Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20383334.roa
File:                     38352e3230392e3233302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +YwKgorgvo1CvmKan+owoUGLWhiNoyaWQV/LPfZU7RI=
Subject key identifier:   75:7B:EB:50:93:86:27:52:37:F4:46:59:72:40:72:2A:8C:8E:88:C0
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       09C2454827EEFC6D19AA6F8BCDD3CA6B27AEF2A9
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 21 Apr 2025 00:02:21 +0000
ROA not before:           Sun 20 Apr 2025 23:57:21 +0000
ROA not after:            Mon 20 Apr 2026 00:02:21 +0000
asID:                     834
IP address blocks:        85.209.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 04:36:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c2:45:48:27:ee:fc:6d:19:aa:6f:8b:cd:d3:ca:6b:27:ae:f2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Apr 20 23:57:21 2025 GMT
            Not After : Apr 20 00:02:21 2026 GMT
        Subject: CN=757BEB509386275237F446597240722A8C8E88C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a0:1d:92:5a:38:c8:81:46:b8:73:cb:51:91:
                    ff:c6:fa:f6:a8:04:44:db:fb:a0:bb:e4:ee:b2:aa:
                    84:de:0f:f9:df:c9:dd:12:43:fe:23:d4:6f:e9:21:
                    8d:7a:23:d1:2a:29:67:58:61:52:3f:7b:8c:c8:47:
                    98:d6:65:2e:3e:bf:71:5b:94:d4:cd:af:b1:4b:82:
                    6b:81:c9:38:91:fa:ba:3e:9a:0e:bb:73:48:c2:b2:
                    9b:88:03:a4:66:56:59:af:62:8a:5f:b8:be:bc:d9:
                    0c:f8:60:f1:11:8d:22:8a:d2:3a:1e:d6:96:a3:52:
                    85:cb:96:be:a2:b1:18:99:d8:03:70:9f:d0:25:05:
                    85:ed:e0:4d:78:e6:39:15:1c:0a:95:f0:9f:b1:bb:
                    52:02:98:4b:12:d5:fa:c7:4a:fa:25:02:60:0f:51:
                    2b:ed:95:89:99:65:42:f9:08:d4:36:36:76:1b:37:
                    fe:e4:a8:12:3c:c6:5c:0b:79:54:cd:92:77:17:67:
                    9a:1a:69:01:d9:90:9b:62:73:12:1f:81:ec:1d:17:
                    9f:fb:7a:96:d1:9f:b0:64:79:3a:10:d2:19:94:74:
                    9e:3e:97:35:7e:b9:d2:2e:07:ad:03:30:b6:a4:82:
                    7b:80:50:98:d9:1a:85:3d:67:f7:b8:bb:a6:9d:60:
                    83:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7B:EB:50:93:86:27:52:37:F4:46:59:72:40:72:2A:8C:8E:88:C0
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:30:fc:7a:03:34:e0:59:3e:c9:6c:cb:89:9e:3d:b1:78:08:
         0c:35:e7:36:a3:a3:8b:42:50:c9:63:e8:db:80:b4:b7:b9:ed:
         1f:d2:ed:26:1d:e8:38:80:b2:70:1b:8e:a4:e1:5e:a0:a8:9d:
         ba:4b:46:7b:1e:2c:22:7d:a8:be:77:d5:94:1c:90:f9:1a:40:
         0d:71:5a:12:4f:9d:b4:9d:ff:e0:2f:1d:b8:2e:4e:53:ca:09:
         14:f6:f0:f5:64:08:b3:0e:2b:08:0d:66:78:ef:04:9d:17:56:
         a1:4f:5f:d5:21:e7:e9:e7:f4:bb:9d:06:e1:27:17:be:70:2a:
         5f:87:0f:12:92:02:73:4e:15:b7:f4:66:25:36:4e:62:96:25:
         d9:f1:83:28:73:de:fe:42:ef:dc:ea:84:12:05:e5:f7:a0:1b:
         10:69:d0:dc:bb:63:48:a0:a9:8a:ea:99:9a:f3:2e:e0:1f:aa:
         e0:cc:aa:d8:76:ed:41:cc:45:9c:c3:a9:93:2a:16:34:b5:32:
         8b:55:95:af:51:21:05:52:23:fe:25:14:dc:57:f2:8b:c4:46:
         77:d0:14:ef:da:a5:c6:74:53:4b:1c:3a:b7:a3:8f:36:ae:24:
         48:f5:ce:bc:59:ee:d2:3a:b7:44:85:df:0e:dd:fa:b9:dd:32:
         f6:2a:7d:28
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCcJFSCfu/G0Zqm+LzdPKayeu8qkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA0MjAyMzU3MjFaFw0yNjA0MjAwMDAyMjFaMDMxMTAvBgNV
BAMTKDc1N0JFQjUwOTM4NjI3NTIzN0Y0NDY1OTcyNDA3MjJBOEM4RTg4QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXoB2SWjjIgUa4c8tRkf/G+vao
BETb+6C75O6yqoTeD/nfyd0SQ/4j1G/pIY16I9EqKWdYYVI/e4zIR5jWZS4+v3Fb
lNTNr7FLgmuByTiR+ro+mg67c0jCspuIA6RmVlmvYopfuL682Qz4YPERjSKK0joe
1pajUoXLlr6isRiZ2ANwn9AlBYXt4E145jkVHAqV8J+xu1ICmEsS1frHSvolAmAP
USvtlYmZZUL5CNQ2NnYbN/7kqBI8xlwLeVTNkncXZ5oaaQHZkJticxIfgewdF5/7
epbRn7BkeToQ0hmUdJ4+lzV+udIuB60DMLakgnuAUJjZGoU9Z/e4u6adYIMJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdXvrUJOGJ1I39EZZckByKoyOiMAwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0eYw
DQYJKoZIhvcNAQELBQADggEBALkw/HoDNOBZPslsy4mePbF4CAw15zajo4tCUMlj
6NuAtLe57R/S7SYd6DiAsnAbjqThXqConbpLRnseLCJ9qL531ZQckPkaQA1xWhJP
nbSd/+AvHbguTlPKCRT28PVkCLMOKwgNZnjvBJ0XVqFPX9Uh5+nn9LudBuEnF75w
Kl+HDxKSAnNOFbf0ZiU2TmKWJdnxgyhz3v5C79zqhBIF5fegGxBp0Ny7Y0igqYrq
mZrzLuAfquDMqth27UHMRZzDqZMqFjS1MotVla9RIQVSI/4lFNxX8ovERnfQFO/a
pcZ0U0scOrejjzauJEj1zrxZ7tI6t0SF3w7d+rndMvYqfSg=
-----END CERTIFICATE-----