX9VLXtNKOcUuafdPN+/qt1AUk4a4YvZMdh2Z9/SLeN8Lk=
-----END CERTIFICATE-----