Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3230322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Z1rAWBp2v0T2ykg+SRS2/It4o9wCXEInJ4/MAqzY6+o=
Subject key identifier:   ED:A3:B6:9C:AE:5A:78:D6:EB:8F:41:43:47:10:75:54:D1:48:DA:05
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       2977A7E21F2B3869B74BA50084902F3EC98B625D
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 28 Oct 2024 00:01:26 +0000
ROA not before:           Sun 27 Oct 2024 23:56:26 +0000
ROA not after:            Mon 27 Oct 2025 00:01:26 +0000
asID:                     834
IP address blocks:        85.237.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:77:a7:e2:1f:2b:38:69:b7:4b:a5:00:84:90:2f:3e:c9:8b:62:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct 27 23:56:26 2024 GMT
            Not After : Oct 27 00:01:26 2025 GMT
        Subject: CN=EDA3B69CAE5A78D6EB8F414347107554D148DA05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0c:46:d2:c7:af:3b:a4:44:5b:79:7c:2d:72:
                    d8:d0:dd:6c:85:02:f9:fd:62:50:53:74:84:3a:ab:
                    a8:2c:31:31:47:c5:d8:2c:37:6a:2e:60:36:63:b6:
                    40:ee:db:a6:32:cb:09:2c:a3:4b:1e:d4:92:ae:16:
                    43:13:6a:6a:97:c1:53:05:37:11:89:d9:90:a7:f0:
                    1a:6c:45:3f:41:7f:d5:9a:79:32:50:a7:de:c6:e7:
                    03:a1:8f:e5:a1:e2:82:ea:2c:d0:8b:fe:45:76:92:
                    36:ea:3b:d8:b0:b9:21:83:24:07:58:d8:ca:b6:e9:
                    7c:14:67:72:ef:61:6a:4b:7c:ff:1c:f4:3c:7e:5a:
                    4b:28:65:2b:36:d9:af:25:a1:e0:37:a7:ca:4d:9c:
                    23:6e:d9:e8:45:97:79:b8:57:c0:7f:de:48:f2:2e:
                    12:0e:cd:73:4f:0b:3c:b9:ef:9d:73:31:3c:e7:8b:
                    32:89:f6:0d:da:b5:8f:9f:ef:73:1d:cb:7c:e6:2e:
                    a1:12:59:dd:61:2d:bf:21:f6:88:23:39:ad:97:aa:
                    ef:02:65:18:61:69:2b:02:14:1b:d5:bf:0f:03:75:
                    bb:7e:3d:fd:e4:d9:05:17:9a:09:d9:66:11:00:e6:
                    33:b9:2f:11:f1:ed:ec:a3:17:84:8d:40:58:1f:d7:
                    e7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A3:B6:9C:AE:5A:78:D6:EB:8F:41:43:47:10:75:54:D1:48:DA:05
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:56:af:73:96:01:ca:78:5a:4f:83:60:61:ae:90:3b:cf:9d:
         b3:f9:3e:66:f3:17:7b:4a:81:9d:e5:ce:d4:63:70:b2:d0:ce:
         0b:a1:49:1f:92:c8:fc:d9:87:6f:52:95:a4:69:b8:4e:bf:53:
         ba:ee:26:b5:18:44:98:62:00:76:d0:3f:8d:32:a2:d8:05:97:
         3f:f5:77:e8:de:e3:57:d5:e7:a3:cf:aa:de:49:b1:b7:61:2a:
         0f:56:35:41:8e:a3:d2:f8:2d:fc:c9:7b:df:8c:d9:be:29:4b:
         61:93:ae:b4:d1:1b:d3:26:bd:c9:a8:bc:40:e7:42:e2:cc:3d:
         fe:af:3a:2f:9b:14:0f:97:f6:25:8f:e9:ce:79:b6:b7:3d:b9:
         d7:f7:e7:1b:11:80:29:7f:d0:2a:ff:ae:65:40:08:9f:52:e0:
         31:d0:c6:7a:e9:ab:bf:0c:dd:e5:74:00:3b:a8:48:e6:c1:1b:
         f3:e6:0f:08:29:fb:07:36:10:9f:66:cc:38:f4:36:b5:09:0b:
         f2:75:26:9e:fd:07:8e:b2:b4:e4:e6:7d:eb:8f:a0:1c:61:cf:
         9d:79:43:56:fd:8d:0a:61:a5:89:26:1a:03:d3:f2:23:66:5a:
         df:98:70:92:7e:c9:0e:98:e8:79:e1:ec:00:d9:b7:81:ab:62:
         ca:2c:74:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKXen4h8rOGm3S6UAhJAvPsmLYl0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMjcyMzU2MjZaFw0yNTEwMjcwMDAxMjZaMDMxMTAvBgNV
BAMTKEVEQTNCNjlDQUU1QTc4RDZFQjhGNDE0MzQ3MTA3NTU0RDE0OERBMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0DEbSx687pERbeXwtctjQ3WyF
Avn9YlBTdIQ6q6gsMTFHxdgsN2ouYDZjtkDu26Yyywkso0se1JKuFkMTamqXwVMF
NxGJ2ZCn8BpsRT9Bf9WaeTJQp97G5wOhj+Wh4oLqLNCL/kV2kjbqO9iwuSGDJAdY
2Mq26XwUZ3LvYWpLfP8c9Dx+WksoZSs22a8loeA3p8pNnCNu2ehFl3m4V8B/3kjy
LhIOzXNPCzy5751zMTznizKJ9g3atY+f73Mdy3zmLqESWd1hLb8h9ogjOa2Xqu8C
ZRhhaSsCFBvVvw8Ddbt+Pf3k2QUXmgnZZhEA5jO5LxHx7eyjF4SNQFgf1+dTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7aO2nK5aeNbrj0FDRxB1VNFI2gUwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7cow
DQYJKoZIhvcNAQELBQADggEBAGlWr3OWAcp4Wk+DYGGukDvPnbP5PmbzF3tKgZ3l
ztRjcLLQzguhSR+SyPzZh29SlaRpuE6/U7ruJrUYRJhiAHbQP40yotgFlz/1d+je
41fV56PPqt5JsbdhKg9WNUGOo9L4LfzJe9+M2b4pS2GTrrTRG9MmvcmovEDnQuLM
Pf6vOi+bFA+X9iWP6c55trc9udf35xsRgCl/0Cr/rmVACJ9S4DHQxnrpq78M3eV0
ADuoSObBG/PmDwgp+wc2EJ9mzDj0NrUJC/J1Jp79B46ytOTmfeuPoBxhz515Q1b9
jQphpYkmGgPT8iNmWt+YcJJ+yQ6Y6Hnh7ADZt4GrYsosdG4=
-----END CERTIFICATE-----