Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa
File:                     38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          fc5NXpd845Pb6Z3IPS3voa/X/GD8MpSej0aAocv3yvc=
Subject key identifier:   35:77:45:43:B2:48:37:9D:11:0F:4E:CC:88:F0:B7:61:B5:F0:7A:8B
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       4ADF0AD2207CDB9FC7E7F54C51D82C5D7E1FB34B
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa
Signing time:             Wed 09 Oct 2024 09:43:22 +0000
ROA not before:           Wed 09 Oct 2024 09:38:22 +0000
ROA not after:            Wed 08 Oct 2025 09:43:22 +0000
asID:                     211373
IP address blocks:        85.237.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Dec 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:df:0a:d2:20:7c:db:9f:c7:e7:f5:4c:51:d8:2c:5d:7e:1f:b3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Oct  9 09:38:22 2024 GMT
            Not After : Oct  8 09:43:22 2025 GMT
        Subject: CN=35774543B248379D110F4ECC88F0B761B5F07A8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e9:8c:a0:a3:58:4d:e2:e2:85:52:09:4d:14:
                    70:59:9c:18:84:76:23:de:66:6b:b3:f9:72:2d:82:
                    00:46:41:77:9d:35:c5:b7:1f:f3:d9:e6:e3:91:f0:
                    e3:a2:b8:fd:96:8c:13:04:09:d1:16:38:6f:02:c5:
                    93:03:2a:a9:b1:35:d2:00:8c:fb:fc:4f:70:e0:35:
                    c1:76:8b:5c:06:02:ea:34:82:73:43:e1:b4:16:49:
                    6b:82:50:9e:cd:5b:f7:2c:a8:03:7a:da:6d:5f:ce:
                    dd:3a:f3:b5:81:2f:09:9e:b2:84:47:cf:62:35:e3:
                    4a:a4:28:8e:c4:db:80:5f:7d:79:dd:88:b5:24:15:
                    8c:4c:b3:58:2f:aa:9b:34:3b:b2:3c:48:cb:54:7e:
                    7e:23:22:f8:c2:18:56:8c:46:91:b4:f5:39:d8:a6:
                    7e:10:99:39:9f:ce:5f:fb:75:57:66:e0:74:67:62:
                    1a:b1:76:83:14:ed:db:c1:2e:88:6d:0b:be:c6:c5:
                    69:13:bf:67:50:99:b5:a4:c2:8c:aa:eb:4f:9a:b8:
                    f9:b1:31:20:b3:1d:a2:59:0a:97:4a:ee:28:bc:cb:
                    40:bb:9a:0e:98:c9:7c:43:9d:59:1c:b8:70:67:b3:
                    a7:1b:6c:b3:3f:f7:12:18:df:44:46:99:20:ed:1e:
                    32:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:77:45:43:B2:48:37:9D:11:0F:4E:CC:88:F0:B7:61:B5:F0:7A:8B
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:13:a3:1a:bf:55:4b:34:5d:f7:c2:42:11:dd:88:16:fa:bd:
         f5:7c:cc:62:3a:3d:68:1c:8b:52:2f:a9:43:b7:f3:81:e9:94:
         19:35:79:3c:b6:fd:49:80:d7:75:45:8b:7a:aa:01:54:d1:f4:
         bb:44:ab:a9:84:2d:1d:27:ed:a9:ca:e9:2f:69:b8:43:ea:53:
         d1:a7:01:2d:b3:73:c5:78:ac:8c:f7:a2:31:f7:f3:75:1e:77:
         b0:3d:c8:a6:4a:6e:31:f6:27:99:aa:06:a1:31:74:b9:cf:86:
         ed:22:ef:57:52:fd:93:cb:ac:45:26:2b:33:94:a4:29:3f:43:
         49:92:72:38:96:32:1f:a8:d1:b5:98:c2:bc:55:da:e3:c7:51:
         fc:ca:6e:28:5c:e6:6d:9a:d1:21:b2:53:b9:7a:68:a8:bb:19:
         68:a6:ef:8e:cc:f5:b4:7d:7c:84:d4:05:53:1b:63:62:17:76:
         2b:63:2b:61:d0:73:d4:2a:bc:62:4e:70:18:e2:c6:f7:cb:f1:
         c1:cc:9b:cc:1f:cb:45:16:3a:af:e1:2d:aa:69:9a:65:0c:a2:
         d9:2b:9b:6b:27:be:8c:19:51:cd:f5:31:65:6f:40:f1:ec:22:
         ab:b1:bc:19:86:f8:d2:ef:8e:17:9a:91:41:24:09:9c:8b:1a:
         5e:c8:e6:2b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSt8K0iB825/H5/VMUdgsXX4fs0swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNDEwMDkwOTM4MjJaFw0yNTEwMDgwOTQzMjJaMDMxMTAvBgNV
BAMTKDM1Nzc0NTQzQjI0ODM3OUQxMTBGNEVDQzg4RjBCNzYxQjVGMDdBOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC16Yygo1hN4uKFUglNFHBZnBiE
diPeZmuz+XItggBGQXedNcW3H/PZ5uOR8OOiuP2WjBMECdEWOG8CxZMDKqmxNdIA
jPv8T3DgNcF2i1wGAuo0gnND4bQWSWuCUJ7NW/csqAN62m1fzt0687WBLwmesoRH
z2I140qkKI7E24BffXndiLUkFYxMs1gvqps0O7I8SMtUfn4jIvjCGFaMRpG09TnY
pn4QmTmfzl/7dVdm4HRnYhqxdoMU7dvBLohtC77GxWkTv2dQmbWkwoyq60+auPmx
MSCzHaJZCpdK7ii8y0C7mg6YyXxDnVkcuHBns6cbbLM/9xIY30RGmSDtHjJRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUNXdFQ7JIN50RD07MiPC3YbXweoswHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzEzMzM3MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7dUwDQYJKoZIhvcNAQELBQADggEBAJQToxq/VUs0XffCQhHdiBb6vfV8zGI6
PWgci1IvqUO384HplBk1eTy2/UmA13VFi3qqAVTR9LtEq6mELR0n7anK6S9puEPq
U9GnAS2zc8V4rIz3ojH383Ued7A9yKZKbjH2J5mqBqExdLnPhu0i71dS/ZPLrEUm
KzOUpCk/Q0mScjiWMh+o0bWYwrxV2uPHUfzKbihc5m2a0SGyU7l6aKi7GWim747M
9bR9fITUBVMbY2IXditjK2HQc9QqvGJOcBjixvfL8cHMm8wfy0UWOq/hLappmmUM
otkrm2snvowZUc31MWVvQPHsIquxvBmG+NLvjheakUEkCZyLGl7I5is=
-----END CERTIFICATE-----
Generated at Fri Dec 13 14:11:20 2024 by rpki-client on console-fra.rpki-client.org