Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa
File:                     38362e33382e382e302f32312d3231203d3e203135343139.roa (raw, json)
Hash identifier:          uWYPVYjRnhouz2kB1gip220mm9ixJ1+yxtSXIITlxEw=
Subject key identifier:   DE:8F:69:5C:A2:08:F4:0B:4C:DD:88:50:18:59:D6:A1:4B:E1:8E:4B
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       2EAEF3BF1231F734911DD9029D615C2E73C3B80B
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa
Signing time:             Fri 09 May 2025 09:37:53 +0000
ROA not before:           Fri 09 May 2025 09:32:53 +0000
ROA not after:            Fri 08 May 2026 09:37:53 +0000
asID:                     15419
IP address blocks:        86.38.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ae:f3:bf:12:31:f7:34:91:1d:d9:02:9d:61:5c:2e:73:c3:b8:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: May  9 09:32:53 2025 GMT
            Not After : May  8 09:37:53 2026 GMT
        Subject: CN=DE8F695CA208F40B4CDD88501859D6A14BE18E4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c1:cf:50:eb:4e:3c:9e:5f:71:d1:2e:27:22:
                    07:71:ae:9f:51:92:9a:c4:d5:18:e8:29:3b:c8:37:
                    cd:c1:46:a6:5b:37:f8:4d:98:32:a4:aa:af:90:d6:
                    6c:a4:3c:64:e7:2f:35:f8:69:83:15:fd:75:87:53:
                    4f:92:8f:f4:a8:2c:07:2a:96:b8:8c:2a:59:9c:8a:
                    e0:12:7c:2b:c3:38:a5:1a:5d:a0:98:f5:85:bd:dc:
                    0a:d9:ab:8c:c9:f7:1b:05:c2:34:f1:bd:73:9d:13:
                    96:cb:4a:32:86:ee:e0:a3:6a:c9:35:b1:1a:de:bf:
                    ef:04:16:76:9a:6b:c0:47:9b:cf:55:a0:f0:03:71:
                    a1:b8:0b:ca:b4:96:47:b6:94:77:ad:2e:9f:0c:89:
                    f0:ea:4f:0e:f4:8f:a0:cb:39:0a:ed:12:8b:f0:69:
                    9f:01:35:ec:50:90:d1:75:38:f5:4b:2c:b7:64:90:
                    02:36:a2:2a:3f:b7:83:fe:a0:9d:d0:ad:89:ad:dd:
                    f5:2f:1d:c5:5d:e9:aa:8c:cb:99:52:66:96:e9:58:
                    fa:23:c7:ea:ee:80:f7:0b:76:aa:4b:f4:38:9b:a4:
                    1b:ac:b1:91:31:f5:a5:4b:0d:f7:ac:f3:19:e7:12:
                    ae:40:ef:0b:2b:f5:b1:39:f0:c0:db:dc:0b:cd:b9:
                    96:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8F:69:5C:A2:08:F4:0B:4C:DD:88:50:18:59:D6:A1:4B:E1:8E:4B
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:93:ea:f5:34:27:85:6c:81:f0:4e:20:a2:3d:7a:8c:c3:8c:
         17:a7:d1:6e:c0:2d:c9:70:43:9d:ef:8c:ce:58:89:13:bd:21:
         d8:87:12:df:aa:87:0b:82:60:c3:c7:ac:b6:a0:2f:8c:ac:2a:
         cb:0f:bc:6d:ce:d3:4c:41:f0:96:e4:77:c5:7c:bf:d6:5f:c4:
         b5:25:5e:4f:ae:0e:51:19:00:03:6e:9f:4f:e8:57:43:71:55:
         5a:32:95:69:e6:ee:c2:f6:73:58:72:19:75:f0:6a:76:fa:98:
         fd:37:c0:01:3c:0d:f0:7f:6d:2e:b2:94:3d:29:d7:2f:9e:6c:
         a3:89:ad:d7:2e:45:b0:fc:1d:17:9e:b8:56:47:c1:46:a6:05:
         ae:24:d1:5e:05:f8:27:0b:a8:9a:15:26:dd:15:cd:c2:41:5d:
         9c:6f:bb:65:14:84:f9:2f:29:21:51:6a:b3:46:67:c0:fa:ed:
         9b:bf:5a:c7:9d:8f:d3:d5:ab:1f:87:a4:58:5a:49:72:57:ea:
         d7:c8:c4:28:73:ae:c8:01:6c:22:8e:f9:7a:dd:96:1c:a0:f1:
         0a:9b:a9:f4:1c:a7:78:27:6f:83:7b:98:a7:f4:3a:b1:9e:52:
         14:17:e0:48:7f:27:1f:0d:40:c8:0d:60:89:6f:30:19:7b:17:
         fb:85:50:66
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULq7zvxIx9zSRHdkCnWFcLnPDuAswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTNaFw0yNjA1MDgwOTM3NTNaMDMxMTAvBgNV
BAMTKERFOEY2OTVDQTIwOEY0MEI0Q0REODg1MDE4NTlENkExNEJFMThFNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4wc9Q6048nl9x0S4nIgdxrp9R
kprE1RjoKTvIN83BRqZbN/hNmDKkqq+Q1mykPGTnLzX4aYMV/XWHU0+Sj/SoLAcq
lriMKlmciuASfCvDOKUaXaCY9YW93ArZq4zJ9xsFwjTxvXOdE5bLSjKG7uCjask1
sRrev+8EFnaaa8BHm89VoPADcaG4C8q0lke2lHetLp8MifDqTw70j6DLOQrtEovw
aZ8BNexQkNF1OPVLLLdkkAI2oio/t4P+oJ3QrYmt3fUvHcVd6aqMy5lSZpbpWPoj
x+rugPcLdqpL9DibpBussZEx9aVLDfes8xnnEq5A7wsr9bE58MDb3AvNuZYlAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3o9pXKII9AtM3YhQGFnWoUvhjkswHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzNjJlMzMzODJlMzgyZTMw
MmYzMjMxMmQzMjMxMjAzZDNlMjAzMTM1MzQzMTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDViYIMA0G
CSqGSIb3DQEBCwUAA4IBAQBZk+r1NCeFbIHwTiCiPXqMw4wXp9FuwC3JcEOd74zO
WIkTvSHYhxLfqocLgmDDx6y2oC+MrCrLD7xtztNMQfCW5HfFfL/WX8S1JV5Prg5R
GQADbp9P6FdDcVVaMpVp5u7C9nNYchl18Gp2+pj9N8ABPA3wf20uspQ9Kdcvnmyj
ia3XLkWw/B0XnrhWR8FGpgWuJNFeBfgnC6iaFSbdFc3CQV2cb7tlFIT5LykhUWqz
RmfA+u2bv1rHnY/T1asfh6RYWklyV+rXyMQoc67IAWwijvl63ZYcoPEKm6n0HKd4
J2+De5in9DqxnlIUF+BIfycfDUDIDWCJbzAZexf7hVBm
-----END CERTIFICATE-----