Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Ajc4oVOy+na2UQOae0HFfbdnyi//mu9v1kVlBqIFWaA=
Subject key identifier:   0F:00:1C:4A:C8:2A:BB:F0:D6:37:51:9C:0C:8E:BB:DA:15:83:65:D6
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       3D194B1D92D78AD451D544748587A14D4F2DB8E0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 02 Jan 2025 07:43:05 +0000
ROA not before:           Thu 02 Jan 2025 07:38:05 +0000
ROA not after:            Thu 01 Jan 2026 07:43:05 +0000
asID:                     834
IP address blocks:        85.237.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:19:4b:1d:92:d7:8a:d4:51:d5:44:74:85:87:a1:4d:4f:2d:b8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan  2 07:38:05 2025 GMT
            Not After : Jan  1 07:43:05 2026 GMT
        Subject: CN=0F001C4AC82ABBF0D637519C0C8EBBDA158365D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:94:bb:99:b4:e2:a1:69:7a:c4:eb:70:bb:b3:
                    fe:a7:da:34:b9:a6:9f:40:44:59:c4:4c:11:98:ba:
                    aa:d3:08:1b:4b:75:c3:d4:1f:22:10:be:39:07:3c:
                    b5:b2:6c:cd:36:c5:6c:59:7f:93:f8:db:66:ad:1a:
                    75:14:a2:07:16:18:b0:bf:03:ce:27:14:70:6d:8c:
                    57:af:c0:24:81:23:80:c4:fa:e8:e8:b7:c0:2e:f1:
                    e5:50:0e:dc:7c:23:80:ea:50:e3:31:2c:59:99:c6:
                    43:ab:60:f2:37:40:63:dc:a1:f5:58:a4:15:c1:9c:
                    00:2e:d4:e6:7c:2b:a2:e6:a2:b8:32:87:52:39:ff:
                    88:b2:b6:8a:13:55:3a:ea:42:c3:cb:ec:e4:75:a0:
                    87:22:2d:1b:41:ad:d0:a6:fe:37:28:d5:14:10:41:
                    e6:90:7f:87:79:13:a7:f7:ae:33:6d:d3:07:c8:dc:
                    d9:e9:e3:53:a1:9d:0e:d6:ef:7b:67:ed:dc:2d:28:
                    80:66:8f:0e:bb:21:78:1b:88:e2:5b:df:da:80:b8:
                    7d:8f:bb:a8:37:31:66:09:d6:97:75:68:4a:82:9c:
                    c7:00:e2:05:fd:71:68:75:a5:47:df:26:3a:f5:c0:
                    52:0c:e8:77:99:66:d8:b1:48:1a:a7:8c:94:09:6f:
                    c6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:00:1C:4A:C8:2A:BB:F0:D6:37:51:9C:0C:8E:BB:DA:15:83:65:D6
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:f5:78:64:38:4f:90:12:b1:4f:51:e3:a3:8e:7f:c3:73:eb:
         35:aa:c8:63:54:5b:9a:e1:0b:eb:07:0c:67:1f:9e:5b:26:27:
         2b:76:92:2d:eb:b8:dc:c7:b1:46:d8:04:74:73:35:5c:d2:e9:
         2c:2e:46:a6:69:13:9d:5f:89:31:e7:24:3c:db:eb:b2:6b:b0:
         11:f2:99:ad:4b:a1:1d:8c:2e:6e:f7:b7:15:80:2f:f4:40:27:
         09:23:8d:e7:c2:5e:d9:55:1b:be:79:77:fc:00:c4:16:85:72:
         0a:d6:56:56:72:bf:0a:78:4d:9a:5e:e4:11:71:46:8c:82:c1:
         57:2d:68:85:28:3c:83:e5:8d:c1:c5:5f:50:f8:66:58:1a:e7:
         d4:4a:a2:c8:5a:a2:c1:3e:b7:36:55:54:3c:d4:54:43:cd:8b:
         5f:9e:83:97:44:5e:d5:4b:15:2c:68:f0:86:b5:2c:4c:2e:15:
         99:4e:e4:4e:c5:7c:48:bf:53:a6:4b:07:f8:f7:d0:20:54:71:
         68:38:c8:7e:23:eb:5c:f5:06:1b:3a:57:2d:41:69:73:72:a4:
         d0:79:36:2c:63:4a:92:f6:fa:c8:49:4d:fb:da:46:40:51:e7:
         c0:73:f3:af:4c:de:9a:5b:34:4a:5c:77:ab:9f:ee:85:e4:e8:
         20:2d:0c:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPRlLHZLXitRR1UR0hYehTU8tuOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMDIwNzM4MDVaFw0yNjAxMDEwNzQzMDVaMDMxMTAvBgNV
BAMTKDBGMDAxQzRBQzgyQUJCRjBENjM3NTE5QzBDOEVCQkRBMTU4MzY1RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDelLuZtOKhaXrE63C7s/6n2jS5
pp9ARFnETBGYuqrTCBtLdcPUHyIQvjkHPLWybM02xWxZf5P422atGnUUogcWGLC/
A84nFHBtjFevwCSBI4DE+ujot8Au8eVQDtx8I4DqUOMxLFmZxkOrYPI3QGPcofVY
pBXBnAAu1OZ8K6Lmorgyh1I5/4iytooTVTrqQsPL7OR1oIciLRtBrdCm/jco1RQQ
QeaQf4d5E6f3rjNt0wfI3Nnp41OhnQ7W73tn7dwtKIBmjw67IXgbiOJb39qAuH2P
u6g3MWYJ1pd1aEqCnMcA4gX9cWh1pUffJjr1wFIM6HeZZtixSBqnjJQJb8apAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUDwAcSsgqu/DWN1GcDI672hWDZdYwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7d8w
DQYJKoZIhvcNAQELBQADggEBADL1eGQ4T5ASsU9R46OOf8Nz6zWqyGNUW5rhC+sH
DGcfnlsmJyt2ki3ruNzHsUbYBHRzNVzS6SwuRqZpE51fiTHnJDzb67JrsBHyma1L
oR2MLm73txWAL/RAJwkjjefCXtlVG755d/wAxBaFcgrWVlZyvwp4TZpe5BFxRoyC
wVctaIUoPIPljcHFX1D4Zlga59RKoshaosE+tzZVVDzUVEPNi1+eg5dEXtVLFSxo
8Ia1LEwuFZlO5E7FfEi/U6ZLB/j30CBUcWg4yH4j61z1Bhs6Vy1BaXNypNB5Nixj
SpL2+shJTfvaRkBR58Bz869M3ppbNEpcd6uf7oXk6CAtDL8=
-----END CERTIFICATE-----
Generated at Fri Feb 14 15:38:45 2025 by rpki-client