Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38352e3230392e39342e302f32332d3233203d3e203437353833.roa
File:                     38352e3230392e39342e302f32332d3233203d3e203437353833.roa (raw, json)
Hash identifier:          HNMdzykAWizrn1jOxVPbD+RCQagbMVsJj5FTWAQ6odQ=
Subject key identifier:   A5:17:7A:9C:F6:0C:7B:1C:2B:AD:C7:07:C1:49:E1:4E:F7:47:15:D6
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       333CD639A3EDE1F150567AABA13B9FAC990CACA4
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38352e3230392e39342e302f32332d3233203d3e203437353833.roa
Signing time:             Thu 06 Jun 2024 13:53:20 +0000
ROA not before:           Thu 06 Jun 2024 13:48:20 +0000
ROA not after:            Thu 05 Jun 2025 13:53:20 +0000
asID:                     47583
IP address blocks:        85.209.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:3c:d6:39:a3:ed:e1:f1:50:56:7a:ab:a1:3b:9f:ac:99:0c:ac:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jun  6 13:48:20 2024 GMT
            Not After : Jun  5 13:53:20 2025 GMT
        Subject: CN=A5177A9CF60C7B1C2BADC707C149E14EF74715D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f4:8f:84:9a:52:b0:52:02:19:1d:c8:73:a1:
                    63:93:d6:c0:3b:6b:dc:39:3d:c2:78:ca:e1:18:3d:
                    a4:8b:b9:e3:b8:7a:4e:73:73:3b:d7:7a:6a:26:6a:
                    ce:27:6d:61:8a:a7:1e:c7:21:04:b6:bd:57:59:6a:
                    5d:2f:6f:39:8b:da:2d:d3:52:6b:c0:bf:57:75:e2:
                    32:21:7c:c9:ab:52:c5:84:56:cc:e2:3e:2a:b2:d4:
                    67:22:9e:a7:18:a0:46:53:34:1f:88:f1:66:e8:dd:
                    83:e5:68:82:5c:92:b2:10:07:1f:b8:46:d4:51:75:
                    e8:2a:a7:a1:90:e7:2d:ff:e5:30:a6:f2:7f:74:00:
                    98:da:f0:66:a4:85:9a:3f:98:0d:06:48:64:e2:9a:
                    7e:86:c9:75:7e:39:96:43:9c:86:26:f6:bf:47:7c:
                    42:e3:8f:75:bc:3f:f4:95:17:1c:e1:c3:35:b3:74:
                    d6:0f:33:6e:73:90:1b:de:df:ed:c9:ae:95:62:08:
                    36:d4:cd:a2:c8:9f:af:44:81:8c:24:51:b2:8d:db:
                    1a:ef:94:cd:d9:a9:8d:9b:72:87:29:7d:57:d6:f5:
                    29:92:38:6c:b4:0d:84:b8:93:db:95:34:b3:90:39:
                    d5:82:56:f2:68:d6:34:fd:1d:34:6f:0a:41:4d:25:
                    f5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:17:7A:9C:F6:0C:7B:1C:2B:AD:C7:07:C1:49:E1:4E:F7:47:15:D6
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/38352e3230392e39342e302f32332d3233203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:5b:fa:38:8a:0d:a4:a8:54:94:bf:36:5b:67:3b:63:dc:80:
         2f:bf:45:ed:f5:9d:08:c2:3b:ac:50:44:e4:fc:05:f6:70:8b:
         92:57:f1:af:e2:6b:74:cb:4f:51:ef:4b:c7:6e:48:71:8b:57:
         15:4b:0b:49:f3:a8:5e:86:99:ef:62:d1:2a:73:81:72:c2:99:
         98:ff:db:03:cf:70:84:25:b0:1f:67:6d:61:0e:c2:f1:ca:4d:
         13:b1:fb:96:56:7d:69:ee:4e:93:76:56:90:2d:22:32:8f:d0:
         b8:fe:bb:5e:8b:af:7c:a9:26:86:f9:60:69:d6:a8:42:d9:ac:
         3b:b1:27:61:8d:43:be:c0:a4:73:df:89:bf:d5:8a:1b:a6:1e:
         77:32:37:67:3c:7a:63:9e:76:11:56:55:97:9e:26:16:3d:31:
         f9:51:4f:d0:73:46:5f:84:9e:e1:f8:79:52:13:b4:eb:3c:01:
         64:b3:47:0a:49:88:01:f0:88:2d:98:8c:a1:d9:db:d7:81:cf:
         bf:5f:07:70:44:dc:78:5b:d1:ae:ac:b0:bd:0d:b6:05:07:34:
         04:10:66:2d:14:7e:81:b9:d9:23:89:29:1f:be:1c:db:d4:81:
         e7:c6:13:be:44:e8:83:d1:f5:10:c1:c4:4f:57:c7:e3:15:85:
         7d:92:eb:b3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMzzWOaPt4fFQVnqroTufrJkMrKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA2MDYxMzQ4MjBaFw0yNTA2MDUxMzUzMjBaMDMxMTAvBgNV
BAMTKEE1MTc3QTlDRjYwQzdCMUMyQkFEQzcwN0MxNDlFMTRFRjc0NzE1RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM9I+EmlKwUgIZHchzoWOT1sA7
a9w5PcJ4yuEYPaSLueO4ek5zczvXemomas4nbWGKpx7HIQS2vVdZal0vbzmL2i3T
UmvAv1d14jIhfMmrUsWEVsziPiqy1GcinqcYoEZTNB+I8Wbo3YPlaIJckrIQBx+4
RtRRdegqp6GQ5y3/5TCm8n90AJja8GakhZo/mA0GSGTimn6GyXV+OZZDnIYm9r9H
fELjj3W8P/SVFxzhwzWzdNYPM25zkBve3+3JrpViCDbUzaLIn69EgYwkUbKN2xrv
lM3ZqY2bcocpfVfW9SmSOGy0DYS4k9uVNLOQOdWCVvJo1jT9HTRvCkFNJfURAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpRd6nPYMexwrrccHwUnhTvdHFdYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzgzNTJlMzIzMDM5MmUzOTM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVXR
XjANBgkqhkiG9w0BAQsFAAOCAQEATlv6OIoNpKhUlL82W2c7Y9yAL79F7fWdCMI7
rFBE5PwF9nCLklfxr+JrdMtPUe9Lx25IcYtXFUsLSfOoXoaZ72LRKnOBcsKZmP/b
A89whCWwH2dtYQ7C8cpNE7H7llZ9ae5Ok3ZWkC0iMo/QuP67XouvfKkmhvlgadao
QtmsO7EnYY1DvsCkc9+Jv9WKG6YedzI3Zzx6Y552EVZVl54mFj0x+VFP0HNGX4Se
4fh5UhO06zwBZLNHCkmIAfCILZiModnb14HPv18HcETceFvRrqywvQ22BQc0BBBm
LRR+gbnZI4kpH74c29SB58YTvkTog9H1EMHET1fH4xWFfZLrsw==
-----END CERTIFICATE-----