Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233312e302f32342d3234203d3e2039323332.roa
File:                     38352e3131372e3233312e302f32342d3234203d3e2039323332.roa (raw, json)
Hash identifier:          wxXqnIo8VdPb9Dqirf8u37/+DzCmzUMAlr9dMT37N+Q=
Subject key identifier:   BA:B9:B5:70:36:14:36:3E:9B:96:27:75:AF:1F:E9:24:23:F0:D4:87
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       25EF2C0EAF41222943D6591DF8D3AF26C0463FCF
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233312e302f32342d3234203d3e2039323332.roa
Signing time:             Fri 10 Jan 2025 14:56:32 +0000
ROA not before:           Fri 10 Jan 2025 14:51:32 +0000
ROA not after:            Fri 09 Jan 2026 14:56:32 +0000
asID:                     9232
IP address blocks:        85.117.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:ef:2c:0e:af:41:22:29:43:d6:59:1d:f8:d3:af:26:c0:46:3f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Jan 10 14:51:32 2025 GMT
            Not After : Jan  9 14:56:32 2026 GMT
        Subject: CN=BAB9B5703614363E9B962775AF1FE92423F0D487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:16:77:39:fb:8a:23:b9:6d:de:77:86:52:10:
                    ff:73:69:84:7e:2e:b6:50:89:88:02:56:78:4e:68:
                    20:a2:d9:06:6b:7f:ec:c1:be:f0:23:16:60:33:e2:
                    91:31:ab:c8:12:69:6e:63:e4:ef:69:00:19:68:32:
                    4a:03:6a:86:11:00:e4:db:36:72:53:a3:dc:0b:76:
                    cd:4f:bb:8a:85:60:e8:d6:e9:11:3b:20:fc:8d:dd:
                    78:1f:60:e0:94:ea:d3:61:25:c2:28:aa:b1:9e:a7:
                    61:e9:13:61:4d:e8:37:ba:c8:3f:ab:4d:82:c1:96:
                    cb:4d:33:96:30:d8:6a:cb:8c:9a:ec:ec:d5:11:44:
                    98:ca:a8:13:fa:cb:ff:4d:f3:da:e1:7c:a9:d4:c8:
                    a2:a0:9c:f6:f1:ec:ae:62:5f:33:08:30:6d:d1:51:
                    e8:d3:47:c6:af:98:5e:38:07:0d:e7:99:e3:36:22:
                    9d:ea:9c:0d:4b:4c:5f:ac:1d:e3:9e:e7:d9:b5:1c:
                    5e:b7:a5:c8:97:dd:8e:cf:7e:1d:4f:6d:d9:f5:81:
                    f3:cd:93:e1:58:f0:cc:b5:e3:b3:ec:17:8a:a0:c2:
                    15:62:f3:0a:78:ef:44:13:18:5d:17:d3:0a:b4:73:
                    67:23:fd:f1:d1:ea:ef:f3:f9:92:aa:eb:4f:46:87:
                    70:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B9:B5:70:36:14:36:3E:9B:96:27:75:AF:1F:E9:24:23:F0:D4:87
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233312e302f32342d3234203d3e2039323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:76:d8:f2:f5:aa:16:7c:6c:0f:bc:00:3f:de:f4:06:d5:01:
         86:14:24:32:3d:55:14:34:2b:dd:04:06:ab:27:e3:0a:18:83:
         89:cb:bb:17:7d:d4:15:a1:c8:85:1c:de:cb:48:16:cd:f1:77:
         ad:e3:d4:08:5d:10:84:aa:7c:67:90:a2:0e:0b:90:8e:07:e2:
         52:95:89:73:6d:45:98:08:b6:f8:55:5b:d0:e6:c3:bb:19:42:
         07:8d:e4:b7:4a:2c:e4:03:15:9f:f9:f2:ca:3b:6b:34:48:1e:
         78:8d:d6:0e:b3:76:4b:61:01:eb:1d:4a:3f:a3:24:04:d9:d1:
         0d:c5:b8:fb:97:5a:39:32:93:63:52:4c:4f:54:73:65:72:50:
         4b:9e:aa:e3:e9:c1:40:32:e2:49:de:c0:59:ea:6c:80:04:0a:
         1a:16:1b:b0:34:65:34:78:25:1c:7f:ee:4e:43:e7:c4:44:39:
         d7:fc:a9:4c:5f:59:a2:07:f1:2e:8d:b8:7f:84:18:12:14:35:
         90:a4:49:ef:1a:3e:a9:74:4b:e9:f4:75:98:03:a7:c4:13:0b:
         7b:2f:23:49:3e:0d:30:ce:75:de:6e:c4:cb:63:e3:d2:7a:05:
         35:40:b4:c6:25:d5:b5:3a:0f:68:09:11:0c:4e:36:a5:3a:99:
         9c:bd:bf:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJe8sDq9BIilD1lkd+NOvJsBGP88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTAxMTAxNDUxMzJaFw0yNjAxMDkxNDU2MzJaMDMxMTAvBgNV
BAMTKEJBQjlCNTcwMzYxNDM2M0U5Qjk2Mjc3NUFGMUZFOTI0MjNGMEQ0ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcFnc5+4ojuW3ed4ZSEP9zaYR+
LrZQiYgCVnhOaCCi2QZrf+zBvvAjFmAz4pExq8gSaW5j5O9pABloMkoDaoYRAOTb
NnJTo9wLds1Pu4qFYOjW6RE7IPyN3XgfYOCU6tNhJcIoqrGep2HpE2FN6De6yD+r
TYLBlstNM5Yw2GrLjJrs7NURRJjKqBP6y/9N89rhfKnUyKKgnPbx7K5iXzMIMG3R
UejTR8avmF44Bw3nmeM2Ip3qnA1LTF+sHeOe59m1HF63pciX3Y7Pfh1Pbdn1gfPN
k+FY8My147PsF4qgwhVi8wp470QTGF0X0wq0c2cj/fHR6u/z+ZKq609Gh3CjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUurm1cDYUNj6blid1rx/pJCPw1IcwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzgzNTJlMzEzMTM3MmUzMjMz
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMyMzMzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFV1
5zANBgkqhkiG9w0BAQsFAAOCAQEAdHbY8vWqFnxsD7wAP970BtUBhhQkMj1VFDQr
3QQGqyfjChiDicu7F33UFaHIhRzey0gWzfF3rePUCF0QhKp8Z5CiDguQjgfiUpWJ
c21FmAi2+FVb0ObDuxlCB43kt0os5AMVn/nyyjtrNEgeeI3WDrN2S2EB6x1KP6Mk
BNnRDcW4+5daOTKTY1JMT1RzZXJQS56q4+nBQDLiSd7AWepsgAQKGhYbsDRlNHgl
HH/uTkPnxEQ51/ypTF9ZogfxLo24f4QYEhQ1kKRJ7xo+qXRL6fR1mAOnxBMLey8j
ST4NMM513m7Ey2Pj0noFNUC0xiXVtToPaAkRDE42pTqZnL2//Q==
-----END CERTIFICATE-----