Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
File:                     38352e3230382e35302e302f32342d3234203d3e203630373231.roa (raw, json)
Hash identifier:          f8NBHPMWHESIqUzcTBB5uBG58SaqRkd/v0oVeLQTA+A=
Subject key identifier:   4F:51:09:1D:EA:3D:2C:EE:00:C1:D8:6C:5C:5D:D7:10:DD:4E:83:81
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       218E32187B3CA44A6F508354684F74AAC8471D8E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa
Signing time:             Fri 22 Aug 2025 14:47:17 +0000
ROA not before:           Fri 22 Aug 2025 14:42:17 +0000
ROA not after:            Fri 21 Aug 2026 14:47:17 +0000
asID:                     60721
IP address blocks:        85.208.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 17:37:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:8e:32:18:7b:3c:a4:4a:6f:50:83:54:68:4f:74:aa:c8:47:1d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:17 2025 GMT
            Not After : Aug 21 14:47:17 2026 GMT
        Subject: CN=4F51091DEA3D2CEE00C1D86C5C5DD710DD4E8381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7f:97:87:0d:9e:6d:5c:57:3b:14:df:44:23:
                    80:0c:f3:7c:d0:dc:c5:42:21:23:6d:f0:c7:19:27:
                    9f:7c:d7:4a:a8:48:14:c0:bd:a0:32:22:54:c1:42:
                    60:eb:42:49:fe:43:16:a5:fc:31:1b:47:4f:82:6a:
                    54:c6:f8:cf:97:9c:e9:10:ed:50:18:6a:23:c2:6d:
                    42:d3:1d:ca:92:63:d2:da:05:89:42:37:19:ad:13:
                    c4:08:3b:b6:38:b1:42:99:cf:46:4c:63:c5:3e:7d:
                    eb:8d:eb:94:b6:36:c3:e0:e1:11:e7:e5:bb:82:95:
                    7e:0c:50:c2:2b:af:20:d4:09:27:99:37:01:70:d2:
                    3f:db:50:d2:63:a9:a2:b2:55:15:b6:86:93:6f:61:
                    17:2e:22:17:7c:95:db:7e:d1:42:1e:49:fa:75:f6:
                    19:88:dc:94:69:09:e6:66:2d:73:e3:7d:2c:86:d9:
                    59:42:83:03:49:41:40:c6:eb:01:65:39:ce:2a:5b:
                    0b:f7:fd:2b:d8:b1:11:16:00:78:bb:95:44:dd:d3:
                    c4:7e:98:6d:8f:23:1e:68:fc:41:36:35:06:21:93:
                    16:bb:8d:c0:7e:fc:e0:87:25:1f:e9:92:2b:27:fb:
                    09:6d:6c:12:e7:c7:06:dc:35:5b:a2:69:2d:f1:47:
                    32:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:51:09:1D:EA:3D:2C:EE:00:C1:D8:6C:5C:5D:D7:10:DD:4E:83:81
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e203630373231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:c1:12:70:b0:cf:ca:d6:0d:22:03:fa:cc:58:82:dc:02:8b:
         b6:4a:3c:d5:13:55:7a:55:62:c9:ff:02:fe:8c:f9:68:2c:08:
         bf:d6:87:6e:7f:26:3b:fa:fd:69:15:b3:88:9d:91:35:a0:14:
         83:d5:3b:b8:72:e7:aa:ce:fe:b2:ea:eb:a3:07:b9:21:31:27:
         67:e6:bd:e7:9f:a9:f3:08:f5:a5:4d:a9:5b:da:ff:4d:4d:68:
         9b:2f:ed:19:62:d5:9d:ea:d7:d3:d2:c3:b8:bc:3c:9c:45:fc:
         3b:f1:10:f3:80:4c:10:c2:0e:c7:65:ef:40:1d:8a:97:dd:07:
         5f:f9:83:91:36:57:e2:52:4a:ed:58:19:a3:7b:3a:d3:f0:1d:
         c1:ff:3b:0d:e0:51:c8:10:aa:a7:db:6c:83:3a:92:b2:e8:9c:
         bc:3f:cf:61:51:ab:cd:41:e6:e8:56:01:f4:54:3e:02:0a:89:
         41:b6:62:09:f2:f9:69:b6:41:b1:d3:05:ea:31:1c:d7:bc:cd:
         9b:02:7a:10:a0:8c:0b:eb:f3:fc:9e:90:22:99:f1:b8:61:ce:
         5c:19:77:de:4d:62:95:39:cd:06:e9:13:cb:b9:32:0f:0e:eb:
         1a:a4:36:4d:78:67:62:c4:c1:e9:33:81:31:d5:1f:0f:f6:97:
         4d:d1:a6:b4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIY4yGHs8pEpvUINUaE90qshHHY4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMTdaFw0yNjA4MjExNDQ3MTdaMDMxMTAvBgNV
BAMTKDRGNTEwOTFERUEzRDJDRUUwMEMxRDg2QzVDNURENzEwREQ0RTgzODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGf5eHDZ5tXFc7FN9EI4AM83zQ
3MVCISNt8McZJ59810qoSBTAvaAyIlTBQmDrQkn+Qxal/DEbR0+CalTG+M+XnOkQ
7VAYaiPCbULTHcqSY9LaBYlCNxmtE8QIO7Y4sUKZz0ZMY8U+feuN65S2NsPg4RHn
5buClX4MUMIrryDUCSeZNwFw0j/bUNJjqaKyVRW2hpNvYRcuIhd8ldt+0UIeSfp1
9hmI3JRpCeZmLXPjfSyG2VlCgwNJQUDG6wFlOc4qWwv3/SvYsREWAHi7lUTd08R+
mG2PIx5o/EE2NQYhkxa7jcB+/OCHJR/pkisn+wltbBLnxwbcNVuiaS3xRzJZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUT1EJHeo9LO4AwdhsXF3XEN1Og4EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXQ
MjANBgkqhkiG9w0BAQsFAAOCAQEAdcEScLDPytYNIgP6zFiC3AKLtko81RNVelVi
yf8C/oz5aCwIv9aHbn8mO/r9aRWziJ2RNaAUg9U7uHLnqs7+surrowe5ITEnZ+a9
55+p8wj1pU2pW9r/TU1omy/tGWLVnerX09LDuLw8nEX8O/EQ84BMEMIOx2XvQB2K
l90HX/mDkTZX4lJK7VgZo3s60/Adwf87DeBRyBCqp9tsgzqSsuicvD/PYVGrzUHm
6FYB9FQ+AgqJQbZiCfL5abZBsdMF6jEc17zNmwJ6EKCMC+vz/J6QIpnxuGHOXBl3
3k1ilTnNBukTy7kyDw7rGqQ2TXhnYsTB6TOBMdUfD/aXTdGmtA==
-----END CERTIFICATE-----