Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3231372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          pYLXnPrVTx/dwS8/HvERLTLp+Ec1pvkI2Hi+6HuWN4Q=
Subject key identifier:   F5:D5:A9:63:44:80:B4:FF:AF:CF:E5:2E:31:0F:12:9D:72:AB:54:FC
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6F11A6D6CB7AF0C28CA2BA26B24DB2340ABECCC3
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 01 Mar 2025 00:03:36 +0000
ROA not before:           Fri 28 Feb 2025 23:58:36 +0000
ROA not after:            Sat 28 Feb 2026 00:03:36 +0000
asID:                     834
IP address blocks:        85.237.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:50:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:11:a6:d6:cb:7a:f0:c2:8c:a2:ba:26:b2:4d:b2:34:0a:be:cc:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Feb 28 23:58:36 2025 GMT
            Not After : Feb 28 00:03:36 2026 GMT
        Subject: CN=F5D5A9634480B4FFAFCFE52E310F129D72AB54FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:ad:b3:87:54:53:38:24:65:2e:16:07:cb:7a:
                    63:f7:e2:ae:ca:dc:85:22:30:5a:6b:01:92:0e:7e:
                    26:6c:b7:10:af:3e:3d:80:b3:bd:23:86:a9:e7:0d:
                    d8:52:af:c8:46:c4:07:38:3d:34:26:69:c9:ef:e7:
                    50:bc:e9:42:f4:74:a7:e4:6e:d8:ba:8f:f0:2c:2e:
                    69:6f:a5:7b:59:20:73:e0:db:d9:cb:c8:43:f9:82:
                    ba:d9:59:42:18:ef:b4:ad:54:91:4b:ae:fa:20:24:
                    fa:5c:d4:a9:68:48:b4:46:c3:9f:6f:52:ff:a6:f5:
                    50:8e:94:b9:d9:9c:24:aa:72:8e:88:50:f0:d5:98:
                    71:9d:14:cb:52:f3:1c:ab:5f:d3:e2:de:52:5e:49:
                    c1:57:83:ca:b0:3d:40:8a:01:c7:20:97:a1:fc:31:
                    64:18:91:8c:03:83:52:b0:6c:72:cd:8f:1d:99:28:
                    d8:a6:a2:96:a8:e6:6f:ac:29:11:72:fa:c3:8a:65:
                    a6:86:8d:6c:51:7e:32:a1:4f:ae:77:4d:2a:c8:ae:
                    03:c9:8d:5d:14:af:de:69:18:f1:b6:81:59:72:e9:
                    c0:6d:e6:87:0c:22:32:91:b2:55:d4:6b:72:3f:5f:
                    d6:61:81:ab:93:26:6f:86:c8:6e:9a:5b:f6:f0:8b:
                    9e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:D5:A9:63:44:80:B4:FF:AF:CF:E5:2E:31:0F:12:9D:72:AB:54:FC
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:49:d1:9d:1e:a5:30:45:6f:18:92:9f:4c:d8:fd:6a:51:61:
         8c:1a:99:bd:a3:56:df:2a:40:39:7f:29:46:2a:36:f3:00:c6:
         d1:56:ce:3d:00:6b:f6:db:1c:46:2a:f2:e7:41:39:03:b9:45:
         ab:40:4d:33:0b:34:de:0b:fb:c6:78:3a:b2:65:63:fc:41:9d:
         46:5d:dc:d3:68:f4:fe:e0:7c:3a:1f:c1:6b:ce:3b:5c:55:4f:
         af:68:0c:44:27:65:cc:48:25:55:93:de:16:8a:2c:9c:ed:75:
         1d:1e:c5:b0:eb:66:91:5a:90:ed:3e:b0:45:0b:2c:84:77:3d:
         40:36:03:8a:df:f5:1c:4b:da:45:6d:a6:61:47:6d:68:7e:ac:
         60:0b:7e:8f:e1:dc:ed:f6:ab:7e:70:88:35:0f:e4:1b:76:71:
         71:9c:6f:0c:ac:0f:c8:a5:80:3e:df:c3:7c:7c:0d:4f:5b:ec:
         c6:97:b9:76:b2:91:fd:fd:80:18:19:7b:f3:85:ae:a1:69:06:
         68:e0:ea:95:23:8d:31:74:07:3f:62:70:35:0a:ec:62:97:cf:
         3b:79:50:d0:f9:f9:f9:38:c8:37:2a:89:a2:c7:86:73:5e:57:
         b4:84:b2:88:8b:9f:bc:77:f5:8b:01:7a:af:e7:2d:83:35:7d:
         7e:bb:09:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbxGm1st68MKMoromsk2yNAq+zMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAyMjgyMzU4MzZaFw0yNjAyMjgwMDAzMzZaMDMxMTAvBgNV
BAMTKEY1RDVBOTYzNDQ4MEI0RkZBRkNGRTUyRTMxMEYxMjlENzJBQjU0RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyrbOHVFM4JGUuFgfLemP34q7K
3IUiMFprAZIOfiZstxCvPj2As70jhqnnDdhSr8hGxAc4PTQmacnv51C86UL0dKfk
bti6j/AsLmlvpXtZIHPg29nLyEP5grrZWUIY77StVJFLrvogJPpc1KloSLRGw59v
Uv+m9VCOlLnZnCSqco6IUPDVmHGdFMtS8xyrX9Pi3lJeScFXg8qwPUCKAccgl6H8
MWQYkYwDg1KwbHLNjx2ZKNimopao5m+sKRFy+sOKZaaGjWxRfjKhT653TSrIrgPJ
jV0Ur95pGPG2gVly6cBt5ocMIjKRslXUa3I/X9ZhgauTJm+GyG6aW/bwi54nAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU9dWpY0SAtP+vz+UuMQ8SnXKrVPwwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dkw
DQYJKoZIhvcNAQELBQADggEBAFRJ0Z0epTBFbxiSn0zY/WpRYYwamb2jVt8qQDl/
KUYqNvMAxtFWzj0Aa/bbHEYq8udBOQO5RatATTMLNN4L+8Z4OrJlY/xBnUZd3NNo
9P7gfDofwWvOO1xVT69oDEQnZcxIJVWT3haKLJztdR0exbDrZpFakO0+sEULLIR3
PUA2A4rf9RxL2kVtpmFHbWh+rGALfo/h3O32q35wiDUP5Bt2cXGcbwysD8ilgD7f
w3x8DU9b7MaXuXaykf39gBgZe/OFrqFpBmjg6pUjjTF0Bz9icDUK7GKXzzt5UND5
+fk4yDcqiaLHhnNeV7SEsoiLn7x39YsBeq/nLYM1fX67Ce8=
-----END CERTIFICATE-----