Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
File:                     38352e3230382e35302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3n3iarYgsjhOUEWCkt9gZcLMpp6bWKw4p0GxGJEh5Xs=
Subject key identifier:   9E:4C:40:DD:C2:33:3D:29:6C:1D:3C:A5:5C:19:2B:2A:7F:E5:EC:B7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       65255C6657006942C8263AA869DE17AB524FF165
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 22 Aug 2025 14:47:21 +0000
ROA not before:           Fri 22 Aug 2025 14:42:21 +0000
ROA not after:            Fri 21 Aug 2026 14:47:21 +0000
asID:                     834
IP address blocks:        85.208.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 17:37:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:25:5c:66:57:00:69:42:c8:26:3a:a8:69:de:17:ab:52:4f:f1:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 14:42:21 2025 GMT
            Not After : Aug 21 14:47:21 2026 GMT
        Subject: CN=9E4C40DDC2333D296C1D3CA55C192B2A7FE5ECB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4b:99:c9:54:1a:78:dc:17:51:d3:8c:a7:bd:
                    63:d1:43:fd:54:e3:c5:07:d2:c9:bb:a0:c3:03:98:
                    68:5b:d7:4f:40:68:69:a2:f5:fd:ea:50:a8:ba:0b:
                    6e:e9:0e:5c:92:d6:10:f9:0e:93:b1:ba:7d:31:02:
                    5a:2f:96:b3:b5:51:6c:aa:75:53:26:1d:7e:e3:d1:
                    3a:ee:18:e3:05:0d:fb:eb:44:55:49:d6:3b:dc:7c:
                    40:cd:63:c6:e3:51:28:ac:e1:2c:c0:c1:99:8d:9c:
                    3f:15:41:b0:53:9d:68:30:e6:3a:52:12:d2:aa:08:
                    d3:bd:30:3b:43:51:4b:89:c1:32:89:d0:97:7d:8f:
                    09:57:d7:14:89:fa:5d:af:ff:ae:d7:74:23:cf:95:
                    1b:96:2b:79:6d:8c:8f:fd:8d:33:bc:8c:91:0b:f1:
                    22:65:08:84:f1:ae:d7:ca:0f:62:45:a0:f6:95:49:
                    83:16:f1:04:d8:ee:eb:53:43:55:9a:9e:7a:3a:13:
                    59:dc:56:da:28:ce:81:09:3a:6a:42:2a:80:9a:06:
                    28:70:80:fe:85:65:22:64:01:46:3c:e2:ac:47:15:
                    5d:0e:e8:3f:58:77:f6:97:05:dd:93:e2:68:84:22:
                    be:8a:50:05:37:8f:7f:9d:ee:28:45:04:a4:c0:df:
                    91:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4C:40:DD:C2:33:3D:29:6C:1D:3C:A5:5C:19:2B:2A:7F:E5:EC:B7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3230382e35302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e1:da:fe:c3:b1:f2:2e:b9:d8:ee:6d:f0:84:16:d1:34:2f:
         4c:41:ae:96:f1:9d:41:db:4f:75:55:10:63:74:9d:52:93:45:
         7b:85:81:b7:4e:b1:3a:ea:dd:27:96:e6:e0:4a:2a:6f:3b:a5:
         14:b7:73:11:a4:19:fe:90:95:98:b8:f5:8b:20:a2:75:4b:7c:
         22:bf:48:ac:ec:3f:1f:58:62:bd:78:a1:d8:aa:d6:0c:41:9e:
         fe:74:94:3a:45:66:eb:36:0e:68:d4:30:4c:22:bb:f7:34:2b:
         aa:d3:a2:d8:c6:34:61:a3:7e:75:d8:4f:1b:86:52:dc:8c:cb:
         59:34:68:54:ae:c2:e4:7c:34:a2:02:f5:65:2f:a9:c2:24:65:
         62:e3:88:a1:54:9e:b4:44:1d:6c:5e:10:e6:35:82:cb:21:c5:
         30:18:2b:3a:0a:0f:8f:ae:58:14:25:d1:a0:b6:f2:a6:6c:7a:
         d6:c7:29:26:d2:52:ef:cf:b3:40:40:f0:10:9e:0a:ba:3d:d9:
         4e:08:ba:02:df:d2:2d:0f:eb:22:7b:1c:0d:d7:a7:eb:70:1d:
         e0:9a:aa:35:c3:9b:07:0c:af:a5:ee:bf:fd:3c:24:3e:e7:f2:
         18:c8:86:33:d0:b6:70:6b:bd:0d:77:7f:61:82:ad:a5:25:65:
         d9:83:60:c3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZSVcZlcAaULIJjqoad4Xq1JP8WUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMjFaFw0yNjA4MjExNDQ3MjFaMDMxMTAvBgNV
BAMTKDlFNEM0MEREQzIzMzNEMjk2QzFEM0NBNTVDMTkyQjJBN0ZFNUVDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXS5nJVBp43BdR04ynvWPRQ/1U
48UH0sm7oMMDmGhb109AaGmi9f3qUKi6C27pDlyS1hD5DpOxun0xAlovlrO1UWyq
dVMmHX7j0TruGOMFDfvrRFVJ1jvcfEDNY8bjUSis4SzAwZmNnD8VQbBTnWgw5jpS
EtKqCNO9MDtDUUuJwTKJ0Jd9jwlX1xSJ+l2v/67XdCPPlRuWK3ltjI/9jTO8jJEL
8SJlCITxrtfKD2JFoPaVSYMW8QTY7utTQ1Wanno6E1ncVtoozoEJOmpCKoCaBihw
gP6FZSJkAUY84qxHFV0O6D9Yd/aXBd2T4miEIr6KUAU3j3+d7ihFBKTA35FDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUnkxA3cIzPSlsHTylXBkrKn/l7LcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMDM4MmUzNTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdAyMA0G
CSqGSIb3DQEBCwUAA4IBAQAC4dr+w7HyLrnY7m3whBbRNC9MQa6W8Z1B2091VRBj
dJ1Sk0V7hYG3TrE66t0nlubgSipvO6UUt3MRpBn+kJWYuPWLIKJ1S3wiv0is7D8f
WGK9eKHYqtYMQZ7+dJQ6RWbrNg5o1DBMIrv3NCuq06LYxjRho3512E8bhlLcjMtZ
NGhUrsLkfDSiAvVlL6nCJGVi44ihVJ60RB1sXhDmNYLLIcUwGCs6Cg+PrlgUJdGg
tvKmbHrWxykm0lLvz7NAQPAQngq6PdlOCLoC39ItD+siexwN16frcB3gmqo1w5sH
DK+l7r/9PCQ+5/IYyIYz0LZwa70Nd39hgq2lJWXZg2DD
-----END CERTIFICATE-----