Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e203134343435.roa
File:                     38352e3233372e3232302e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          9malZ46HFJMjXzYGxuF+snc0G66jBh3QxkwMmdF6x2o=
Subject key identifier:   10:C0:91:ED:97:9F:65:CD:F4:BF:DB:87:79:BF:6C:43:4F:56:D1:07
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       43A840A5EABAC9769AD642EB1C3B69391EFD3946
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e203134343435.roa
Signing time:             Wed 08 Nov 2023 09:21:06 +0000
ROA not before:           Wed 08 Nov 2023 09:16:06 +0000
ROA not after:            Wed 06 Nov 2024 09:21:06 +0000
asID:                     14445
IP address blocks:        85.237.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 Mar 2024 15:44:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a8:40:a5:ea:ba:c9:76:9a:d6:42:eb:1c:3b:69:39:1e:fd:39:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov  8 09:16:06 2023 GMT
            Not After : Nov  6 09:21:06 2024 GMT
        Subject: CN=10C091ED979F65CDF4BFDB8779BF6C434F56D107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ca:fb:ca:68:ac:4d:00:41:32:5e:d6:2e:51:
                    5a:c1:bf:b5:14:48:74:4f:f8:59:96:9e:7f:9b:de:
                    da:66:cd:64:05:72:0d:8b:64:70:d1:fb:13:92:21:
                    59:c3:64:8a:62:06:be:ed:40:7e:dd:d4:86:d0:6e:
                    a6:a5:37:c1:0e:1f:c1:be:e8:75:cc:58:36:b1:0b:
                    0f:ae:37:8e:81:80:45:d5:2e:e8:46:cc:6e:6d:a2:
                    fc:a2:5e:01:72:da:f5:9d:cf:f4:1f:04:dd:6c:cc:
                    b4:12:39:33:ce:a1:71:ec:62:22:ce:55:ec:28:1c:
                    72:8a:dc:20:69:1f:ab:ab:b3:fe:3b:09:d1:7d:04:
                    77:b9:63:ae:0f:6a:c9:79:fe:02:ce:db:b3:2c:25:
                    24:e0:e0:f3:17:1a:51:55:5f:bc:5f:29:b3:4c:bf:
                    39:7e:d2:59:3c:7d:28:fd:ec:8a:88:5d:21:9b:27:
                    9c:57:a4:12:45:7d:a2:38:40:46:2d:4c:31:fd:cb:
                    8a:60:df:fb:b2:3d:72:93:81:3e:65:0e:97:9e:7d:
                    5a:37:30:57:ee:03:49:5f:f5:93:97:b8:f9:2a:6d:
                    b7:71:8e:30:af:70:45:a5:4c:42:56:33:9d:35:28:
                    73:d3:43:0a:54:3c:df:82:a4:a6:02:4a:19:fa:4f:
                    d9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C0:91:ED:97:9F:65:CD:F4:BF:DB:87:79:BF:6C:43:4F:56:D1:07
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:cc:2c:e6:a2:31:61:7f:5c:05:6e:0a:05:5f:e1:bf:01:21:
         15:5b:15:9b:85:43:68:0e:30:c2:2f:cc:cc:0d:94:2e:81:35:
         83:2f:19:86:88:6f:81:82:77:41:07:8a:ad:bc:ce:a1:c9:a1:
         90:11:9d:ef:d7:58:e6:14:80:5f:b2:60:6f:cb:b0:e5:64:b3:
         4e:de:b7:6d:fd:84:ae:95:8d:b9:7c:4b:b1:8c:aa:6f:5c:67:
         03:7a:a7:20:5d:80:59:b7:d2:f9:ac:6d:dd:2a:90:4a:31:e3:
         c5:d6:97:49:e1:8e:51:6b:5c:e1:6f:4e:32:7e:b3:be:48:7e:
         2c:97:8e:91:32:31:84:73:d2:ec:01:18:d0:80:74:f1:af:b2:
         d9:db:bb:b7:38:11:f0:cf:d9:25:e0:18:88:58:60:5d:3a:74:
         74:26:6f:31:a7:fc:4f:cf:e6:92:f3:bf:4c:82:e5:f4:2f:0d:
         a2:26:f6:35:24:6f:e6:e5:a8:76:e4:b6:46:6e:00:7b:eb:ef:
         f5:0b:3f:03:19:5b:c6:b3:5a:24:d5:3b:e6:b7:d2:d7:45:ce:
         e4:3f:2c:2a:36:7d:ce:fe:47:44:ce:58:9c:f9:50:32:b0:c1:
         52:e4:00:f1:69:a3:20:75:ac:6b:aa:1a:9e:23:e7:b8:8a:9b:
         4c:41:ca:88
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUQ6hApeq6yXaa1kLrHDtpOR79OUYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yMzExMDgwOTE2MDZaFw0yNDExMDYwOTIxMDZaMDMxMTAvBgNV
BAMTKDEwQzA5MUVEOTc5RjY1Q0RGNEJGREI4Nzc5QkY2QzQzNEY1NkQxMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTyvvKaKxNAEEyXtYuUVrBv7UU
SHRP+FmWnn+b3tpmzWQFcg2LZHDR+xOSIVnDZIpiBr7tQH7d1IbQbqalN8EOH8G+
6HXMWDaxCw+uN46BgEXVLuhGzG5tovyiXgFy2vWdz/QfBN1szLQSOTPOoXHsYiLO
VewoHHKK3CBpH6urs/47CdF9BHe5Y64Pasl5/gLO27MsJSTg4PMXGlFVX7xfKbNM
vzl+0lk8fSj97IqIXSGbJ5xXpBJFfaI4QEYtTDH9y4pg3/uyPXKTgT5lDpeefVo3
MFfuA0lf9ZOXuPkqbbdxjjCvcEWlTEJWM501KHPTQwpUPN+CpKYCShn6T9kpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUEMCR7ZefZc30v9uHeb9sQ09W0QcwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzQzNDM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Ve3cMA0GCSqGSIb3DQEBCwUAA4IBAQBBzCzmojFhf1wFbgoFX+G/ASEVWxWbhUNo
DjDCL8zMDZQugTWDLxmGiG+BgndBB4qtvM6hyaGQEZ3v11jmFIBfsmBvy7DlZLNO
3rdt/YSulY25fEuxjKpvXGcDeqcgXYBZt9L5rG3dKpBKMePF1pdJ4Y5Ra1zhb04y
frO+SH4sl46RMjGEc9LsARjQgHTxr7LZ27u3OBHwz9kl4BiIWGBdOnR0Jm8xp/xP
z+aS879MguX0Lw2iJvY1JG/m5ah25LZGbgB76+/1Cz8DGVvGs1ok1Tvmt9LXRc7k
PywqNn3O/kdEzlic+VAysMFS5ADxaaMgdaxrqhqeI+e4iptMQcqI
-----END CERTIFICATE-----
Generated at Sat Mar 2 21:13:50 2024 by rpki-client on console-fra.rpki-client.org