Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3232312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          MDzTrHhEMKcIZcGfZrfy2Gi7UWKNfz8sqJZvaUd2tRw=
Subject key identifier:   21:9A:CD:7D:D7:77:B4:07:13:00:F2:18:3F:3E:BE:61:36:43:3E:17
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       18501D601169657B738637D8E6745CB7D3D9E293
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e20383334.roa
Signing time:             Thu 02 Jan 2025 07:43:05 +0000
ROA not before:           Thu 02 Jan 2025 07:38:05 +0000
ROA not after:            Thu 01 Jan 2026 07:43:05 +0000
asID:                     834
IP address blocks:        85.237.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:50:1d:60:11:69:65:7b:73:86:37:d8:e6:74:5c:b7:d3:d9:e2:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan  2 07:38:05 2025 GMT
            Not After : Jan  1 07:43:05 2026 GMT
        Subject: CN=219ACD7DD777B4071300F2183F3EBE6136433E17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b0:6b:e2:5d:55:c3:35:e0:23:77:a1:af:66:
                    02:54:52:e1:79:95:7c:25:89:b3:9e:84:54:8d:65:
                    ae:31:36:32:20:a9:e8:05:9a:90:7d:39:b0:e0:ba:
                    eb:fb:0a:6d:6b:49:7b:f9:ab:df:22:71:b9:2d:d4:
                    f4:21:b9:51:80:27:96:00:69:e2:61:2d:de:6c:39:
                    90:99:1a:7f:7c:de:5b:53:1b:4d:cc:7b:d7:66:df:
                    de:4c:ec:79:91:9d:f4:02:60:30:6e:d9:73:3c:ba:
                    73:47:ac:d9:d6:9c:8c:9e:52:a2:ef:2d:fd:65:01:
                    6d:9d:db:5f:69:39:f8:95:31:09:e6:35:7f:6b:d4:
                    ad:fc:f2:3e:5f:23:fc:6d:8f:50:05:dc:81:ab:4a:
                    8f:a0:5a:ee:ab:60:ec:a3:90:62:8e:04:51:b9:e4:
                    87:ae:ee:56:55:95:48:b5:fb:ca:cd:48:4f:23:4a:
                    1d:59:7a:78:e5:d7:90:bb:c2:ce:2a:f9:76:73:77:
                    f4:81:39:2d:35:1b:6d:9f:b3:62:0c:a5:1b:78:7a:
                    86:b1:f2:5f:f4:76:ec:36:28:a8:44:b4:6c:f1:4f:
                    8f:29:20:b8:bb:f3:36:c0:ed:69:c3:99:f6:fd:12:
                    9d:1f:fb:57:93:df:17:56:b1:d8:ce:48:2c:68:8d:
                    55:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9A:CD:7D:D7:77:B4:07:13:00:F2:18:3F:3E:BE:61:36:43:3E:17
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ec:0c:82:52:eb:b8:21:4f:3a:2f:c4:ad:78:6f:e2:61:9a:
         98:b7:96:73:d9:dd:19:41:ab:39:b7:e9:50:dd:21:83:da:b4:
         94:ea:61:cf:d6:c9:4e:15:ab:5d:35:66:c6:00:54:94:6c:71:
         20:19:23:07:02:d9:26:66:b2:44:5e:7d:14:f9:37:aa:f4:55:
         26:0b:48:1f:32:cc:7d:a5:77:7b:93:d1:53:e5:3b:fb:84:58:
         2a:9f:62:a6:62:93:c9:00:ae:a1:40:e4:f3:f9:4d:70:71:36:
         86:18:14:25:4d:8f:8d:19:fd:92:4d:17:6d:05:12:6c:93:60:
         6b:bb:97:18:6d:7b:25:72:99:67:19:e2:33:7a:90:cf:4b:b4:
         ea:87:ee:d5:d9:46:2e:3b:5d:1e:57:64:8a:be:7d:09:6d:fd:
         9a:44:c4:d5:58:66:19:d5:11:d5:6a:be:58:33:e1:4b:d6:17:
         80:37:7f:2f:57:3e:ce:28:b6:b3:ca:df:da:d7:cd:af:8c:d2:
         84:cc:33:29:03:2b:85:f0:e6:d9:26:8f:27:15:b5:71:a8:5d:
         ac:00:c1:31:e1:9d:09:06:cb:ac:76:27:18:3a:d4:db:d1:f8:
         42:c2:c1:71:98:fa:1e:73:d0:ed:94:2d:fd:e1:0f:5d:96:61:
         8d:ce:e2:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGFAdYBFpZXtzhjfY5nRct9PZ4pMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMDIwNzM4MDVaFw0yNjAxMDEwNzQzMDVaMDMxMTAvBgNV
BAMTKDIxOUFDRDdERDc3N0I0MDcxMzAwRjIxODNGM0VCRTYxMzY0MzNFMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNsGviXVXDNeAjd6GvZgJUUuF5
lXwlibOehFSNZa4xNjIgqegFmpB9ObDguuv7Cm1rSXv5q98icbkt1PQhuVGAJ5YA
aeJhLd5sOZCZGn983ltTG03Me9dm395M7HmRnfQCYDBu2XM8unNHrNnWnIyeUqLv
Lf1lAW2d219pOfiVMQnmNX9r1K388j5fI/xtj1AF3IGrSo+gWu6rYOyjkGKOBFG5
5Ieu7lZVlUi1+8rNSE8jSh1Zenjl15C7ws4q+XZzd/SBOS01G22fs2IMpRt4eoax
8l/0duw2KKhEtGzxT48pILi78zbA7WnDmfb9Ep0f+1eT3xdWsdjOSCxojVWbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIZrNfdd3tAcTAPIYPz6+YTZDPhcwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7d0w
DQYJKoZIhvcNAQELBQADggEBAGjsDIJS67ghTzovxK14b+Jhmpi3lnPZ3RlBqzm3
6VDdIYPatJTqYc/WyU4Vq101ZsYAVJRscSAZIwcC2SZmskRefRT5N6r0VSYLSB8y
zH2ld3uT0VPlO/uEWCqfYqZik8kArqFA5PP5TXBxNoYYFCVNj40Z/ZJNF20FEmyT
YGu7lxhteyVymWcZ4jN6kM9LtOqH7tXZRi47XR5XZIq+fQlt/ZpExNVYZhnVEdVq
vlgz4UvWF4A3fy9XPs4otrPK39rXza+M0oTMMykDK4Xw5tkmjycVtXGoXawAwTHh
nQkGy6x2Jxg61NvR+ELCwXGY+h5z0O2ULf3hD12WYY3O4ho=
-----END CERTIFICATE-----
Generated at Fri Feb 14 15:40:27 2025 by rpki-client