Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/326130313a3137303a3a2f33322d3634203d3e2038383230.roa
File:                     326130313a3137303a3a2f33322d3634203d3e2038383230.roa (raw, json)
Hash identifier:          8WlHWUmcB8vZpsVbI/HirqpiACf7fkSal1PuARZi3gg=
Subject key identifier:   38:FD:51:3E:51:4F:83:EE:B1:CF:39:17:78:97:8A:BF:8A:C1:08:2A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       79D7FD3657870E56E5394764541B81259140D7F3
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/326130313a3137303a3a2f33322d3634203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     8820
IP address blocks:        2a01:170::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:d7:fd:36:57:87:0e:56:e5:39:47:64:54:1b:81:25:91:40:d7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=38FD513E514F83EEB1CF391778978ABF8AC1082A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:df:52:5d:f8:d0:bc:a2:c6:ef:50:ef:3b:da:
                    32:45:9f:62:2c:b5:4b:5c:14:8a:6b:b5:bd:9c:68:
                    79:3e:3d:be:ff:d5:8b:00:64:7d:59:23:7f:aa:0d:
                    e5:de:cd:cf:90:60:a0:47:42:d2:bd:ba:58:2c:fa:
                    91:f4:7d:15:58:16:ae:de:5d:46:86:08:63:e4:14:
                    7b:8e:17:ce:2f:90:81:45:94:a1:1f:ad:3f:ea:58:
                    67:d9:05:2f:c2:dd:2a:69:58:b0:02:e9:a4:55:c8:
                    14:9c:5a:82:46:d5:77:61:28:3c:5f:3b:ed:03:62:
                    6b:ea:9b:fa:e3:26:d4:11:73:cd:da:0a:64:03:6f:
                    cd:76:1f:95:7f:be:54:b9:df:ef:7f:ec:49:86:c1:
                    52:68:b3:ae:c4:95:85:be:40:b8:8e:a8:aa:e4:55:
                    96:bf:13:10:fa:b4:98:c7:a5:f6:6e:b3:51:67:e8:
                    82:4f:bd:a0:82:38:da:9f:ad:43:ef:e0:21:c6:23:
                    6c:52:19:72:63:eb:b6:8b:e2:90:15:4f:7c:54:15:
                    35:60:01:6b:cb:d6:e9:0d:c7:84:56:6c:c0:dd:6f:
                    ab:3a:a1:49:9c:da:45:d4:53:4d:36:3a:1b:92:6c:
                    3f:70:d5:a7:e0:55:07:5c:42:3d:3c:c6:39:c1:80:
                    c3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:FD:51:3E:51:4F:83:EE:B1:CF:39:17:78:97:8A:BF:8A:C1:08:2A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/326130313a3137303a3a2f33322d3634203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:170::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:75:72:28:1d:f1:42:06:c0:c2:37:aa:2b:d0:1c:85:d3:41:
         5d:17:d5:9a:d0:aa:c1:3f:56:21:89:25:36:34:81:23:32:b3:
         85:94:fa:16:1b:41:64:d1:0d:0b:41:92:d8:09:f2:df:a1:31:
         e9:5e:aa:d6:66:78:d5:0e:cc:45:5e:0a:53:9a:a2:30:a9:f1:
         0e:55:15:34:d8:cf:ac:a8:7c:79:ae:63:45:7e:77:98:6e:2a:
         ec:03:3d:c8:a7:60:41:31:ec:c8:52:d5:d0:8c:39:d6:d1:21:
         38:d3:3c:07:6b:41:4f:68:1c:9f:38:ca:72:ed:ad:44:c1:1a:
         6b:7e:39:8b:cd:7b:10:e7:78:84:01:8c:a7:7e:ba:92:df:da:
         00:09:e6:ea:08:6e:46:11:c9:da:61:4e:90:e2:b3:10:93:06:
         13:0e:20:50:d6:5b:ee:7e:dc:df:f3:a5:03:1e:ad:c6:f2:7a:
         1a:51:c2:9f:cc:4f:bd:34:ec:59:76:8a:d2:8d:43:1a:3b:f4:
         f2:01:1a:a6:ee:a9:1c:ad:2d:a2:a9:9e:a3:96:30:08:a7:f2:
         e6:0e:15:1d:90:fa:8a:26:e6:e5:42:27:f9:f6:63:f2:6d:81:
         93:06:e2:4a:d8:fd:32:96:bf:0d:ec:2a:cf:8b:0e:10:ea:80:
         1e:7e:29:95
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIUedf9NleHDlblOUdkVBuBJZFA1/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKDM4RkQ1MTNFNTE0RjgzRUVCMUNGMzkxNzc4OTc4QUJGOEFDMTA4MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX31Jd+NC8osbvUO872jJFn2Is
tUtcFIprtb2caHk+Pb7/1YsAZH1ZI3+qDeXezc+QYKBHQtK9ulgs+pH0fRVYFq7e
XUaGCGPkFHuOF84vkIFFlKEfrT/qWGfZBS/C3SppWLAC6aRVyBScWoJG1XdhKDxf
O+0DYmvqm/rjJtQRc83aCmQDb812H5V/vlS53+9/7EmGwVJos67ElYW+QLiOqKrk
VZa/ExD6tJjHpfZus1Fn6IJPvaCCONqfrUPv4CHGI2xSGXJj67aL4pAVT3xUFTVg
AWvL1ukNx4RWbMDdb6s6oUmc2kXUU002OhuSbD9w1afgVQdcQj08xjnBgMNbAgMB
AAGjggI4MIICNDAdBgNVHQ4EFgQUOP1RPlFPg+6xzzkXeJeKv4rBCCowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzI2MTMwMzEzYTMxMzczMDNh
M2EyZjMzMzIyZDM2MzQyMDNkM2UyMDM4MzgzMjMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgEBcDAN
BgkqhkiG9w0BAQsFAAOCAQEAXXVyKB3xQgbAwjeqK9AchdNBXRfVmtCqwT9WIYkl
NjSBIzKzhZT6FhtBZNENC0GS2Any36Ex6V6q1mZ41Q7MRV4KU5qiMKnxDlUVNNjP
rKh8ea5jRX53mG4q7AM9yKdgQTHsyFLV0Iw51tEhONM8B2tBT2gcnzjKcu2tRMEa
a345i817EOd4hAGMp366kt/aAAnm6ghuRhHJ2mFOkOKzEJMGEw4gUNZb7n7c3/Ol
Ax6txvJ6GlHCn8xPvTTsWXaK0o1DGjv08gEapu6pHK0toqmeo5YwCKfy5g4VHZD6
iibm5UIn+fZj8m2BkwbiStj9Mpa/Dewqz4sOEOqAHn4plQ==
-----END CERTIFICATE-----