Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e2031323339.roa
File:                     38352e3233372e3230392e302f32342d3234203d3e2031323339.roa (raw, json)
Hash identifier:          auLuPC9e3nESGQoqsLrNbbg13Y59xl8Edl64JvtGeDQ=
Subject key identifier:   4D:3B:9F:B3:A3:E3:25:BB:92:05:E1:10:87:FE:02:D6:05:14:32:79
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       072767CC8ED7335D74CDC4A738D3B263BC000C1A
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e2031323339.roa
Signing time:             Wed 10 Jul 2024 14:05:33 +0000
ROA not before:           Wed 10 Jul 2024 14:00:33 +0000
ROA not after:            Wed 09 Jul 2025 14:05:33 +0000
asID:                     1239
IP address blocks:        85.237.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:27:67:cc:8e:d7:33:5d:74:cd:c4:a7:38:d3:b2:63:bc:00:0c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jul 10 14:00:33 2024 GMT
            Not After : Jul  9 14:05:33 2025 GMT
        Subject: CN=4D3B9FB3A3E325BB9205E11087FE02D605143279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:81:4e:83:3c:64:28:93:c7:38:0e:af:02:d9:
                    79:ee:c8:aa:9d:da:6a:f9:1d:e4:e9:59:75:a7:51:
                    a5:8d:a3:9a:d4:a4:ae:a0:68:0f:d9:6f:53:cb:88:
                    fc:23:db:8a:93:e8:76:17:fd:51:4f:ea:62:6e:b5:
                    f1:0d:99:26:59:a2:ba:c5:cf:a9:43:eb:a6:e9:a5:
                    38:0e:0e:af:34:31:b2:24:0b:2a:8b:48:d9:56:71:
                    3a:9a:08:e1:5e:e7:3e:81:7d:68:9c:82:08:e7:ab:
                    ee:73:23:7a:71:5b:fc:08:76:8a:b7:3e:bb:18:33:
                    b2:3e:af:28:30:97:bb:c9:07:96:06:7b:a1:c4:50:
                    bc:9a:a2:fa:43:8c:43:38:79:84:ba:85:37:14:2d:
                    12:b3:1f:c7:65:c6:fa:bd:69:0a:16:89:fd:24:5d:
                    b4:e5:3a:72:b6:93:a2:99:67:16:f6:ac:72:e1:46:
                    76:e9:c5:2a:0f:6f:a2:04:76:4d:d0:d2:3c:67:4d:
                    08:2a:ed:cf:d1:83:02:75:23:5d:e5:e8:44:27:10:
                    04:73:a3:78:d5:c1:0d:58:eb:3b:c1:3d:dd:37:11:
                    74:e7:3b:5a:ed:59:c0:fa:7e:33:a5:5a:3e:70:b8:
                    b4:96:e7:e7:65:41:f9:9e:c0:73:0c:e5:1a:f4:6d:
                    0c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:3B:9F:B3:A3:E3:25:BB:92:05:E1:10:87:FE:02:D6:05:14:32:79
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e2031323339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:35:ad:e2:8c:98:15:50:be:59:9e:95:cb:1d:f9:23:98:6a:
         bd:a9:aa:6f:3a:15:32:df:aa:3f:80:e5:14:db:35:03:8d:7a:
         61:9e:be:0a:f5:aa:65:71:59:a3:8a:d1:1e:41:ee:cc:a2:57:
         f8:28:bc:84:51:d1:99:d8:36:73:41:5f:71:8e:4e:cf:01:f9:
         4e:94:f9:60:b1:0a:ac:0e:71:a4:1e:c9:d8:ba:be:bf:cd:2e:
         de:bb:5f:75:c7:96:b1:dd:08:ce:19:c8:71:30:9b:60:10:4d:
         c4:69:37:fc:bd:b3:5b:92:8f:ab:d7:13:48:09:98:a1:39:5c:
         26:43:64:62:ed:a8:38:b2:23:ae:66:56:59:83:6b:ad:c3:c0:
         fa:03:c2:31:b3:78:e7:42:17:ad:6b:35:12:b3:0a:40:e2:8f:
         88:f9:f8:4c:58:ef:c8:98:60:e0:17:d9:4b:3c:18:e4:4e:2e:
         53:6a:4f:d6:a7:6a:94:9b:b1:3f:b0:c5:bb:ab:9c:ff:32:42:
         7c:32:cd:91:c6:1f:a6:85:96:21:32:c4:b1:4f:8c:6f:24:18:
         3c:83:af:c4:d2:64:9f:43:4e:f0:2a:92:9d:95:77:7d:26:cb:
         bc:e1:ca:b8:7d:0f:81:e7:a2:40:de:c7:09:a6:4c:62:17:01:
         bd:43:62:02
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBydnzI7XM110zcSnONOyY7wADBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA3MTAxNDAwMzNaFw0yNTA3MDkxNDA1MzNaMDMxMTAvBgNV
BAMTKDREM0I5RkIzQTNFMzI1QkI5MjA1RTExMDg3RkUwMkQ2MDUxNDMyNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHgU6DPGQok8c4Dq8C2XnuyKqd
2mr5HeTpWXWnUaWNo5rUpK6gaA/Zb1PLiPwj24qT6HYX/VFP6mJutfENmSZZorrF
z6lD66bppTgODq80MbIkCyqLSNlWcTqaCOFe5z6BfWicggjnq+5zI3pxW/wIdoq3
PrsYM7I+rygwl7vJB5YGe6HEULyaovpDjEM4eYS6hTcULRKzH8dlxvq9aQoWif0k
XbTlOnK2k6KZZxb2rHLhRnbpxSoPb6IEdk3Q0jxnTQgq7c/RgwJ1I13l6EQnEARz
o3jVwQ1Y6zvBPd03EXTnO1rtWcD6fjOlWj5wuLSW5+dlQfmewHMM5Rr0bQwVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTTufs6PjJbuSBeEQh/4C1gUUMnkwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMyMzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXt
0TANBgkqhkiG9w0BAQsFAAOCAQEAVTWt4oyYFVC+WZ6Vyx35I5hqvamqbzoVMt+q
P4DlFNs1A416YZ6+CvWqZXFZo4rRHkHuzKJX+Ci8hFHRmdg2c0FfcY5OzwH5TpT5
YLEKrA5xpB7J2Lq+v80u3rtfdceWsd0IzhnIcTCbYBBNxGk3/L2zW5KPq9cTSAmY
oTlcJkNkYu2oOLIjrmZWWYNrrcPA+gPCMbN450IXrWs1ErMKQOKPiPn4TFjvyJhg
4BfZSzwY5E4uU2pP1qdqlJuxP7DFu6uc/zJCfDLNkcYfpoWWITLEsU+MbyQYPIOv
xNJkn0NO8CqSnZV3fSbLvOHKuH0PgeeiQN7HCaZMYhcBvUNiAg==
-----END CERTIFICATE-----