Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3232302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          7M9/SVBVWQwyoA6cw3FAwcJZtN9XnrwznB461R6Q9iU=
Subject key identifier:   9A:72:90:D6:4E:FB:BE:41:7C:CB:07:9C:52:06:87:7A:6C:04:35:D0
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       0F890EE9089813180CF5538B5EB38DEDC7BD2478
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 28 Jul 2025 07:40:03 +0000
ROA not before:           Mon 28 Jul 2025 07:35:03 +0000
ROA not after:            Mon 27 Jul 2026 07:40:03 +0000
asID:                     834
IP address blocks:        85.237.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:89:0e:e9:08:98:13:18:0c:f5:53:8b:5e:b3:8d:ed:c7:bd:24:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jul 28 07:35:03 2025 GMT
            Not After : Jul 27 07:40:03 2026 GMT
        Subject: CN=9A7290D64EFBBE417CCB079C5206877A6C0435D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e6:f2:36:12:ab:33:c8:7c:d7:e7:ac:75:44:
                    41:37:c9:64:08:e4:d2:d1:f2:dc:0d:ae:c6:02:db:
                    f3:a8:9a:6b:79:36:76:d1:1c:05:cf:97:31:f9:20:
                    52:54:22:13:d8:c1:90:a4:66:fe:e7:79:f2:be:aa:
                    8a:68:5a:f7:a3:c5:64:74:6a:12:50:58:3b:82:00:
                    24:bb:ac:76:e0:d2:58:54:9d:8b:48:49:23:75:1c:
                    60:f7:fc:00:8f:50:98:a1:a6:bb:d9:39:ff:0b:9e:
                    f4:bc:fc:45:ab:2e:71:0b:7d:53:ea:fc:a6:9c:14:
                    fe:c2:60:5c:2c:d6:a2:92:f5:9b:c2:ab:9e:71:5d:
                    f0:44:c7:73:73:c3:86:c7:62:f0:b4:6f:83:ca:e1:
                    af:40:8d:8c:0b:20:e8:83:7c:5c:10:87:ac:cd:51:
                    9c:34:e6:3a:fd:2e:15:01:e8:30:d9:70:64:5f:80:
                    34:e8:27:01:0e:81:cb:0b:33:e5:92:28:9e:4d:3a:
                    03:c4:f6:6f:ab:60:12:eb:39:0d:c8:9f:e2:1a:ad:
                    ea:c9:64:8e:3f:10:1c:b6:48:b8:d8:09:ea:56:da:
                    e1:8e:f0:00:88:32:0a:33:18:d1:91:31:3f:bc:e1:
                    21:22:02:e4:ad:15:e0:77:c4:45:75:cc:b6:76:bd:
                    1f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:72:90:D6:4E:FB:BE:41:7C:CB:07:9C:52:06:87:7A:6C:04:35:D0
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:82:a6:5b:2f:3c:0b:cb:d6:f1:b6:6c:50:b8:e7:b1:09:41:
         56:44:89:97:db:0a:e8:75:3f:71:e6:29:0e:0c:b3:cb:89:56:
         3a:ae:ba:1f:92:69:cc:e2:1c:c4:df:76:b1:db:a8:a7:e5:eb:
         93:a0:cb:65:20:fd:d3:84:0c:f6:83:56:5d:16:98:ca:6c:5e:
         8a:9a:27:53:3e:58:33:31:3c:31:75:b0:19:1e:58:b5:cb:64:
         ca:81:05:49:de:ee:a8:92:d9:af:f7:c1:46:18:04:46:a4:00:
         5c:2e:41:e4:11:c3:82:c7:d3:bc:e6:0d:c5:2e:f6:21:9f:61:
         29:97:ed:20:19:89:5f:95:79:db:4e:51:a8:15:16:e0:c0:e7:
         ba:69:c8:67:8b:61:43:61:9c:5b:93:77:8f:f4:a0:c3:be:20:
         4f:e4:ed:b1:be:72:6f:36:82:d2:2e:fa:7d:2e:11:b3:be:99:
         c1:ef:24:13:d2:f1:8d:25:d8:18:9a:1f:26:7c:30:8c:23:ae:
         da:ff:cc:a6:bc:33:ec:83:54:8c:66:b3:6b:8b:9b:c3:5b:44:
         4e:5b:b3:46:b2:ec:8a:d2:31:7b:ce:65:39:c7:14:3e:64:58:
         ad:92:f5:46:98:23:48:8a:96:89:b1:ba:76:d1:65:80:ce:9a:
         7e:aa:0e:d1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUD4kO6QiYExgM9VOLXrON7ce9JHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA3MjgwNzM1MDNaFw0yNjA3MjcwNzQwMDNaMDMxMTAvBgNV
BAMTKDlBNzI5MEQ2NEVGQkJFNDE3Q0NCMDc5QzUyMDY4NzdBNkMwNDM1RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE5vI2EqszyHzX56x1REE3yWQI
5NLR8twNrsYC2/Oommt5NnbRHAXPlzH5IFJUIhPYwZCkZv7nefK+qopoWvejxWR0
ahJQWDuCACS7rHbg0lhUnYtISSN1HGD3/ACPUJihprvZOf8LnvS8/EWrLnELfVPq
/KacFP7CYFws1qKS9ZvCq55xXfBEx3Nzw4bHYvC0b4PK4a9AjYwLIOiDfFwQh6zN
UZw05jr9LhUB6DDZcGRfgDToJwEOgcsLM+WSKJ5NOgPE9m+rYBLrOQ3In+IarerJ
ZI4/EBy2SLjYCepW2uGO8ACIMgozGNGRMT+84SEiAuStFeB3xEV1zLZ2vR+TAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmnKQ1k77vkF8ywecUgaHemwENdAwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dww
DQYJKoZIhvcNAQELBQADggEBAByCplsvPAvL1vG2bFC457EJQVZEiZfbCuh1P3Hm
KQ4Ms8uJVjquuh+SacziHMTfdrHbqKfl65Ogy2Ug/dOEDPaDVl0WmMpsXoqaJ1M+
WDMxPDF1sBkeWLXLZMqBBUne7qiS2a/3wUYYBEakAFwuQeQRw4LH07zmDcUu9iGf
YSmX7SAZiV+VedtOUagVFuDA57ppyGeLYUNhnFuTd4/0oMO+IE/k7bG+cm82gtIu
+n0uEbO+mcHvJBPS8Y0l2BiaHyZ8MIwjrtr/zKa8M+yDVIxms2uLm8NbRE5bs0ay
7IrSMXvOZTnHFD5kWK2S9UaYI0iKlomxunbRZYDOmn6qDtE=
-----END CERTIFICATE-----