Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa
File:                     38352e3131372e3233302e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          8/mMTd8OI6hx+rEazKaA5i9flVTt9So8wwSfFF6xpVo=
Subject key identifier:   5F:77:D4:CD:F9:CD:8F:38:C6:B9:DE:59:25:93:09:04:F7:FD:6A:D9
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       0B93D837BADE68F9C5F00D17BFE169F4699B7CF4
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 12 Mar 2025 12:53:22 +0000
ROA not before:           Wed 12 Mar 2025 12:48:22 +0000
ROA not after:            Wed 11 Mar 2026 12:53:22 +0000
asID:                     5065
IP address blocks:        85.117.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 04:22:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:93:d8:37:ba:de:68:f9:c5:f0:0d:17:bf:e1:69:f4:69:9b:7c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar 12 12:48:22 2025 GMT
            Not After : Mar 11 12:53:22 2026 GMT
        Subject: CN=5F77D4CDF9CD8F38C6B9DE5925930904F7FD6AD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4f:b4:fe:74:02:4d:21:83:d4:9a:fd:02:80:
                    4e:4f:9e:5b:90:90:ac:c4:87:bf:8f:e6:d0:bf:c3:
                    59:2c:51:7a:d3:49:ab:06:3b:87:09:47:18:c4:91:
                    09:cc:04:8f:a1:f8:25:83:c7:7f:45:54:75:e3:5b:
                    c2:f6:12:86:c5:c5:1d:17:3c:d3:42:e8:bb:1e:bc:
                    66:77:54:dd:19:d0:ab:38:fe:43:81:d2:d9:69:51:
                    40:4b:5c:62:a4:f2:2b:60:5f:fe:04:cb:88:75:46:
                    45:f3:b8:b3:14:ea:05:06:7b:13:e8:06:e6:70:e9:
                    13:a6:7d:94:95:e8:c5:13:62:a0:86:d4:75:1f:5c:
                    0f:aa:41:15:f9:90:c9:49:45:2a:0a:81:ea:70:0d:
                    d0:12:d6:9d:60:c1:f2:9a:87:02:26:06:54:bb:b5:
                    c6:13:73:c6:ce:b2:c3:8a:48:f7:2b:ad:d0:85:ce:
                    b4:00:ac:58:fa:be:e6:ea:fe:7f:6c:9f:03:a9:ee:
                    df:6c:93:c8:c6:d4:47:3f:85:63:41:8a:1a:60:4c:
                    81:c6:1d:36:64:aa:6f:3e:f3:29:ba:ca:47:91:2c:
                    f2:96:2d:85:52:1d:ab:67:dc:1f:2f:38:f7:08:70:
                    1e:32:ce:53:85:57:1f:a7:95:cf:37:6b:e4:1c:b5:
                    04:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:77:D4:CD:F9:CD:8F:38:C6:B9:DE:59:25:93:09:04:F7:FD:6A:D9
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:19:78:22:aa:1e:ed:0b:ff:5f:fa:97:fe:3a:41:f6:d9:2b:
         92:78:b5:75:60:e3:2c:19:84:92:52:72:b9:b7:83:d4:e2:e5:
         42:18:40:00:08:6c:78:7a:cc:f0:73:26:66:dc:02:29:34:c8:
         cc:f8:cf:51:7b:40:32:d8:9c:21:69:a6:29:06:26:83:da:53:
         a0:d1:37:d9:0c:4c:7a:ac:85:38:40:97:43:96:3c:67:fd:74:
         b2:e3:ad:19:55:7b:40:82:41:91:f4:fe:34:0a:96:1d:57:62:
         df:93:bb:86:0e:09:2c:32:a6:60:5a:af:54:1c:da:88:e8:45:
         29:84:54:e5:4e:54:01:d6:36:0d:42:74:66:3e:1f:75:5e:07:
         46:5f:bb:a4:50:85:8d:fb:fe:dc:1b:05:f7:92:bc:b1:80:5d:
         5b:a0:ba:74:12:95:1f:06:03:5d:d3:ee:a4:61:78:33:78:02:
         2f:8b:09:b3:64:b0:94:85:31:7d:9e:a2:5c:ac:ba:98:c1:4d:
         72:76:0e:19:db:f5:12:7b:fb:77:4a:2d:47:f3:7c:7d:51:d9:
         1b:45:b8:7b:54:e7:c3:1b:cc:f6:45:9b:4d:50:79:07:44:96:
         05:a8:d7:0a:54:c0:b2:87:80:3a:70:fe:11:f0:a2:d3:a0:26:
         a5:0b:cf:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC5PYN7reaPnF8A0Xv+Fp9GmbfPQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTAzMTIxMjQ4MjJaFw0yNjAzMTExMjUzMjJaMDMxMTAvBgNV
BAMTKDVGNzdENENERjlDRDhGMzhDNkI5REU1OTI1OTMwOTA0RjdGRDZBRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBT7T+dAJNIYPUmv0CgE5PnluQ
kKzEh7+P5tC/w1ksUXrTSasGO4cJRxjEkQnMBI+h+CWDx39FVHXjW8L2EobFxR0X
PNNC6LsevGZ3VN0Z0Ks4/kOB0tlpUUBLXGKk8itgX/4Ey4h1RkXzuLMU6gUGexPo
BuZw6ROmfZSV6MUTYqCG1HUfXA+qQRX5kMlJRSoKgepwDdAS1p1gwfKahwImBlS7
tcYTc8bOssOKSPcrrdCFzrQArFj6vubq/n9snwOp7t9sk8jG1Ec/hWNBihpgTIHG
HTZkqm8+8ym6ykeRLPKWLYVSHatn3B8vOPcIcB4yzlOFVx+nlc83a+QctQSPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX3fUzfnNjzjGud5ZJZMJBPf9atkwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzgzNTJlMzEzMTM3MmUzMjMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFV1
5jANBgkqhkiG9w0BAQsFAAOCAQEAIRl4Iqoe7Qv/X/qX/jpB9tkrkni1dWDjLBmE
klJyubeD1OLlQhhAAAhseHrM8HMmZtwCKTTIzPjPUXtAMticIWmmKQYmg9pToNE3
2QxMeqyFOECXQ5Y8Z/10suOtGVV7QIJBkfT+NAqWHVdi35O7hg4JLDKmYFqvVBza
iOhFKYRU5U5UAdY2DUJ0Zj4fdV4HRl+7pFCFjfv+3BsF95K8sYBdW6C6dBKVHwYD
XdPupGF4M3gCL4sJs2SwlIUxfZ6iXKy6mMFNcnYOGdv1Env7d0otR/N8fVHZG0W4
e1TnwxvM9kWbTVB5B0SWBajXClTAsoeAOnD+EfCi06AmpQvPvA==
-----END CERTIFICATE-----