Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231392e302f32342d3234203d3e20343030303339.roa
File:                     38352e3233372e3231392e302f32342d3234203d3e20343030303339.roa (raw, json)
Hash identifier:          +o3M1boeduvSq4gE6wYkIahuCTfRsAFXOVtI6nModaI=
Subject key identifier:   CA:0C:C6:BC:ED:12:FB:EA:92:A9:9C:C6:6A:42:01:3B:6D:63:57:CB
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       7FF9B59B9BFDBE6389FF19E06E8B6CF5DB349DC2
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231392e302f32342d3234203d3e20343030303339.roa
Signing time:             Wed 10 Sep 2025 09:55:02 +0000
ROA not before:           Wed 10 Sep 2025 09:50:02 +0000
ROA not after:            Wed 09 Sep 2026 09:55:02 +0000
asID:                     400039
IP address blocks:        85.237.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:f9:b5:9b:9b:fd:be:63:89:ff:19:e0:6e:8b:6c:f5:db:34:9d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 10 09:50:02 2025 GMT
            Not After : Sep  9 09:55:02 2026 GMT
        Subject: CN=CA0CC6BCED12FBEA92A99CC66A42013B6D6357CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:11:d2:e7:e6:58:70:ac:04:ea:07:3a:e8:
                    a8:1f:0a:44:f1:30:e4:dc:37:2c:30:5e:9e:65:f7:
                    31:de:f6:91:7c:99:06:a2:f3:a4:4f:04:67:ba:34:
                    aa:35:05:4e:21:e8:a1:fa:b8:ef:6d:ea:9e:ff:38:
                    43:f0:9c:1f:64:37:ec:be:ca:6c:15:a2:5f:df:85:
                    d4:09:60:4f:03:49:a6:30:f8:67:6a:86:4c:bf:7b:
                    6e:d3:fd:fa:dd:53:ad:3f:a8:08:42:be:6e:0b:12:
                    75:86:71:ea:3d:b3:81:de:db:6f:33:30:6c:33:84:
                    5d:74:d5:66:de:6c:50:f6:18:3b:f1:a3:2f:a0:2c:
                    17:f4:7f:34:de:1a:fd:f1:0f:e5:90:78:64:2f:f2:
                    21:d9:7c:2c:0c:84:f2:37:34:61:c5:9c:27:04:d3:
                    0a:56:fc:95:cd:5c:51:fb:85:14:c2:e2:5e:1d:3f:
                    a6:e2:94:8d:b7:8b:aa:67:8b:0f:82:a1:4b:ff:a7:
                    2f:47:83:60:7b:fd:de:98:46:2f:24:38:22:a8:63:
                    b5:29:4f:01:b5:e4:39:cd:13:5a:54:ee:d5:d1:5b:
                    7f:aa:ae:af:f6:39:1a:99:bb:1a:6c:a2:73:3c:9b:
                    8d:25:45:34:2b:17:9c:e9:77:c6:50:e6:3d:75:ce:
                    f6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0C:C6:BC:ED:12:FB:EA:92:A9:9C:C6:6A:42:01:3B:6D:63:57:CB
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231392e302f32342d3234203d3e20343030303339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:09:b0:29:f3:78:e1:9f:21:33:59:c0:92:c4:41:a2:df:c2:
         e1:2f:7a:a4:1a:e7:eb:d5:24:fc:55:a8:e5:b4:81:99:96:bb:
         6c:0f:7d:0a:ee:ae:6d:02:1e:d9:ba:4d:b3:19:42:79:9f:bd:
         e8:cb:28:48:d6:ec:39:1e:0f:44:f1:6b:84:31:4a:e2:1e:79:
         25:f2:e1:18:31:34:67:02:32:dd:0c:92:fe:8a:c2:e8:91:19:
         08:c5:ec:98:9d:0a:dd:fd:88:b6:04:9a:3e:f3:1f:bb:b8:ae:
         b4:76:c2:e9:22:fb:39:cf:81:a6:11:58:09:aa:47:6d:fe:9b:
         76:2b:09:68:f9:48:cf:56:6a:68:8a:f1:e0:a9:82:06:16:5c:
         2e:6c:94:f0:4d:84:4e:82:70:b6:b5:85:ea:0b:70:f7:c4:d1:
         4a:ca:1a:3e:2c:70:9e:ac:ff:c9:25:a2:4a:31:2b:d0:3f:31:
         42:a2:12:73:46:ab:87:4d:54:9b:2f:7a:1c:f7:4c:a6:bb:2b:
         af:96:10:b9:73:f5:9d:9c:a7:05:16:41:4a:9b:32:b7:1f:f9:
         6e:49:ee:97:2b:5a:0a:0e:75:ee:4f:2b:3b:02:58:83:96:0b:
         69:38:b7:c3:5e:86:e5:bd:97:b2:fa:e5:2c:7a:6f:18:36:c1:
         ae:fd:74:7f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUf/m1m5v9vmOJ/xngbots9ds0ncIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDJaFw0yNjA5MDkwOTU1MDJaMDMxMTAvBgNV
BAMTKENBMENDNkJDRUQxMkZCRUE5MkE5OUNDNjZBNDIwMTNCNkQ2MzU3Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtYBHS5+ZYcKwE6gc66KgfCkTx
MOTcNywwXp5l9zHe9pF8mQai86RPBGe6NKo1BU4h6KH6uO9t6p7/OEPwnB9kN+y+
ymwVol/fhdQJYE8DSaYw+Gdqhky/e27T/frdU60/qAhCvm4LEnWGceo9s4He228z
MGwzhF101WbebFD2GDvxoy+gLBf0fzTeGv3xD+WQeGQv8iHZfCwMhPI3NGHFnCcE
0wpW/JXNXFH7hRTC4l4dP6bilI23i6pniw+CoUv/py9Hg2B7/d6YRi8kOCKoY7Up
TwG15DnNE1pU7tXRW3+qrq/2ORqZuxpsonM8m40lRTQrF5zpd8ZQ5j11zvb3AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUygzGvO0S++qSqZzGakIBO21jV8swHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzAzMDMzMzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7dswDQYJKoZIhvcNAQELBQADggEBAFoJsCnzeOGfITNZwJLEQaLfwuEveqQa
5+vVJPxVqOW0gZmWu2wPfQrurm0CHtm6TbMZQnmfvejLKEjW7DkeD0Txa4QxSuIe
eSXy4RgxNGcCMt0Mkv6KwuiRGQjF7JidCt39iLYEmj7zH7u4rrR2wuki+znPgaYR
WAmqR23+m3YrCWj5SM9WamiK8eCpggYWXC5slPBNhE6CcLa1heoLcPfE0UrKGj4s
cJ6s/8klokoxK9A/MUKiEnNGq4dNVJsvehz3TKa7K6+WELlz9Z2cpwUWQUqbMrcf
+W5J7pcrWgoOde5PKzsCWIOWC2k4t8NehuW9l7L65Sx6bxg2wa79dH8=
-----END CERTIFICATE-----
Generated at Sun Sep 14 00:11:51 2025 by rpki-client