Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3231372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          NVHQkLDfyiKU8w8Sn6I9RWt46r/+bE0J2QWit/eFfys=
Subject key identifier:   77:0A:D2:34:71:2B:39:7A:9E:56:10:8F:76:CD:F5:05:75:5B:1C:67
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6EA720021F269B7AF7223BAEF07E4580A93EA403
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 30 Aug 2025 00:09:03 +0000
ROA not before:           Sat 30 Aug 2025 00:04:03 +0000
ROA not after:            Sat 29 Aug 2026 00:09:03 +0000
asID:                     834
IP address blocks:        85.237.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:a7:20:02:1f:26:9b:7a:f7:22:3b:ae:f0:7e:45:80:a9:3e:a4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Aug 30 00:04:03 2025 GMT
            Not After : Aug 29 00:09:03 2026 GMT
        Subject: CN=770AD234712B397A9E56108F76CDF505755B1C67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d0:d0:d2:dd:f5:c5:99:8a:b0:0b:e0:4b:6e:
                    6e:0a:99:7b:7f:bb:a8:39:4b:5e:4c:1f:11:a2:43:
                    97:f7:7a:90:5d:58:44:82:6b:7d:1b:16:5f:d9:2b:
                    4e:8b:5f:c5:79:b4:47:ae:25:94:04:28:f6:76:42:
                    7e:0b:61:4d:92:e6:1c:d8:c7:87:bf:f1:a9:d8:60:
                    19:ab:7c:a6:ef:64:1c:75:c8:c1:63:d1:1d:6a:ec:
                    19:76:c2:13:e7:3c:60:43:97:0c:9b:b7:4a:18:e5:
                    61:bd:1b:2b:e1:f1:6f:b7:80:09:f9:45:5f:ff:7e:
                    d9:42:35:61:54:ca:c5:c2:5c:f5:0d:3d:cf:e5:7b:
                    18:53:cd:24:85:b3:57:15:5d:ab:65:ac:bd:f9:a4:
                    58:b5:ca:27:bf:c1:3d:6b:46:7a:5b:dc:5b:50:0d:
                    d1:9a:a8:d2:46:0e:18:06:33:52:db:93:60:d9:ed:
                    30:3c:0d:72:b9:49:27:0f:77:07:4e:e7:02:9b:94:
                    bc:91:fc:9a:11:87:17:05:43:49:56:14:05:5c:4d:
                    2c:30:79:20:ca:a8:bb:fb:29:5a:c6:0f:f6:a1:a0:
                    61:d2:51:c9:bb:ab:b4:b4:90:38:1d:c9:eb:3a:24:
                    7e:3d:06:f1:2f:30:b7:e1:bb:62:d7:e3:52:23:b4:
                    aa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:0A:D2:34:71:2B:39:7A:9E:56:10:8F:76:CD:F5:05:75:5B:1C:67
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:aa:a6:e6:6f:68:17:ce:ee:6b:49:16:d0:c9:4b:3b:5e:54:
         6e:6b:e4:70:44:dd:8a:00:25:6b:5f:4e:74:89:9f:f6:98:13:
         66:e9:4a:d7:69:0f:a0:ca:28:5b:36:fa:59:97:4f:b4:b2:7d:
         82:e6:b1:86:50:e4:fc:74:3d:58:bc:2a:f4:85:60:a6:28:5b:
         dc:14:53:c4:0b:f7:99:09:4b:c3:85:4d:11:42:a7:fe:4d:fa:
         a3:84:50:44:8a:e1:8b:5f:72:5c:4c:83:52:c6:7a:37:80:7e:
         64:bd:a8:ab:8c:a7:f0:ae:2b:b8:7e:2d:08:b7:3b:e1:25:a2:
         17:4d:22:b1:73:24:b8:33:80:b3:16:93:59:1c:4c:7f:27:2e:
         cd:db:80:30:ca:16:14:ba:1e:02:03:ca:6d:57:29:3d:08:d8:
         e9:f7:48:67:93:89:66:51:9f:d8:4e:62:b7:e6:de:76:46:b1:
         42:c2:8a:5f:f4:46:79:d2:b9:8f:43:77:5f:73:93:9a:a9:a7:
         4d:3a:6b:6d:ad:c8:95:20:9f:4a:42:89:62:12:e3:8b:b6:60:
         23:71:fe:1d:61:b9:a0:c2:85:1e:4c:ca:a0:aa:22:6f:4e:8b:
         e0:2c:43:5a:bf:4c:22:af:f3:01:72:fe:16:d1:18:bc:86:90:
         4b:ef:d1:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbqcgAh8mm3r3Ijuu8H5FgKk+pAMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA4MzAwMDA0MDNaFw0yNjA4MjkwMDA5MDNaMDMxMTAvBgNV
BAMTKDc3MEFEMjM0NzEyQjM5N0E5RTU2MTA4Rjc2Q0RGNTA1NzU1QjFDNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI0NDS3fXFmYqwC+BLbm4KmXt/
u6g5S15MHxGiQ5f3epBdWESCa30bFl/ZK06LX8V5tEeuJZQEKPZ2Qn4LYU2S5hzY
x4e/8anYYBmrfKbvZBx1yMFj0R1q7Bl2whPnPGBDlwybt0oY5WG9Gyvh8W+3gAn5
RV//ftlCNWFUysXCXPUNPc/lexhTzSSFs1cVXatlrL35pFi1yie/wT1rRnpb3FtQ
DdGaqNJGDhgGM1Lbk2DZ7TA8DXK5SScPdwdO5wKblLyR/JoRhxcFQ0lWFAVcTSww
eSDKqLv7KVrGD/ahoGHSUcm7q7S0kDgdyes6JH49BvEvMLfhu2LX41IjtKqfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdwrSNHErOXqeVhCPds31BXVbHGcwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dkw
DQYJKoZIhvcNAQELBQADggEBAB2qpuZvaBfO7mtJFtDJSzteVG5r5HBE3YoAJWtf
TnSJn/aYE2bpStdpD6DKKFs2+lmXT7SyfYLmsYZQ5Px0PVi8KvSFYKYoW9wUU8QL
95kJS8OFTRFCp/5N+qOEUESK4YtfclxMg1LGejeAfmS9qKuMp/CuK7h+LQi3O+El
ohdNIrFzJLgzgLMWk1kcTH8nLs3bgDDKFhS6HgIDym1XKT0I2On3SGeTiWZRn9hO
Yrfm3nZGsULCil/0RnnSuY9Dd19zk5qpp006a22tyJUgn0pCiWIS44u2YCNx/h1h
uaDChR5MyqCqIm9Oi+AsQ1q/TCKv8wFy/hbRGLyGkEvv0ck=
-----END CERTIFICATE-----