Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Pl+Jdzt+Hn0XaDLGeWVZ31s8n4HisAk9SrE2fj2ykus=
Subject key identifier:   CF:52:41:00:CF:43:0C:DE:9E:15:69:E5:BF:A0:18:F4:19:D2:35:27
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       6CB44EE7BD1F6812308F8BD71C4B5F42239C18BA
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 12 Sep 2025 04:46:43 +0000
ROA not before:           Fri 12 Sep 2025 04:41:43 +0000
ROA not after:            Fri 11 Sep 2026 04:46:43 +0000
asID:                     834
IP address blocks:        85.237.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b4:4e:e7:bd:1f:68:12:30:8f:8b:d7:1c:4b:5f:42:23:9c:18:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Sep 12 04:41:43 2025 GMT
            Not After : Sep 11 04:46:43 2026 GMT
        Subject: CN=CF524100CF430CDE9E1569E5BFA018F419D23527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e4:4c:95:de:82:90:39:4b:c7:cc:ac:ef:6a:
                    b5:7e:cb:94:b9:f9:84:59:79:02:76:5c:f1:d1:4f:
                    18:5e:1b:55:7f:53:3c:c3:95:fd:b5:f1:41:26:b3:
                    1b:02:63:21:83:3a:e5:0e:dd:de:a3:0c:ac:fd:d8:
                    42:ca:1b:7a:a8:ed:7c:d3:7a:09:eb:5e:56:ca:e7:
                    29:d6:a1:0c:67:d4:2c:13:9e:43:91:40:22:89:75:
                    61:6a:81:d7:f3:49:1d:da:6d:55:0c:df:ed:79:16:
                    79:e1:e8:0a:c1:03:76:61:08:ed:df:07:0e:d8:6a:
                    97:40:91:ce:1d:2a:9d:6d:27:53:ac:f0:63:82:cc:
                    f6:e2:65:99:a4:d7:9c:98:09:01:94:1a:e0:9c:1d:
                    df:a4:3e:b0:d9:30:ce:f6:37:c6:9e:60:2a:59:e0:
                    53:5d:a8:ca:26:e6:de:4d:97:a5:8f:2c:e0:44:96:
                    ff:e2:57:10:42:b6:a9:eb:48:92:52:17:61:2d:be:
                    bb:49:ff:39:ee:16:db:ff:38:7f:25:e6:8f:5e:25:
                    87:87:99:92:9f:ea:ec:89:7b:c6:46:6f:a6:ea:10:
                    32:60:2e:fa:e1:bb:4b:5e:e1:00:2c:3d:93:5f:ef:
                    23:5a:08:e5:78:01:68:b3:3f:ca:fb:9a:22:99:79:
                    4b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:52:41:00:CF:43:0C:DE:9E:15:69:E5:BF:A0:18:F4:19:D2:35:27
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:38:7e:15:e4:19:76:a2:0b:5c:e1:8b:8c:4c:0e:29:61:bb:
         63:f9:03:a9:5f:02:43:af:23:53:09:9f:6c:48:7f:d6:15:ed:
         72:1d:97:44:54:dc:c4:70:28:5c:7b:2e:35:e0:f5:0c:8c:2f:
         86:2e:e8:c7:23:97:e6:89:f4:aa:95:2b:27:8d:cd:ee:d0:a2:
         a5:8a:da:01:bd:b9:a2:a7:82:75:f5:50:3c:bb:30:7b:14:c2:
         0a:f9:f3:42:bc:6b:75:cc:fd:57:0f:cb:95:08:ad:b8:db:b0:
         08:fb:52:44:d7:bd:0b:09:1b:72:47:5c:3b:bc:c5:17:cb:59:
         e1:c9:14:d4:59:2f:0c:50:ec:b6:23:6c:7a:60:38:18:b1:25:
         4a:f0:c2:ac:c5:9d:46:e4:69:f8:34:b6:2c:09:0f:7a:70:e4:
         68:68:3a:42:5e:2e:f6:af:01:e7:f9:17:cd:f4:66:b0:15:48:
         60:4c:a8:05:d7:8c:2f:ad:80:f4:50:3b:7e:88:07:10:86:bc:
         8f:1c:59:3a:b3:d9:b4:cb:87:71:af:37:37:ce:a6:32:9d:26:
         99:04:90:00:69:8e:21:da:e9:1f:d4:66:74:a0:f7:08:24:39:
         ae:7b:18:18:aa:17:bd:5b:74:dc:13:5c:49:89:ed:05:1a:8f:
         4b:4e:18:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbLRO570faBIwj4vXHEtfQiOcGLowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTIwNDQxNDNaFw0yNjA5MTEwNDQ2NDNaMDMxMTAvBgNV
BAMTKENGNTI0MTAwQ0Y0MzBDREU5RTE1NjlFNUJGQTAxOEY0MTlEMjM1MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC85EyV3oKQOUvHzKzvarV+y5S5
+YRZeQJ2XPHRTxheG1V/UzzDlf218UEmsxsCYyGDOuUO3d6jDKz92ELKG3qo7XzT
egnrXlbK5ynWoQxn1CwTnkORQCKJdWFqgdfzSR3abVUM3+15Fnnh6ArBA3ZhCO3f
Bw7YapdAkc4dKp1tJ1Os8GOCzPbiZZmk15yYCQGUGuCcHd+kPrDZMM72N8aeYCpZ
4FNdqMom5t5Nl6WPLOBElv/iVxBCtqnrSJJSF2EtvrtJ/znuFtv/OH8l5o9eJYeH
mZKf6uyJe8ZGb6bqEDJgLvrhu0te4QAsPZNf7yNaCOV4AWizP8r7miKZeUvxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUz1JBAM9DDN6eFWnlv6AY9BnSNScwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7d8w
DQYJKoZIhvcNAQELBQADggEBAJo4fhXkGXaiC1zhi4xMDilhu2P5A6lfAkOvI1MJ
n2xIf9YV7XIdl0RU3MRwKFx7LjXg9QyML4Yu6Mcjl+aJ9KqVKyeNze7QoqWK2gG9
uaKngnX1UDy7MHsUwgr580K8a3XM/VcPy5UIrbjbsAj7UkTXvQsJG3JHXDu8xRfL
WeHJFNRZLwxQ7LYjbHpgOBixJUrwwqzFnUbkafg0tiwJD3pw5GhoOkJeLvavAef5
F830ZrAVSGBMqAXXjC+tgPRQO36IBxCGvI8cWTqz2bTLh3GvNzfOpjKdJpkEkABp
jiHa6R/UZnSg9wgkOa57GBiqF71bdNwTXEmJ7QUaj0tOGO8=
-----END CERTIFICATE-----