Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203236373337.roa
File:                     38352e3230392e31392e302f32342d3234203d3e203236373337.roa (raw, json)
Hash identifier:          SGL5IEW2JopNPhh1E9HXv/wmh67qnx4oLbRQQWWSjBI=
Subject key identifier:   3E:80:AD:39:51:36:D6:51:C8:12:CB:0D:28:C3:66:F0:E5:76:DD:EF
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       4D386478AB3EDF81F83E53EE03B299BE45564C64
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203236373337.roa
Signing time:             Mon 12 Feb 2024 20:43:07 +0000
ROA not before:           Mon 12 Feb 2024 20:38:07 +0000
ROA not after:            Mon 10 Feb 2025 20:43:07 +0000
asID:                     26737
IP address blocks:        85.209.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 15:47:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:38:64:78:ab:3e:df:81:f8:3e:53:ee:03:b2:99:be:45:56:4c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 12 20:38:07 2024 GMT
            Not After : Feb 10 20:43:07 2025 GMT
        Subject: CN=3E80AD395136D651C812CB0D28C366F0E576DDEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:28:83:0d:d9:5c:fe:ad:78:c0:34:95:0c:10:
                    37:52:ea:6c:0d:5c:25:f6:97:08:53:03:d0:4b:f1:
                    f5:c6:41:d5:ed:53:f0:8c:b6:c6:6a:75:7f:d7:2a:
                    c2:69:54:40:bd:ac:72:60:59:4d:d7:70:4a:96:2d:
                    ea:39:b5:e5:02:cc:88:b3:2d:dd:94:68:d8:d9:dc:
                    46:4d:4d:d8:44:59:9e:17:e1:d8:75:9e:2a:dd:a1:
                    cd:30:e5:15:1a:b4:24:86:bc:39:f4:2a:7e:70:5b:
                    36:66:78:b0:6f:f5:8a:89:f5:01:88:4a:a5:68:6d:
                    f2:79:3e:dd:ab:5f:b7:82:1b:26:81:e7:b2:49:af:
                    5b:63:db:15:2c:3f:b6:11:c9:98:ee:8b:4c:2e:34:
                    a2:6d:6f:d4:d3:69:53:74:3b:3f:89:cd:ac:ce:74:
                    f0:8d:13:2a:5b:60:2f:c6:4c:52:9c:32:1e:2e:4b:
                    09:03:14:02:0b:94:4a:c8:83:12:fc:9e:49:02:a7:
                    bd:c8:ca:2c:66:ff:a8:40:99:81:79:54:b1:35:14:
                    0e:c8:c0:58:38:b0:1d:18:23:23:c7:1f:1c:a6:72:
                    9d:bb:a5:09:ba:78:6c:12:d6:bc:80:60:3b:0c:01:
                    c0:2d:28:c6:30:8e:2b:ab:08:85:da:fd:04:90:06:
                    56:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:80:AD:39:51:36:D6:51:C8:12:CB:0D:28:C3:66:F0:E5:76:DD:EF
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31392e302f32342d3234203d3e203236373337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:68:5f:37:fe:fe:4e:e1:3c:07:e8:67:ce:aa:e4:0d:35:18:
         f6:be:ce:5c:65:c0:6e:77:43:c5:9c:62:32:99:4a:19:17:e7:
         4b:a5:9d:e3:65:40:a6:27:69:8b:3f:b5:45:3e:e3:3f:0a:8e:
         f9:d8:d1:3c:5f:71:11:86:7e:ab:16:73:e6:9a:44:40:8d:af:
         9f:62:d2:e3:56:7e:f6:ea:3a:5b:0f:bc:ea:60:6e:ff:34:67:
         95:09:49:26:74:23:21:18:b6:d5:5d:aa:d8:29:a8:b7:59:4f:
         c1:e9:57:e0:7d:87:48:cd:31:f4:7c:a7:d5:2c:17:22:0d:7e:
         49:5d:f7:57:8d:ab:20:5e:4e:8b:b8:e0:84:a8:7d:c1:17:bb:
         4b:0e:18:a9:d0:35:77:29:06:97:05:48:28:f2:71:a1:4d:be:
         20:7c:7e:c9:04:ec:e9:30:33:b7:ff:5c:5d:7d:25:26:46:4a:
         6c:f1:23:0e:b3:6c:26:36:0e:00:1b:33:22:68:9c:2e:d3:72:
         92:cb:03:b9:99:9d:e4:0c:06:05:eb:82:2b:1d:42:ca:55:3a:
         24:ba:3f:7e:fd:5a:70:39:ec:75:c9:13:64:77:b3:b8:ad:01:
         ba:74:51:b3:a8:0a:f1:a4:c5:8e:7a:35:55:e9:28:ef:fb:a7:
         71:15:bb:cd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTThkeKs+34H4PlPuA7KZvkVWTGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMTIyMDM4MDdaFw0yNTAyMTAyMDQzMDdaMDMxMTAvBgNV
BAMTKDNFODBBRDM5NTEzNkQ2NTFDODEyQ0IwRDI4QzM2NkYwRTU3NkRERUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwKIMN2Vz+rXjANJUMEDdS6mwN
XCX2lwhTA9BL8fXGQdXtU/CMtsZqdX/XKsJpVEC9rHJgWU3XcEqWLeo5teUCzIiz
Ld2UaNjZ3EZNTdhEWZ4X4dh1nirdoc0w5RUatCSGvDn0Kn5wWzZmeLBv9YqJ9QGI
SqVobfJ5Pt2rX7eCGyaB57JJr1tj2xUsP7YRyZjui0wuNKJtb9TTaVN0Oz+JzazO
dPCNEypbYC/GTFKcMh4uSwkDFAILlErIgxL8nkkCp73Iyixm/6hAmYF5VLE1FA7I
wFg4sB0YIyPHHxymcp27pQm6eGwS1ryAYDsMAcAtKMYwjiurCIXa/QSQBlZbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPoCtOVE21lHIEssNKMNm8OV23e8wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM3MzMzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
EzANBgkqhkiG9w0BAQsFAAOCAQEAzGhfN/7+TuE8B+hnzqrkDTUY9r7OXGXAbndD
xZxiMplKGRfnS6Wd42VApidpiz+1RT7jPwqO+djRPF9xEYZ+qxZz5ppEQI2vn2LS
41Z+9uo6Ww+86mBu/zRnlQlJJnQjIRi21V2q2Cmot1lPwelX4H2HSM0x9Hyn1SwX
Ig1+SV33V42rIF5Oi7jghKh9wRe7Sw4YqdA1dykGlwVIKPJxoU2+IHx+yQTs6TAz
t/9cXX0lJkZKbPEjDrNsJjYOABszImicLtNykssDuZmd5AwGBeuCKx1CylU6JLo/
fv1acDnsdckTZHezuK0BunRRs6gK8aTFjno1Veko7/uncRW7zQ==
-----END CERTIFICATE-----