Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38362e35342e3137322e302f32342d3234203d3e2032383536.roa
File:                     38362e35342e3137322e302f32342d3234203d3e2032383536.roa (raw, json)
Hash identifier:          kIjLwSREHkERxqQgCNkVDjeNAzY3bReXXhmulizNBno=
Subject key identifier:   37:4A:9F:EA:65:DA:79:83:D2:29:41:E3:98:E3:E7:7E:69:D9:D4:AC
Certificate issuer:       /CN=5ecb4cadbbadd500f49ca697d566a2761e017608
Certificate serial:       3DBF0426E2CFF77BFBA18EF87DFE01BAE7CBF0A8
Authority key identifier: 5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38362e35342e3137322e302f32342d3234203d3e2032383536.roa
Signing time:             Tue 27 May 2025 08:23:07 +0000
ROA not before:           Tue 27 May 2025 08:18:07 +0000
ROA not after:            Tue 26 May 2026 08:23:07 +0000
asID:                     2856
IP address blocks:        86.54.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:bf:04:26:e2:cf:f7:7b:fb:a1:8e:f8:7d:fe:01:ba:e7:cb:f0:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ecb4cadbbadd500f49ca697d566a2761e017608
        Validity
            Not Before: May 27 08:18:07 2025 GMT
            Not After : May 26 08:23:07 2026 GMT
        Subject: CN=374A9FEA65DA7983D22941E398E3E77E69D9D4AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:72:ea:08:3b:90:a5:8e:df:19:54:99:09:e6:
                    13:1d:41:d5:ed:93:92:b6:11:97:32:fc:96:a2:0d:
                    b5:b1:ef:8e:36:96:67:3a:dc:d3:bb:f1:f5:47:2a:
                    02:dc:aa:35:20:da:f5:1b:1d:c7:5c:15:68:bc:7a:
                    03:f2:e9:95:54:be:82:d0:ed:f5:c9:d5:8f:0f:1b:
                    90:1c:57:76:e3:93:52:58:94:26:ba:da:ca:e2:0b:
                    a5:a8:f6:01:d3:97:1b:e5:8f:78:6c:72:2d:ed:3b:
                    e0:55:bd:51:9f:8a:ca:0e:cc:c4:bf:7f:1c:7d:cf:
                    cb:2e:a8:8f:99:ee:94:bd:68:d0:3d:4c:7b:1c:97:
                    bc:ad:38:bf:c4:c1:c1:9a:22:a1:6f:0a:d1:65:f0:
                    5d:1d:fb:85:e6:32:74:6d:96:5e:53:71:7f:07:7a:
                    c1:8a:7b:a3:b9:52:54:35:a3:f5:e0:db:46:13:b5:
                    e6:b7:b2:31:e3:63:ad:1f:e6:e8:03:b2:4e:89:7c:
                    29:97:3b:64:e8:32:68:89:c5:d0:55:fe:28:e9:47:
                    bd:2c:2b:4b:e5:a0:b4:1e:74:37:e7:5f:c8:76:5e:
                    93:12:f2:71:1a:ba:6a:98:99:83:9b:9e:47:ed:b9:
                    b1:47:92:df:12:04:e5:f5:3f:15:a1:60:60:44:a9:
                    78:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4A:9F:EA:65:DA:79:83:D2:29:41:E3:98:E3:E7:7E:69:D9:D4:AC
            X509v3 Authority Key Identifier:
