Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203131383738.roa
File:                     38352e3230392e31392e302f32342d3234203d3e203131383738.roa (raw, json)
Hash identifier:          CAxVMMWN+S6NlP/AsgS1tyjuFvGWAaxzAHmHeH0vGZY=
Subject key identifier:   7C:0E:96:A6:05:6A:49:09:7A:10:66:3C:57:BB:34:4D:7E:FC:EF:47
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       793FC5322370037B4CCB4EFEE5415EFC8A91A0A7
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203131383738.roa
Signing time:             Tue 13 Aug 2024 14:25:54 +0000
ROA not before:           Tue 13 Aug 2024 14:20:54 +0000
ROA not after:            Tue 12 Aug 2025 14:25:54 +0000
asID:                     11878
IP address blocks:        85.209.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:3f:c5:32:23:70:03:7b:4c:cb:4e:fe:e5:41:5e:fc:8a:91:a0:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Aug 13 14:20:54 2024 GMT
            Not After : Aug 12 14:25:54 2025 GMT
        Subject: CN=7C0E96A6056A49097A10663C57BB344D7EFCEF47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0c:19:3d:95:f4:d2:fe:df:26:94:e4:17:6d:
                    a7:82:9e:14:4b:df:c6:77:92:43:ae:79:81:23:ea:
                    22:da:d7:4b:62:1e:66:c7:a6:f3:c7:71:88:cb:94:
                    a3:2d:0e:03:33:d3:ea:61:54:70:10:24:9a:1f:c3:
                    21:a1:78:1b:43:89:69:33:59:12:ad:c4:3e:d2:8b:
                    26:25:74:b8:31:bf:34:ba:75:41:b5:5a:4f:5a:3a:
                    a1:5b:8d:7e:93:fa:bb:15:51:5a:2d:fe:c9:81:97:
                    5e:62:11:e2:96:01:10:ba:55:0e:bf:e3:a5:6f:1e:
                    ae:06:30:cb:41:b5:c1:b3:50:1d:d6:57:21:4b:53:
                    f6:00:89:a7:dc:c6:73:7f:9a:db:12:ab:8a:7a:d3:
                    6f:52:0a:a4:dc:3e:44:4c:45:1f:ad:22:25:c6:b2:
                    47:89:d0:67:ea:16:77:84:84:95:ee:c5:87:0b:9f:
                    77:f5:ca:f8:b3:1d:b0:90:e5:2d:03:96:1d:27:0d:
                    21:e5:74:96:65:9c:48:af:23:79:b2:bd:83:22:25:
                    5a:90:71:eb:e3:9b:73:6d:6b:ff:da:8d:10:0c:9a:
                    a7:31:db:0d:ed:d0:6c:ab:95:13:be:71:b7:13:e7:
                    ef:ab:9f:a8:95:63:05:2f:51:26:83:18:a0:30:ca:
                    9f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:0E:96:A6:05:6A:49:09:7A:10:66:3C:57:BB:34:4D:7E:FC:EF:47
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203131383738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:8f:85:ff:81:92:a9:97:71:6e:e8:aa:0e:01:26:81:97:a8:
         7f:4b:5a:00:69:8e:e6:a0:e5:1c:47:fc:22:69:4b:c4:f3:8f:
         c0:ba:96:ad:8c:79:23:82:22:d5:32:ab:6b:8a:4b:56:dd:43:
         ae:57:3c:0a:cc:9b:b8:fa:4d:41:27:93:ff:f0:2e:9d:bb:b9:
         9c:35:16:48:d2:07:66:0c:94:d5:da:2f:80:08:4d:41:22:7b:
         f2:a6:ee:e8:7b:63:53:92:87:f3:c1:09:0a:db:10:6a:72:61:
         8a:39:b7:0a:32:66:53:15:27:81:e7:a0:ca:87:1c:e0:69:a5:
         73:5d:f8:1e:fb:c6:10:48:53:07:b5:3f:0f:de:eb:b3:57:7c:
         eb:40:4c:06:88:92:78:ac:e4:87:5f:43:aa:d0:c5:44:38:71:
         56:b2:05:36:c0:c3:d1:4f:0c:01:b1:69:64:ab:22:8a:61:b4:
         ef:1d:b9:30:8a:1e:69:0d:95:0d:29:e4:9a:dc:45:dc:d0:14:
         d2:83:cb:52:0d:9f:09:79:58:ed:8d:19:ed:a6:d7:56:ff:af:
         76:b6:3c:44:d2:e8:19:51:bc:7b:90:d9:94:2d:f2:91:3b:1b:
         fb:2c:e2:bc:b1:e3:05:50:72:67:44:50:99:f8:dc:54:be:01:
         5a:87:23:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeT/FMiNwA3tMy07+5UFe/IqRoKcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA4MTMxNDIwNTRaFw0yNTA4MTIxNDI1NTRaMDMxMTAvBgNV
BAMTKDdDMEU5NkE2MDU2QTQ5MDk3QTEwNjYzQzU3QkIzNDREN0VGQ0VGNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDBk9lfTS/t8mlOQXbaeCnhRL
38Z3kkOueYEj6iLa10tiHmbHpvPHcYjLlKMtDgMz0+phVHAQJJofwyGheBtDiWkz
WRKtxD7SiyYldLgxvzS6dUG1Wk9aOqFbjX6T+rsVUVot/smBl15iEeKWARC6VQ6/
46VvHq4GMMtBtcGzUB3WVyFLU/YAiafcxnN/mtsSq4p6029SCqTcPkRMRR+tIiXG
skeJ0GfqFneEhJXuxYcLn3f1yvizHbCQ5S0Dlh0nDSHldJZlnEivI3myvYMiJVqQ
cevjm3Nta//ajRAMmqcx2w3t0GyrlRO+cbcT5++rn6iVYwUvUSaDGKAwyp8fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfA6WpgVqSQl6EGY8V7s0TX7870cwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMTM4MzczOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
EzANBgkqhkiG9w0BAQsFAAOCAQEAXI+F/4GSqZdxbuiqDgEmgZeof0taAGmO5qDl
HEf8ImlLxPOPwLqWrYx5I4Ii1TKra4pLVt1Drlc8CsybuPpNQSeT//Aunbu5nDUW
SNIHZgyU1dovgAhNQSJ78qbu6HtjU5KH88EJCtsQanJhijm3CjJmUxUngeegyocc
4Gmlc134HvvGEEhTB7U/D97rs1d860BMBoiSeKzkh19DqtDFRDhxVrIFNsDD0U8M
AbFpZKsiimG07x25MIoeaQ2VDSnkmtxF3NAU0oPLUg2fCXlY7Y0Z7abXVv+vdrY8
RNLoGVG8e5DZlC3ykTsb+yzivLHjBVByZ0RQmfjcVL4BWocj5A==
-----END CERTIFICATE-----