Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3230392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          WB9J37CM8grLwBeoJTi1xeFCMWuDPh0OGdY07chlx0I=
Subject key identifier:   D7:F3:81:72:83:A6:29:85:17:45:87:F6:78:6D:84:5E:81:AA:A4:13
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       1A376AAFDE04A5D42A863985C7CEDEFFA76C882E
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20383334.roa
Signing time:             Thu 29 Feb 2024 00:00:41 +0000
ROA not before:           Wed 28 Feb 2024 23:55:41 +0000
ROA not after:            Thu 27 Feb 2025 00:00:41 +0000
asID:                     834
IP address blocks:        85.237.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:37:6a:af:de:04:a5:d4:2a:86:39:85:c7:ce:de:ff:a7:6c:88:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb 28 23:55:41 2024 GMT
            Not After : Feb 27 00:00:41 2025 GMT
        Subject: CN=D7F3817283A62985174587F6786D845E81AAA413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:71:af:45:b9:7c:e6:16:e6:32:8c:64:4e:19:
                    9d:d0:61:a5:db:4a:d6:e3:7f:f3:e3:67:ab:ef:9e:
                    43:a5:5a:c1:69:f3:d8:a1:ed:84:23:92:67:da:cf:
                    35:c4:45:e5:c3:96:96:fc:5f:5c:d0:a0:e0:54:84:
                    b6:f2:39:da:4c:ec:67:6e:e9:da:36:3a:09:b3:ea:
                    aa:81:d2:ec:e5:b4:18:5c:86:9c:76:71:e8:65:a6:
                    e2:d3:66:58:1d:65:b8:59:60:10:e2:7d:c4:2d:0f:
                    42:a5:8f:88:94:43:11:bb:98:ab:3a:87:88:00:26:
                    35:1a:9a:70:6b:47:d8:4d:03:f0:54:a2:45:4b:4d:
                    7a:b8:07:a9:a5:9b:22:b8:3c:ef:00:f6:ba:be:8e:
                    92:bc:8c:7b:d8:32:5e:6f:ff:ca:3d:63:17:ff:00:
                    6a:58:2b:3f:34:48:08:61:c8:01:ac:aa:74:63:7e:
                    6b:8b:ac:1a:21:12:a2:a2:e3:28:b4:48:e9:88:10:
                    2d:78:eb:80:80:0f:23:c7:a9:e2:8d:93:97:d2:ee:
                    d7:5a:c1:58:0f:45:46:f4:6e:25:c7:9d:00:17:52:
                    05:5b:70:3d:e6:ef:f7:34:6b:fa:26:31:c7:f6:63:
                    64:bf:86:cd:a9:2f:94:a7:aa:b7:a2:97:01:1c:ea:
                    ed:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F3:81:72:83:A6:29:85:17:45:87:F6:78:6D:84:5E:81:AA:A4:13
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:a4:dc:17:27:81:bd:61:87:88:c9:f9:c8:a4:d9:d8:c7:0f:
         7e:54:db:7a:09:8d:d1:e8:00:be:0d:0d:8d:1f:12:e9:54:3f:
         39:79:3f:50:19:df:85:6a:c6:33:e9:37:2c:40:2b:ef:d0:57:
         41:b9:49:f8:28:81:02:ac:e3:55:54:e7:44:9a:6f:e4:a4:15:
         b1:1e:02:cc:44:b6:c6:bd:cc:e1:dd:90:32:8c:48:c1:fe:2f:
         da:95:de:8b:91:f7:16:b6:25:88:87:38:49:e8:74:95:d5:f7:
         74:93:dc:81:e0:ae:63:77:1e:99:7b:4e:5e:88:0f:e9:8f:f0:
         6f:61:7e:9d:8e:55:30:66:58:e3:ee:08:80:be:6d:4a:b7:14:
         a8:1c:01:1d:44:65:43:4c:bb:54:fc:b3:0d:6a:f6:8b:e2:ec:
         5d:db:bd:eb:01:af:b3:b3:aa:16:89:1e:e1:90:45:75:33:dc:
         a7:07:2d:29:18:f7:8e:6b:97:d8:97:0f:92:57:1d:94:01:c2:
         5f:a9:22:d3:1a:d4:49:87:a8:19:ab:05:a7:63:ee:a8:ac:ae:
         63:7c:87:b0:d1:a2:08:bf:3c:80:84:47:5a:59:f0:e0:2b:57:
         cf:1e:0e:72:ca:19:c0:9d:98:70:27:8a:40:44:29:75:7f:47:
         3f:df:a7:cb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGjdqr94EpdQqhjmFx87e/6dsiC4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDAyMjgyMzU1NDFaFw0yNTAyMjcwMDAwNDFaMDMxMTAvBgNV
BAMTKEQ3RjM4MTcyODNBNjI5ODUxNzQ1ODdGNjc4NkQ4NDVFODFBQUE0MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdca9FuXzmFuYyjGROGZ3QYaXb
Stbjf/PjZ6vvnkOlWsFp89ih7YQjkmfazzXEReXDlpb8X1zQoOBUhLbyOdpM7Gdu
6do2Ogmz6qqB0uzltBhchpx2cehlpuLTZlgdZbhZYBDifcQtD0Klj4iUQxG7mKs6
h4gAJjUamnBrR9hNA/BUokVLTXq4B6mlmyK4PO8A9rq+jpK8jHvYMl5v/8o9Yxf/
AGpYKz80SAhhyAGsqnRjfmuLrBohEqKi4yi0SOmIEC1464CADyPHqeKNk5fS7tda
wVgPRUb0biXHnQAXUgVbcD3m7/c0a/omMcf2Y2S/hs2pL5SnqreilwEc6u07AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1/OBcoOmKYUXRYf2eG2EXoGqpBMwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dEw
DQYJKoZIhvcNAQELBQADggEBABak3Bcngb1hh4jJ+cik2djHD35U23oJjdHoAL4N
DY0fEulUPzl5P1AZ34VqxjPpNyxAK+/QV0G5SfgogQKs41VU50Sab+SkFbEeAsxE
tsa9zOHdkDKMSMH+L9qV3ouR9xa2JYiHOEnodJXV93ST3IHgrmN3Hpl7Tl6ID+mP
8G9hfp2OVTBmWOPuCIC+bUq3FKgcAR1EZUNMu1T8sw1q9ovi7F3bvesBr7OzqhaJ
HuGQRXUz3KcHLSkY945rl9iXD5JXHZQBwl+pItMa1EmHqBmrBadj7qisrmN8h7DR
ogi/PICER1pZ8OArV88eDnLKGcCdmHAnikBEKXV/Rz/fp8s=
-----END CERTIFICATE-----