Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e2039333034.roa
File:                     38352e3230392e3232332e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          0/vlyudOvfrTXDYry+ctcQDu/4WyWHfPi4/BlzHetZw=
Subject key identifier:   07:94:90:2B:1C:66:C3:4D:A5:50:C0:E7:4A:1C:9C:A3:F6:DE:B7:B7
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       4492F122BA05DF26466FC6E93E9064FCAE7C9C64
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e2039333034.roa
Signing time:             Sat 30 Aug 2025 15:28:40 +0000
ROA not before:           Sat 30 Aug 2025 15:23:40 +0000
ROA not after:            Sat 29 Aug 2026 15:28:40 +0000
asID:                     9304
IP address blocks:        85.209.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:92:f1:22:ba:05:df:26:46:6f:c6:e9:3e:90:64:fc:ae:7c:9c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Aug 30 15:23:40 2025 GMT
            Not After : Aug 29 15:28:40 2026 GMT
        Subject: CN=0794902B1C66C34DA550C0E74A1C9CA3F6DEB7B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ee:7b:80:fe:a8:06:14:b6:dd:c0:0c:e2:f3:
                    93:1a:3f:f0:09:13:e8:09:ba:1d:d0:90:9a:e8:20:
                    a6:9c:38:d6:d7:c2:1c:34:42:02:0e:70:a3:9f:25:
                    33:c6:09:47:32:fd:59:01:2f:71:f8:1d:16:b2:8c:
                    c0:30:fb:33:10:2d:41:72:0b:28:5d:b1:87:b8:75:
                    2f:02:17:7a:ce:47:d7:24:aa:fe:d5:3e:22:f4:f9:
                    ce:af:91:84:47:ae:f5:5c:5d:59:74:5b:11:f0:6a:
                    bb:15:7c:c1:05:66:b0:d0:7f:fa:26:a7:9b:3c:60:
                    45:ed:cb:85:5f:43:2c:81:bf:10:f9:cd:f8:8a:a3:
                    d9:ea:15:49:ce:4e:e3:87:77:e5:91:cc:6c:b4:05:
                    a9:49:19:7d:66:34:54:83:5c:0b:f2:c2:a6:12:d8:
                    d6:81:fa:cb:e7:02:ab:1f:d8:8d:52:7d:08:0d:3b:
                    16:1d:74:c5:07:fb:31:a4:4b:b4:80:50:4c:c8:c6:
                    74:a4:22:1f:4b:a9:a4:09:da:1a:5d:57:d1:e4:d9:
                    eb:a4:f6:e8:6b:ad:aa:d7:bb:a6:d7:93:d5:71:ac:
                    bc:fe:43:57:03:04:e1:79:5f:ad:c9:e0:90:93:0f:
                    04:a8:88:65:4e:01:af:6b:5c:3a:60:4c:1f:32:dc:
                    b0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:94:90:2B:1C:66:C3:4D:A5:50:C0:E7:4A:1C:9C:A3:F6:DE:B7:B7
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:23:c6:5b:dc:68:b5:24:04:e8:be:c9:32:09:40:e1:c5:db:
         7b:62:b7:58:df:51:08:77:67:b7:ee:c1:88:49:b0:e4:15:30:
         95:4e:d8:f1:fb:ce:d4:4b:00:0c:73:88:64:11:7f:2c:ec:40:
         80:fe:50:d3:5c:5b:74:ee:b5:b9:6b:b5:c2:e1:5b:16:bc:31:
         1e:aa:b6:7a:2d:46:73:04:eb:b8:9a:d0:0a:ec:7e:f1:85:56:
         26:66:97:4a:49:93:81:12:1b:9e:15:5c:ab:79:ac:79:2a:be:
         bc:2c:46:7a:d0:7e:0c:e0:80:b6:63:a4:fd:27:33:81:42:6a:
         6d:ae:9e:90:fd:75:91:ba:b1:41:c1:34:f4:7a:ea:a9:2b:91:
         e2:c0:c9:a1:ac:38:4c:25:25:13:05:d5:ee:a8:b0:11:99:e1:
         d5:be:d4:87:9c:80:10:2e:7c:b9:b7:51:b2:a9:84:9d:cc:98:
         2e:54:d3:2e:28:83:7e:34:c7:23:0c:6c:90:27:d7:aa:b8:a9:
         23:64:c4:8f:13:d2:02:98:89:27:05:7d:cf:f9:a3:af:e8:bc:
         01:6f:41:00:08:a3:ac:89:9f:d2:4f:47:6e:f6:c2:22:67:a5:
         56:62:3d:4b:da:ae:1e:e8:bf:ee:ab:13:21:77:b3:71:dd:d2:
         a4:7f:37:d9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURJLxIroF3yZGb8bpPpBk/K58nGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA4MzAxNTIzNDBaFw0yNjA4MjkxNTI4NDBaMDMxMTAvBgNV
BAMTKDA3OTQ5MDJCMUM2NkMzNERBNTUwQzBFNzRBMUM5Q0EzRjZERUI3QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu7nuA/qgGFLbdwAzi85MaP/AJ
E+gJuh3QkJroIKacONbXwhw0QgIOcKOfJTPGCUcy/VkBL3H4HRayjMAw+zMQLUFy
CyhdsYe4dS8CF3rOR9ckqv7VPiL0+c6vkYRHrvVcXVl0WxHwarsVfMEFZrDQf/om
p5s8YEXty4VfQyyBvxD5zfiKo9nqFUnOTuOHd+WRzGy0BalJGX1mNFSDXAvywqYS
2NaB+svnAqsf2I1SfQgNOxYddMUH+zGkS7SAUEzIxnSkIh9LqaQJ2hpdV9Hk2euk
9uhrrarXu6bXk9VxrLz+Q1cDBOF5X63J4JCTDwSoiGVOAa9rXDpgTB8y3LBTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUB5SQKxxmw02lUMDnShyco/bet7cwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
3zANBgkqhkiG9w0BAQsFAAOCAQEAjyPGW9xotSQE6L7JMglA4cXbe2K3WN9RCHdn
t+7BiEmw5BUwlU7Y8fvO1EsADHOIZBF/LOxAgP5Q01xbdO61uWu1wuFbFrwxHqq2
ei1GcwTruJrQCux+8YVWJmaXSkmTgRIbnhVcq3mseSq+vCxGetB+DOCAtmOk/Scz
gUJqba6ekP11kbqxQcE09HrqqSuR4sDJoaw4TCUlEwXV7qiwEZnh1b7Uh5yAEC58
ubdRsqmEncyYLlTTLiiDfjTHIwxskCfXqripI2TEjxPSApiJJwV9z/mjr+i8AW9B
AAijrImf0k9HbvbCImelVmI9S9quHui/7qsTIXezcd3SpH832Q==
-----END CERTIFICATE-----