Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e203134343435.roa
File:                     38352e3233372e3232312e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          T8jZogupP0egBCaPQSyGKlJwNHvV1lKT0XqnDjnedfY=
Subject key identifier:   93:C2:94:1A:41:8D:3C:81:59:8B:B4:F4:F9:6C:96:88:2E:5D:5E:07
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       152AC38E577C2016F3D6ED5712239589041AB1E0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e203134343435.roa
Signing time:             Wed 08 Nov 2023 09:21:09 +0000
ROA not before:           Wed 08 Nov 2023 09:16:09 +0000
ROA not after:            Wed 06 Nov 2024 09:21:09 +0000
asID:                     14445
IP address blocks:        85.237.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Mar 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2a:c3:8e:57:7c:20:16:f3:d6:ed:57:12:23:95:89:04:1a:b1:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Nov  8 09:16:09 2023 GMT
            Not After : Nov  6 09:21:09 2024 GMT
        Subject: CN=93C2941A418D3C81598BB4F4F96C96882E5D5E07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f0:a8:1b:d7:c2:f7:ac:d9:a8:cd:fb:ee:90:
                    c2:64:ec:ea:67:67:80:f6:8e:f1:9c:48:a9:82:e0:
                    98:14:da:ce:ff:5f:58:eb:ef:4b:75:fc:33:94:11:
                    34:7b:97:e9:bc:bb:ef:64:47:44:d1:9d:e3:1b:bf:
                    ee:88:d0:36:cb:88:63:7f:8f:61:3e:32:dc:00:55:
                    2e:f8:26:ef:64:d8:d7:7a:ab:d8:a2:b1:ad:1d:5d:
                    2f:54:cd:17:f0:09:39:f4:16:a1:d8:ad:76:a6:d7:
                    89:c0:0c:6a:fa:fc:b5:6f:b3:bf:d3:3e:d8:ee:1e:
                    51:62:44:08:f2:94:a1:0f:46:43:d4:bb:26:cd:5a:
                    76:1b:b7:5d:5b:68:90:ad:e5:cb:d0:f7:56:e9:0d:
                    98:35:59:fe:12:c8:63:de:a5:8a:e5:b2:2a:f1:1b:
                    16:a3:ff:ee:a8:b4:fd:c0:61:f5:ae:d7:20:f0:71:
                    49:a8:9d:30:c2:e6:b5:d6:88:e8:ea:1b:3a:db:f3:
                    05:ce:ba:6a:ef:b6:bc:f6:03:57:ab:4f:80:7f:3e:
                    57:8a:50:38:b9:31:78:e5:60:84:38:a6:21:2f:d8:
                    c2:ce:88:3c:93:99:19:c2:0b:62:77:cc:36:28:33:
                    ac:bb:5d:59:6f:de:66:04:ea:eb:5a:c0:53:0b:45:
                    8f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C2:94:1A:41:8D:3C:81:59:8B:B4:F4:F9:6C:96:88:2E:5D:5E:07
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:f8:2b:37:05:16:53:74:0c:22:f0:05:bb:92:63:41:6e:db:
         1a:2e:f3:41:5b:e5:9f:ce:87:74:95:7d:02:f3:16:66:0b:21:
         46:23:72:7a:93:de:cb:a0:8d:30:56:a2:b7:62:b1:14:c7:bc:
         b5:dc:02:bd:c9:1c:03:65:bb:02:a3:f1:3c:a5:71:0e:30:bc:
         5b:c8:c4:c1:8c:89:1e:01:07:df:b6:9c:e8:4d:02:32:8f:98:
         43:7a:cb:2f:9c:cf:d2:4f:b9:c1:6e:de:4c:2d:a3:21:1a:4a:
         6e:0c:3a:86:a0:81:9d:81:dd:88:6e:91:a2:47:61:31:29:53:
         eb:86:f5:e9:14:87:77:18:3f:03:31:cb:c4:80:c8:f0:d3:ec:
         48:31:d5:30:54:ad:e4:5f:83:68:f9:2f:be:25:a0:ea:6d:a9:
         af:46:75:3c:b2:45:25:1c:3b:46:f8:df:b9:f6:a7:12:32:59:
         fa:08:58:6d:a7:2b:69:be:4e:70:06:5a:d0:ec:46:e9:8f:58:
         8e:dc:43:2a:0a:4f:82:53:f6:cd:c5:68:8a:d2:81:fb:63:0a:
         b2:34:ed:8d:3d:39:27:f9:57:5b:e1:12:7b:d7:1f:ce:e0:36:
         fd:e7:3d:20:89:4c:e5:ca:7f:c4:63:a7:48:21:ce:64:10:f8:
         7c:61:73:13
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUFSrDjld8IBbz1u1XEiOViQQaseAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yMzExMDgwOTE2MDlaFw0yNDExMDYwOTIxMDlaMDMxMTAvBgNV
BAMTKDkzQzI5NDFBNDE4RDNDODE1OThCQjRGNEY5NkM5Njg4MkU1RDVFMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ8Kgb18L3rNmozfvukMJk7Opn
Z4D2jvGcSKmC4JgU2s7/X1jr70t1/DOUETR7l+m8u+9kR0TRneMbv+6I0DbLiGN/
j2E+MtwAVS74Ju9k2Nd6q9iisa0dXS9UzRfwCTn0FqHYrXam14nADGr6/LVvs7/T
PtjuHlFiRAjylKEPRkPUuybNWnYbt11baJCt5cvQ91bpDZg1Wf4SyGPepYrlsirx
Gxaj/+6otP3AYfWu1yDwcUmonTDC5rXWiOjqGzrb8wXOumrvtrz2A1erT4B/PleK
UDi5MXjlYIQ4piEv2MLOiDyTmRnCC2J3zDYoM6y7XVlv3mYE6utawFMLRY+/AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUk8KUGkGNPIFZi7T0+WyWiC5dXgcwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzQzNDM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Ve3dMA0GCSqGSIb3DQEBCwUAA4IBAQCY+Cs3BRZTdAwi8AW7kmNBbtsaLvNBW+Wf
zod0lX0C8xZmCyFGI3J6k97LoI0wVqK3YrEUx7y13AK9yRwDZbsCo/E8pXEOMLxb
yMTBjIkeAQfftpzoTQIyj5hDessvnM/ST7nBbt5MLaMhGkpuDDqGoIGdgd2IbpGi
R2ExKVPrhvXpFId3GD8DMcvEgMjw0+xIMdUwVK3kX4No+S++JaDqbamvRnU8skUl
HDtG+N+59qcSMln6CFhtpytpvk5wBlrQ7Ebpj1iO3EMqCk+CU/bNxWiK0oH7Ywqy
NO2NPTkn+Vdb4RJ71x/O4Db95z0giUzlyn/EY6dIIc5kEPh8YXMT
-----END CERTIFICATE-----
Generated at Sun Mar 3 18:13:29 2024 by rpki-client on console-fra.rpki-client.org