Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e2038313030.roa
File:                     38352e3230392e31372e302f32342d3234203d3e2038313030.roa (raw, json)
Hash identifier:          pLWChihbDvjfrasKe+t2DYZzXoPPv1CnrKCMYicuojE=
Subject key identifier:   87:AE:05:9C:C5:99:DB:83:78:30:7E:D9:34:AF:A7:D7:5B:37:B1:95
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       28E6F0CE03328CB9B2FE6636D3C33C53836A57FE
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e2038313030.roa
Signing time:             Sun 14 Jul 2024 09:57:23 +0000
ROA not before:           Sun 14 Jul 2024 09:52:23 +0000
ROA not after:            Sun 13 Jul 2025 09:57:23 +0000
asID:                     8100
IP address blocks:        85.209.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 12:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e6:f0:ce:03:32:8c:b9:b2:fe:66:36:d3:c3:3c:53:83:6a:57:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Jul 14 09:52:23 2024 GMT
            Not After : Jul 13 09:57:23 2025 GMT
        Subject: CN=87AE059CC599DB8378307ED934AFA7D75B37B195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3b:aa:3d:af:1a:eb:20:d2:b5:4f:2f:c9:ee:
                    d5:ea:92:c0:a4:8c:0d:7c:dc:d5:0f:94:99:96:6e:
                    44:4d:14:26:98:f6:38:cf:23:75:36:67:33:36:c0:
                    2b:6f:67:26:9e:ef:ee:6e:87:df:bf:07:3d:fb:f8:
                    62:ab:32:50:25:7b:52:dc:9e:f0:e1:39:6d:e1:81:
                    d0:9a:25:6d:96:4b:5e:da:32:cd:ba:f9:2a:a0:bf:
                    c0:f6:fe:2f:d8:ef:a1:42:5b:a9:33:9a:04:10:cc:
                    e7:5c:d4:4c:ef:94:46:80:f1:b0:83:06:bf:2d:87:
                    b2:89:a0:b5:07:9b:66:4c:d7:3b:14:b6:6f:81:bf:
                    a1:b9:9d:aa:76:ee:c2:98:7e:84:ef:39:59:9e:eb:
                    d0:54:e3:52:69:03:7b:ac:e2:82:3c:bf:30:68:ae:
                    36:ae:2e:a5:e3:12:d4:90:d6:9b:4b:1b:ae:36:29:
                    4e:7c:15:89:75:5b:b6:f0:5f:62:80:c1:7c:2b:09:
                    c6:cc:e7:39:e7:32:fa:3d:b4:09:cc:53:45:06:10:
                    0e:26:ac:a1:7c:40:c8:2f:ee:7c:37:88:6e:2b:6d:
                    f9:28:aa:7b:6b:34:35:80:f1:dc:8e:31:6b:d6:6f:
                    3e:52:a8:ff:1b:b5:5d:00:7c:f7:f9:bc:84:ad:b8:
                    77:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AE:05:9C:C5:99:DB:83:78:30:7E:D9:34:AF:A7:D7:5B:37:B1:95
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e2038313030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:e5:63:c7:98:16:e7:ac:7b:3c:29:7e:3b:ed:34:d5:39:fc:
         5d:96:7f:f7:26:0d:9e:26:15:90:47:c2:ea:21:1e:aa:05:90:
         1a:bf:c2:bf:22:42:24:84:02:8b:86:7d:ec:e7:33:33:54:a0:
         e9:cc:80:52:3f:54:2a:e1:a0:90:32:02:3f:79:4d:a2:35:ce:
         29:9a:bb:be:19:08:5b:4b:a8:68:f1:ec:9d:c5:e9:ba:fa:9d:
         58:37:c7:b9:95:cc:87:8c:92:39:91:a9:1b:e1:2a:b0:41:b4:
         54:18:2e:e4:f6:18:59:6f:1a:f3:5f:23:7b:02:12:c0:de:65:
         63:db:ce:85:6f:6c:20:91:93:e1:ad:6f:06:25:8f:e4:39:cf:
         c5:cf:f6:9f:6d:ab:58:cb:06:ea:bb:e0:c3:4e:cb:ef:62:d1:
         14:18:c1:e1:cd:b2:fd:ed:11:45:1a:6d:11:7f:c7:92:cb:b6:
         af:bd:5d:d2:3d:9e:3a:b6:3c:f8:26:3a:b7:c5:02:11:45:af:
         16:9f:c6:72:f1:1e:a9:9f:cf:cb:a6:3c:66:b0:1f:66:4f:df:
         43:52:c5:11:12:cd:a3:5f:02:a0:75:d9:a8:46:c6:42:9b:ca:
         d7:9a:12:13:22:c6:85:15:82:2d:f9:30:93:14:07:54:eb:7d:
         09:25:38:0d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKObwzgMyjLmy/mY208M8U4NqV/4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA3MTQwOTUyMjNaFw0yNTA3MTMwOTU3MjNaMDMxMTAvBgNV
BAMTKDg3QUUwNTlDQzU5OURCODM3ODMwN0VEOTM0QUZBN0Q3NUIzN0IxOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzO6o9rxrrINK1Ty/J7tXqksCk
jA183NUPlJmWbkRNFCaY9jjPI3U2ZzM2wCtvZyae7+5uh9+/Bz37+GKrMlAle1Lc
nvDhOW3hgdCaJW2WS17aMs26+Sqgv8D2/i/Y76FCW6kzmgQQzOdc1EzvlEaA8bCD
Br8th7KJoLUHm2ZM1zsUtm+Bv6G5nap27sKYfoTvOVme69BU41JpA3us4oI8vzBo
rjauLqXjEtSQ1ptLG642KU58FYl1W7bwX2KAwXwrCcbM5znnMvo9tAnMU0UGEA4m
rKF8QMgv7nw3iG4rbfkoqntrNDWA8dyOMWvWbz5SqP8btV0AfPf5vIStuHfjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUh64FnMWZ24N4MH7ZNK+n11s3sZUwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMTMwMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0REw
DQYJKoZIhvcNAQELBQADggEBAEflY8eYFuesezwpfjvtNNU5/F2Wf/cmDZ4mFZBH
wuohHqoFkBq/wr8iQiSEAouGfeznMzNUoOnMgFI/VCrhoJAyAj95TaI1zimau74Z
CFtLqGjx7J3F6br6nVg3x7mVzIeMkjmRqRvhKrBBtFQYLuT2GFlvGvNfI3sCEsDe
ZWPbzoVvbCCRk+GtbwYlj+Q5z8XP9p9tq1jLBuq74MNOy+9i0RQYweHNsv3tEUUa
bRF/x5LLtq+9XdI9njq2PPgmOrfFAhFFrxafxnLxHqmfz8umPGawH2ZP30NSxRES
zaNfAqB12ahGxkKbyteaEhMixoUVgi35MJMUB1TrfQklOA0=
-----END CERTIFICATE-----