Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa
File:                     38352e3230392e31372e302f32342d3234203d3e203235363933.roa (raw, json)
Hash identifier:          sfBR34BQfUnBG/Dfs9RgO4NWV6dIYQiGWUQLFQnMRUU=
Subject key identifier:   28:B1:23:51:A4:EA:CF:D1:94:3F:28:EC:3E:88:46:D8:9F:E4:C2:11
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       61228D20970141CDD1ACAB6696FD38F647859887
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa
Signing time:             Sat 05 Apr 2025 14:57:05 +0000
ROA not before:           Sat 05 Apr 2025 14:52:05 +0000
ROA not after:            Sat 04 Apr 2026 14:57:05 +0000
asID:                     25693
IP address blocks:        85.209.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:22:8d:20:97:01:41:cd:d1:ac:ab:66:96:fd:38:f6:47:85:98:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Apr  5 14:52:05 2025 GMT
            Not After : Apr  4 14:57:05 2026 GMT
        Subject: CN=28B12351A4EACFD1943F28EC3E8846D89FE4C211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:20:ad:11:f0:ed:b1:53:af:20:03:66:0d:a5:
                    9b:bc:dc:42:f9:f9:d5:a8:31:0d:65:3c:3c:ce:fb:
                    23:30:59:ca:67:0c:c7:41:ae:35:a0:82:1f:bd:31:
                    74:c0:2b:21:9e:ee:be:fb:64:3d:e0:71:23:92:54:
                    a0:04:6d:12:0d:0c:dc:9c:6c:f7:60:15:cb:91:f0:
                    64:30:a5:b3:fc:83:8a:a1:b3:91:e6:e9:da:e8:48:
                    db:66:1c:b6:cb:ac:cb:b2:af:a3:ef:3f:0f:26:4e:
                    fb:65:38:7a:64:65:c8:11:96:43:e7:3f:3c:ec:e1:
                    69:25:a8:55:fe:ba:91:50:71:a3:a5:ba:88:9a:86:
                    b2:9c:76:d5:3c:77:58:90:d6:d5:b3:fd:c4:4f:84:
                    fd:aa:66:b3:55:bd:f6:c1:cd:91:5d:76:e0:22:63:
                    4c:03:67:0f:ac:80:cb:ab:e6:25:b2:11:93:7a:4f:
                    c4:57:c1:ba:bb:10:81:b0:0f:d1:13:f9:8e:fc:c7:
                    90:7d:2b:cb:72:54:48:67:2f:df:be:50:46:f3:6e:
                    96:88:21:fa:9f:48:ff:1b:7d:39:b5:5d:b0:01:b1:
                    de:67:82:1e:fa:b3:60:f1:ab:e4:02:8e:a7:f6:8c:
                    c0:0a:be:70:20:19:50:8b:4b:b9:77:c4:34:af:43:
                    38:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B1:23:51:A4:EA:CF:D1:94:3F:28:EC:3E:88:46:D8:9F:E4:C2:11
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:17:d8:f7:60:5d:b2:da:24:9e:a1:f5:4f:ab:44:20:82:81:
         76:f3:15:bf:a9:75:b2:d7:11:4e:85:78:4d:ad:51:79:50:15:
         7b:e1:82:29:e3:9b:71:e0:e9:c8:3c:a4:a9:e8:d1:87:87:91:
         23:16:47:3d:f2:3b:04:4a:76:2d:dc:d3:cf:8a:da:7a:48:59:
         30:b8:fd:de:29:f9:2d:cf:63:f8:2d:97:ff:9f:39:ab:d4:61:
         9d:54:7b:a6:4e:fe:65:fc:ae:3f:0e:0c:95:61:e7:44:4a:8c:
         a3:69:cc:0e:76:e7:19:40:fd:b3:4d:7b:65:d1:35:1b:80:26:
         d2:7c:1a:d5:94:73:77:b2:cc:76:5c:a1:05:f3:7e:05:b8:3b:
         4c:6d:d1:38:4c:83:ee:67:30:44:30:fe:3e:57:15:aa:5b:79:
         d4:ab:ef:67:8c:c5:9b:1e:26:fd:f0:ea:58:36:2e:80:3b:ed:
         48:86:ec:f6:25:67:63:fe:9c:3f:a4:29:9d:30:ad:61:65:e2:
         d4:94:13:88:a1:8c:ba:40:31:51:e1:3b:df:81:14:92:b0:98:
         b7:a3:a7:7d:10:cb:9d:29:8c:18:9d:cf:cf:f3:99:96:03:0f:
         18:16:f9:78:73:24:0a:ec:76:1c:88:56:6a:e7:63:4c:42:7e:
         ec:25:4a:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYSKNIJcBQc3RrKtmlv049keFmIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTA0MDUxNDUyMDVaFw0yNjA0MDQxNDU3MDVaMDMxMTAvBgNV
BAMTKDI4QjEyMzUxQTRFQUNGRDE5NDNGMjhFQzNFODg0NkQ4OUZFNEMyMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3IK0R8O2xU68gA2YNpZu83EL5
+dWoMQ1lPDzO+yMwWcpnDMdBrjWggh+9MXTAKyGe7r77ZD3gcSOSVKAEbRINDNyc
bPdgFcuR8GQwpbP8g4qhs5Hm6droSNtmHLbLrMuyr6PvPw8mTvtlOHpkZcgRlkPn
Pzzs4WklqFX+upFQcaOluoiahrKcdtU8d1iQ1tWz/cRPhP2qZrNVvfbBzZFdduAi
Y0wDZw+sgMur5iWyEZN6T8RXwbq7EIGwD9ET+Y78x5B9K8tyVEhnL9++UEbzbpaI
IfqfSP8bfTm1XbABsd5ngh76s2Dxq+QCjqf2jMAKvnAgGVCLS7l3xDSvQziNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKLEjUaTqz9GUPyjsPohG2J/kwhEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTM2MzkzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
ETANBgkqhkiG9w0BAQsFAAOCAQEAchfY92BdstoknqH1T6tEIIKBdvMVv6l1stcR
ToV4Ta1ReVAVe+GCKeObceDpyDykqejRh4eRIxZHPfI7BEp2LdzTz4raekhZMLj9
3in5Lc9j+C2X/585q9RhnVR7pk7+ZfyuPw4MlWHnREqMo2nMDnbnGUD9s017ZdE1
G4Am0nwa1ZRzd7LMdlyhBfN+Bbg7TG3ROEyD7mcwRDD+PlcVqlt51KvvZ4zFmx4m
/fDqWDYugDvtSIbs9iVnY/6cP6QpnTCtYWXi1JQTiKGMukAxUeE734EUkrCYt6On
fRDLnSmMGJ3Pz/OZlgMPGBb5eHMkCux2HIhWaudjTEJ+7CVKHQ==
-----END CERTIFICATE-----