Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
File:                     38352e3230382e35302e302f32342d3234203d3e203630373231.roa (raw, json)
Hash identifier:          N/MZ30pymvjzIs2HsIRcNnKBldpE7Qu4IKHQ3fcMv+E=
Subject key identifier:   85:C3:6B:56:C5:9E:EA:2D:FE:03:A0:07:6D:FE:9C:91:4B:1F:C6:A1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       55D4948F595C25E5987B0F6B410A6024E5CA4174
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
Signing time:             Fri 20 Sep 2024 14:04:50 +0000
ROA not before:           Fri 20 Sep 2024 13:59:50 +0000
ROA not after:            Fri 19 Sep 2025 14:04:50 +0000
asID:                     60721
IP address blocks:        85.208.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:d4:94:8f:59:5c:25:e5:98:7b:0f:6b:41:0a:60:24:e5:ca:41:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 20 13:59:50 2024 GMT
            Not After : Sep 19 14:04:50 2025 GMT
        Subject: CN=85C36B56C59EEA2DFE03A0076DFE9C914B1FC6A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:31:14:36:f7:cd:62:05:27:8f:c6:ef:26:dd:
                    da:6b:d1:a2:8b:77:ce:72:55:ba:ae:42:13:8e:87:
                    b0:5f:47:bf:ac:9a:4a:0f:07:35:71:ff:17:63:45:
                    69:96:4a:a9:0f:7f:c0:95:c8:34:ee:be:9c:83:26:
                    42:e4:3d:3a:30:21:96:cb:f2:b9:7b:c4:4a:d6:b0:
                    34:78:16:4b:70:2d:9e:b4:b3:cc:69:ab:b6:33:03:
                    c1:80:96:0b:d0:4f:22:bf:45:21:96:9e:24:34:2b:
                    42:b0:0a:cc:77:1a:74:56:71:bf:5c:b1:fc:92:c8:
                    32:a4:74:25:85:34:1c:e3:34:24:ba:77:a7:05:86:
                    1d:05:43:3d:c7:a1:80:25:e3:f0:86:2a:1a:42:29:
                    29:39:cc:02:99:b9:32:76:c1:5e:f1:9d:b9:d0:71:
                    4b:17:45:55:3c:9c:36:c7:7c:88:07:57:aa:e1:e6:
                    0b:19:78:4e:9b:f1:ee:50:12:38:7c:b9:d7:b3:ef:
                    30:24:79:39:fd:c4:8b:d8:67:b6:7c:64:49:be:77:
                    ed:24:38:9d:8e:b8:8e:0d:90:b7:2b:f8:a2:2c:e4:
                    e3:d9:77:69:dc:ff:2f:f8:78:ca:5b:d1:cc:c9:b6:
                    a6:1f:ca:93:a0:80:f8:83:18:3e:30:92:c4:b0:99:
                    6b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C3:6B:56:C5:9E:EA:2D:FE:03:A0:07:6D:FE:9C:91:4B:1F:C6:A1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:97:26:a4:94:2c:7a:5a:50:88:c9:20:4e:68:73:09:a7:ec:
         8e:60:df:18:34:be:4c:dc:a2:1f:66:88:fc:6f:d9:bd:a1:4b:
         94:ba:6c:72:f3:9f:6d:72:72:0d:83:10:19:2d:7a:68:d1:a5:
         a2:e7:0a:94:8a:30:59:6d:44:8e:ad:73:e3:e4:fb:50:36:1e:
         3f:32:d6:0b:31:8b:54:a6:80:b4:b2:32:36:48:fa:f6:36:02:
         0d:8e:01:0f:dd:92:02:98:af:54:52:31:f1:04:9f:b2:fb:2e:
         57:d9:4d:83:70:90:06:dc:64:76:1e:5f:1a:9f:7c:ad:24:14:
         9b:d8:22:2b:50:4f:77:13:28:0e:70:06:5e:c7:3b:67:5d:a7:
         df:54:c4:ad:3f:33:c5:c8:a0:6c:1a:69:c3:2f:58:c6:1d:67:
         cc:b3:58:dc:c7:72:6b:37:19:f3:b1:53:ab:5a:39:04:15:1e:
         4b:b1:4b:a1:6b:29:09:37:9a:c1:45:d0:69:fd:d3:d1:25:41:
         d6:86:40:a9:a0:4c:2e:40:17:d9:ac:53:0c:21:ba:f5:15:00:
         86:1d:80:15:82:f0:39:03:3b:1a:99:3d:84:2d:e8:02:f0:5c:
         b8:8c:2b:f0:ac:2d:95:92:c2:b0:9f:44:45:ab:96:4e:96:9e:
         e5:95:dd:c5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVdSUj1lcJeWYew9rQQpgJOXKQXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA5MjAxMzU5NTBaFw0yNTA5MTkxNDA0NTBaMDMxMTAvBgNV
BAMTKDg1QzM2QjU2QzU5RUVBMkRGRTAzQTAwNzZERkU5QzkxNEIxRkM2QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUMRQ2981iBSePxu8m3dpr0aKL
d85yVbquQhOOh7BfR7+smkoPBzVx/xdjRWmWSqkPf8CVyDTuvpyDJkLkPTowIZbL
8rl7xErWsDR4FktwLZ60s8xpq7YzA8GAlgvQTyK/RSGWniQ0K0KwCsx3GnRWcb9c
sfySyDKkdCWFNBzjNCS6d6cFhh0FQz3HoYAl4/CGKhpCKSk5zAKZuTJ2wV7xnbnQ
cUsXRVU8nDbHfIgHV6rh5gsZeE6b8e5QEjh8udez7zAkeTn9xIvYZ7Z8ZEm+d+0k
OJ2OuI4NkLcr+KIs5OPZd2nc/y/4eMpb0czJtqYfypOggPiDGD4wksSwmWtTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhcNrVsWe6i3+A6AHbf6ckUsfxqEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MjANBgkqhkiG9w0BAQsFAAOCAQEAlJcmpJQselpQiMkgTmhzCafsjmDfGDS+TNyi
H2aI/G/ZvaFLlLpscvOfbXJyDYMQGS16aNGloucKlIowWW1Ejq1z4+T7UDYePzLW
CzGLVKaAtLIyNkj69jYCDY4BD92SApivVFIx8QSfsvsuV9lNg3CQBtxkdh5fGp98
rSQUm9giK1BPdxMoDnAGXsc7Z12n31TErT8zxcigbBppwy9Yxh1nzLNY3MdyazcZ
87FTq1o5BBUeS7FLoWspCTeawUXQaf3T0SVB1oZAqaBMLkAX2axTDCG69RUAhh2A
FYLwOQM7Gpk9hC3oAvBcuIwr8KwtlZLCsJ9ERauWTpae5ZXdxQ==
-----END CERTIFICATE-----