Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa
File:                     38352e3230392e3232392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Vz5JKMXsuq4dM9WXBkKEYV/7pFbyG3pvLjRS9Y02R/M=
Subject key identifier:   45:A4:30:CC:24:B5:5D:94:5C:52:79:FC:30:24:18:30:FA:BD:FD:47
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       7C76B3F898853E662429A05F83461D910E0E2428
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 13 Jun 2025 11:52:42 +0000
ROA not before:           Fri 13 Jun 2025 11:47:42 +0000
ROA not after:            Fri 12 Jun 2026 11:52:42 +0000
asID:                     834
IP address blocks:        85.209.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:76:b3:f8:98:85:3e:66:24:29:a0:5f:83:46:1d:91:0e:0e:24:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 13 11:47:42 2025 GMT
            Not After : Jun 12 11:52:42 2026 GMT
        Subject: CN=45A430CC24B55D945C5279FC30241830FABDFD47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:78:9e:a4:e0:a3:62:16:97:ce:78:d7:f3:2e:
                    ce:90:78:bf:35:28:dc:1e:fa:95:38:ec:c3:e8:ac:
                    50:1e:2a:d4:8c:54:1b:11:31:1e:ae:d8:be:ef:c9:
                    aa:d3:cc:38:bd:c6:70:68:20:99:20:dc:2d:2b:54:
                    5a:dc:ad:ee:18:a3:3e:5b:d2:f7:6f:d4:45:48:10:
                    7c:5a:99:68:4a:71:11:62:58:d1:2e:17:6b:7c:bc:
                    7c:82:f9:63:68:09:0f:1c:45:07:9c:dd:25:17:97:
                    18:0c:95:03:35:38:b5:10:cd:49:dd:7d:67:9d:ad:
                    d2:a2:c8:64:10:17:49:8b:17:77:65:0f:ba:6b:11:
                    76:65:15:e4:a3:84:66:7a:40:28:3f:9d:be:d5:34:
                    cb:a0:45:1b:8e:96:d1:f8:80:2b:95:10:1f:31:c2:
                    8f:6f:03:4d:7c:5e:9e:bf:b9:69:51:de:e2:37:91:
                    35:9a:8e:cb:00:70:7e:25:f6:2a:f3:13:43:86:a7:
                    0f:01:68:9d:da:b9:4e:bf:4d:d6:45:54:5a:16:c7:
                    1d:5e:ea:82:0e:a9:fd:5d:d5:f6:d5:b5:46:c4:63:
                    99:03:b7:bf:3e:01:9d:53:e3:8d:cd:72:d7:c3:eb:
                    11:54:b4:a4:40:0f:5a:18:db:34:a3:17:66:42:e2:
                    09:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A4:30:CC:24:B5:5D:94:5C:52:79:FC:30:24:18:30:FA:BD:FD:47
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:51:5f:64:70:72:db:42:50:c7:cf:d5:6d:d8:a7:93:5e:36:
         2b:d3:4a:b5:65:06:69:9d:77:98:f6:73:61:d2:6a:59:79:bd:
         4f:31:c0:b5:d4:e8:05:3d:4d:55:b5:19:07:7a:12:74:34:e5:
         e3:a3:69:e5:cd:60:42:9e:91:5d:40:ad:a6:7c:07:38:be:65:
         63:9d:fc:3f:b0:3d:f8:24:9f:96:0e:f9:a3:82:63:b8:2b:4e:
         b6:4d:86:4b:54:b4:69:1d:46:ea:3a:7f:de:93:0d:72:b2:ea:
         30:14:d1:76:e9:a4:61:47:23:56:87:dd:58:f2:59:1d:70:a7:
         a3:1b:74:5e:2e:6a:fa:e2:71:03:dc:a1:39:47:22:c1:fd:38:
         ca:60:75:b1:f6:49:5b:5b:7f:e1:8d:e4:5f:b7:d0:d0:07:29:
         b5:f8:ae:8e:b4:45:e7:87:06:f7:55:e2:c4:8b:98:f8:b7:b1:
         6c:50:58:70:68:78:60:4a:70:92:ba:d5:bc:d2:bf:3f:a3:5c:
         9c:f6:be:eb:c3:13:ab:83:6d:ec:5e:22:2c:3b:99:51:25:68:
         bf:f1:fe:05:7e:9a:37:b8:55:58:13:ed:82:97:01:31:b8:59:
         d1:0e:2a:61:59:02:89:a6:f3:f9:a9:13:8d:11:81:d8:1c:ec:
         3f:30:72:64
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfHaz+JiFPmYkKaBfg0YdkQ4OJCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA2MTMxMTQ3NDJaFw0yNjA2MTIxMTUyNDJaMDMxMTAvBgNV
BAMTKDQ1QTQzMENDMjRCNTVEOTQ1QzUyNzlGQzMwMjQxODMwRkFCREZENDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4eJ6k4KNiFpfOeNfzLs6QeL81
KNwe+pU47MPorFAeKtSMVBsRMR6u2L7vyarTzDi9xnBoIJkg3C0rVFrcre4Yoz5b
0vdv1EVIEHxamWhKcRFiWNEuF2t8vHyC+WNoCQ8cRQec3SUXlxgMlQM1OLUQzUnd
fWedrdKiyGQQF0mLF3dlD7prEXZlFeSjhGZ6QCg/nb7VNMugRRuOltH4gCuVEB8x
wo9vA018Xp6/uWlR3uI3kTWajssAcH4l9irzE0OGpw8BaJ3auU6/TdZFVFoWxx1e
6oIOqf1d1fbVtUbEY5kDt78+AZ1T443NctfD6xFUtKRAD1oY2zSjF2ZC4glPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURaQwzCS1XZRcUnn8MCQYMPq9/UcwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0eUw
DQYJKoZIhvcNAQELBQADggEBAEJRX2RwcttCUMfP1W3Yp5NeNivTSrVlBmmdd5j2
c2HSall5vU8xwLXU6AU9TVW1GQd6EnQ05eOjaeXNYEKekV1AraZ8Bzi+ZWOd/D+w
Pfgkn5YO+aOCY7grTrZNhktUtGkdRuo6f96TDXKy6jAU0XbppGFHI1aH3VjyWR1w
p6MbdF4uavricQPcoTlHIsH9OMpgdbH2SVtbf+GN5F+30NAHKbX4ro60ReeHBvdV
4sSLmPi3sWxQWHBoeGBKcJK61bzSvz+jXJz2vuvDE6uDbexeIiw7mVElaL/x/gV+
mje4VVgT7YKXATG4WdEOKmFZAomm8/mpE40Rgdgc7D8wcmQ=
-----END CERTIFICATE-----