                keyid:5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38362e35342e3137322e302f32342d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:68:cf:13:7d:c4:4c:e6:96:b9:ce:45:54:19:9c:39:b7:23:
         e2:8e:48:c4:86:af:ca:96:8c:13:ce:33:f2:29:64:b7:53:5c:
         c7:62:68:40:fc:5c:c7:01:19:a6:73:00:bb:81:c0:31:6a:8c:
         ef:c9:fa:2f:df:70:a6:ca:2f:24:bc:f8:e7:25:6a:2d:61:18:
         94:bd:4c:2f:4e:ca:b7:d5:48:58:18:34:43:5b:58:d4:67:ba:
         f1:f3:05:64:af:f4:43:b8:cb:2e:b8:78:4c:82:68:86:32:e2:
         40:25:73:ea:1c:fb:48:8c:6d:e6:65:9f:f6:96:18:03:5d:8f:
         de:f2:05:08:dc:72:18:10:7d:07:13:52:5d:67:b3:78:42:a0:
         b9:d0:5d:eb:7c:36:15:be:53:33:56:67:2c:ef:d6:34:ba:5b:
         a5:33:3f:26:09:d2:c4:a1:09:68:b6:25:7b:ae:ce:8d:52:da:
         8c:ba:ef:24:28:77:2e:95:52:18:d0:b9:ee:39:8b:9f:83:83:
         95:c0:f8:9a:67:ea:76:e0:0b:84:95:e7:80:be:60:6f:05:7d:
         96:5c:13:97:aa:ff:9b:0e:06:c5:7c:9f:51:73:8a:7d:b7:bf:
         78:2c:70:69:c4:35:df:77:5c:cb:d3:cf:46:ca:16:f2:42:80:
         93:df:a1:d3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPb8EJuLP93v7oY74ff4BuufL8KgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVjYjRjYWRiYmFkZDUwMGY0OWNhNjk3ZDU2NmEyNzYx
ZTAxNzYwODAeFw0yNTA1MjcwODE4MDdaFw0yNjA1MjYwODIzMDdaMDMxMTAvBgNV
BAMTKDM3NEE5RkVBNjVEQTc5ODNEMjI5NDFFMzk4RTNFNzdFNjlEOUQ0QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwcuoIO5Cljt8ZVJkJ5hMdQdXt
k5K2EZcy/JaiDbWx7442lmc63NO78fVHKgLcqjUg2vUbHcdcFWi8egPy6ZVUvoLQ
7fXJ1Y8PG5AcV3bjk1JYlCa62sriC6Wo9gHTlxvlj3hsci3tO+BVvVGfisoOzMS/
fxx9z8suqI+Z7pS9aNA9THscl7ytOL/EwcGaIqFvCtFl8F0d+4XmMnRtll5TcX8H
esGKe6O5UlQ1o/Xg20YTtea3sjHjY60f5ugDsk6JfCmXO2ToMmiJxdBV/ijpR70s
K0vloLQedDfnX8h2XpMS8nEaumqYmYObnkftubFHkt8SBOX1PxWhYGBEqXj9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUN0qf6mXaeYPSKUHjmOPnfmnZ1KwwHwYDVR0j
BBgwFoAUXstMrbut1QD0nKaX1Waidh4BdggwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgtYmZlMC00MjM1LWFmYjQtZDUzZWRmYmFj
ZGQyLzAvNUVDQjRDQURCQkFERDUwMEY0OUNBNjk3RDU2NkEyNzYxRTAxNzYwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hzdE1yYnV0MVFEMG5LYVgxV2FpZGg0
QmRnZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgt
YmZlMC00MjM1LWFmYjQtZDUzZWRmYmFjZGQyLzAvMzgzNjJlMzUzNDJlMzEzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzODM1MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWNqww
DQYJKoZIhvcNAQELBQADggEBAIZozxN9xEzmlrnORVQZnDm3I+KOSMSGr8qWjBPO
M/IpZLdTXMdiaED8XMcBGaZzALuBwDFqjO/J+i/fcKbKLyS8+Oclai1hGJS9TC9O
yrfVSFgYNENbWNRnuvHzBWSv9EO4yy64eEyCaIYy4kAlc+oc+0iMbeZln/aWGANd
j97yBQjcchgQfQcTUl1ns3hCoLnQXet8NhW+UzNWZyzv1jS6W6UzPyYJ0sShCWi2
JXuuzo1S2oy67yQody6VUhjQue45i5+Dg5XA+Jpn6nbgC4SV54C+YG8FfZZcE5eq
/5sOBsV8n1Fzin23v3gscGnENd93XMvTz0bKFvJCgJPfodM=
-----END CERTIFICATE-----