Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20313734.roa
File:                     38352e3233372e3230392e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          aOPD3yHxBuldGgP5Z1he3baPGmpPjXafQTeU7K1AIhc=
Subject key identifier:   03:B6:56:C4:5F:DC:86:F7:28:3D:07:A8:F4:D2:67:93:D2:01:57:27
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       1903CF33EA1C981306D079421ABD3CD092160C2A
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20313734.roa
Signing time:             Wed 10 Jul 2024 14:05:33 +0000
ROA not before:           Wed 10 Jul 2024 14:00:33 +0000
ROA not after:            Wed 09 Jul 2025 14:05:33 +0000
asID:                     174
IP address blocks:        85.237.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:03:cf:33:ea:1c:98:13:06:d0:79:42:1a:bd:3c:d0:92:16:0c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jul 10 14:00:33 2024 GMT
            Not After : Jul  9 14:05:33 2025 GMT
        Subject: CN=03B656C45FDC86F7283D07A8F4D26793D2015727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:08:2a:f0:7b:8e:96:68:83:e6:d5:da:5c:
                    cd:ad:8e:cc:bf:38:c0:fe:3e:06:63:3a:7b:e3:2c:
                    ce:23:2b:05:22:f1:6d:a5:f3:44:02:d3:08:69:bb:
                    0a:67:22:17:7e:45:91:54:f9:be:c9:9a:20:98:c4:
                    77:b3:b7:0a:f1:8a:55:01:89:11:cf:fd:3c:72:31:
                    bf:5a:69:f9:2c:ec:cf:c6:de:60:64:61:8f:5a:3b:
                    ec:45:d8:6b:6b:38:85:bb:a8:72:46:eb:1e:db:37:
                    85:46:8d:bf:73:a5:75:e5:26:96:e4:56:4e:37:ad:
                    f0:82:2e:3f:1c:fe:75:77:86:c7:aa:10:d0:30:98:
                    06:a5:f2:53:ab:bd:ee:d2:e0:57:ca:f0:be:d9:9c:
                    d6:0f:c4:67:1b:9f:d3:ee:68:3d:92:6c:8e:b4:c6:
                    6c:72:a0:f1:e9:6e:4b:4b:6f:62:71:31:34:1f:d3:
                    2b:ae:7d:8d:1e:0d:97:98:6e:df:61:8b:c8:cf:29:
                    4d:72:f8:1a:5b:3e:98:10:83:7b:26:d2:50:40:3c:
                    12:09:37:a0:1d:e3:da:8b:18:82:88:a5:3c:ad:45:
                    86:b9:d9:16:c5:8c:8d:b2:68:83:d2:ab:89:5f:19:
                    b2:75:dd:b9:36:28:43:20:01:54:4e:0c:25:b5:2d:
                    af:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B6:56:C4:5F:DC:86:F7:28:3D:07:A8:F4:D2:67:93:D2:01:57:27
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:19:a0:d5:15:ba:5e:06:d4:36:84:ee:d8:80:d2:1c:13:32:
         5a:fc:bf:5c:c5:21:6f:c4:db:ce:b5:b7:23:0d:f5:80:35:47:
         7a:b3:5c:c4:6b:46:48:3d:6a:10:11:b4:93:0d:4b:02:82:d6:
         db:84:16:15:57:03:a5:c6:97:6c:6f:3d:ea:2c:c8:40:f8:0c:
         e8:2e:12:24:8f:e4:9d:88:17:d3:c0:3e:50:54:a9:6b:ee:14:
         b9:b9:2d:c5:4a:62:1b:3f:71:3e:9e:b9:5c:c8:2d:5f:ea:68:
         e2:4c:0a:82:af:20:59:80:c8:56:46:a0:e5:22:18:b9:63:ef:
         cb:ee:ef:48:1d:02:98:d9:b8:3f:8a:70:41:d7:4c:69:f9:60:
         3f:53:77:ed:34:b2:78:4c:1d:27:a3:42:b6:60:de:8b:91:4a:
         10:72:d8:ea:c9:5c:ad:26:40:fd:11:3e:5a:4d:7c:71:ca:53:
         f8:50:13:0f:d0:23:24:f3:c4:86:22:45:72:90:46:a7:52:07:
         ab:9e:c3:a1:3b:3b:e8:84:82:2c:fb:83:20:a9:e4:b8:35:5d:
         81:4e:b5:fd:e7:03:63:2f:83:28:b1:ec:00:c1:dd:19:07:4c:
         bf:2a:8a:93:9b:6f:9e:5b:f5:8e:9d:65:9a:fc:d7:29:6e:38:
         9f:71:fa:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGQPPM+ocmBMG0HlCGr080JIWDCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDA3MTAxNDAwMzNaFw0yNTA3MDkxNDA1MzNaMDMxMTAvBgNV
BAMTKDAzQjY1NkM0NUZEQzg2RjcyODNEMDdBOEY0RDI2NzkzRDIwMTU3MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCriAgq8HuOlmiD5tXaXM2tjsy/
OMD+PgZjOnvjLM4jKwUi8W2l80QC0whpuwpnIhd+RZFU+b7JmiCYxHeztwrxilUB
iRHP/TxyMb9aafks7M/G3mBkYY9aO+xF2GtrOIW7qHJG6x7bN4VGjb9zpXXlJpbk
Vk43rfCCLj8c/nV3hseqENAwmAal8lOrve7S4FfK8L7ZnNYPxGcbn9PuaD2SbI60
xmxyoPHpbktLb2JxMTQf0yuufY0eDZeYbt9hi8jPKU1y+BpbPpgQg3sm0lBAPBIJ
N6Ad49qLGIKIpTytRYa52RbFjI2yaIPSq4lfGbJ13bk2KEMgAVRODCW1La+DAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUA7ZWxF/chvcoPQeo9NJnk9IBVycwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dEw
DQYJKoZIhvcNAQELBQADggEBAHwZoNUVul4G1DaE7tiA0hwTMlr8v1zFIW/E2861
tyMN9YA1R3qzXMRrRkg9ahARtJMNSwKC1tuEFhVXA6XGl2xvPeosyED4DOguEiSP
5J2IF9PAPlBUqWvuFLm5LcVKYhs/cT6euVzILV/qaOJMCoKvIFmAyFZGoOUiGLlj
78vu70gdApjZuD+KcEHXTGn5YD9Td+00snhMHSejQrZg3ouRShBy2OrJXK0mQP0R
PlpNfHHKU/hQEw/QIyTzxIYiRXKQRqdSB6uew6E7O+iEgiz7gyCp5Lg1XYFOtf3n
A2Mvgyix7ADB3RkHTL8qipObb55b9Y6dZZr81yluOJ9x+m4=
-----END CERTIFICATE-----