Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3139362e302f32322d3234203d3e2038383230.roa
File:                     38322e3133392e3139362e302f32322d3234203d3e2038383230.roa (raw, json)
Hash identifier:          2c3kzOKJVBG2miB079t9CAPwCBhDucUCL5pwfTLW9RI=
Subject key identifier:   7E:08:E0:1E:1E:2E:87:DF:96:CE:62:75:55:EE:28:AD:3A:12:1B:23
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       3AF866E88F74D0F04C9D4B1D59B34A5954BF9E38
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3139362e302f32322d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     8820
IP address blocks:        82.139.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f8:66:e8:8f:74:d0:f0:4c:9d:4b:1d:59:b3:4a:59:54:bf:9e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=7E08E01E1E2E87DF96CE627555EE28AD3A121B23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7e:c1:e2:0f:ed:57:45:88:80:39:02:95:52:
                    92:c6:14:57:a1:19:e7:63:01:eb:45:4b:0b:3f:02:
                    ad:68:dd:b7:2f:d3:e3:cc:87:0d:6b:89:df:b9:83:
                    bf:3d:bc:60:60:c0:2c:99:55:c5:44:13:79:7e:e1:
                    1f:32:d5:27:5e:11:30:c6:53:ec:82:b9:40:c8:64:
                    ae:21:ac:6f:22:4a:60:71:de:3d:01:cc:9c:42:f0:
                    23:c7:06:e3:c5:26:66:a7:42:86:50:92:61:ba:8d:
                    13:3c:df:65:13:df:3d:8b:58:e5:ac:f2:8f:51:ff:
                    ff:b9:a9:ad:f9:94:e5:3e:41:db:24:e1:eb:a8:dd:
                    b5:92:c6:0c:ee:f8:b4:0c:a9:c7:5f:d9:4b:f5:aa:
                    c0:6e:d6:5d:74:76:d9:95:88:3d:2d:34:a1:c7:e1:
                    08:d1:1a:89:b9:e6:97:fe:45:41:00:a6:04:f7:85:
                    96:25:12:f1:23:51:19:f1:47:b9:0b:20:ea:b6:15:
                    13:52:0a:52:e0:6b:61:bb:83:56:a6:8f:10:b2:2d:
                    85:2e:3b:24:1c:87:a1:f7:18:00:52:34:9e:56:9c:
                    b2:e3:91:06:b5:fe:69:9b:ae:49:7f:d4:76:83:01:
                    6e:54:6f:fa:64:b1:28:cd:c0:a3:a0:f8:41:c3:29:
                    2b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:08:E0:1E:1E:2E:87:DF:96:CE:62:75:55:EE:28:AD:3A:12:1B:23
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3139362e302f32322d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:cd:63:e0:23:3a:33:d3:e1:6d:dc:1a:55:a1:0a:7c:77:9f:
         e0:e5:e9:1e:48:f5:07:69:ed:aa:f2:d4:43:6b:8d:24:1a:2b:
         8a:97:c0:69:72:c0:ce:e5:bf:b1:2d:d1:df:c6:c9:6a:2a:ab:
         92:fd:af:32:92:08:ab:57:ef:5c:79:0b:6e:4a:0b:ab:34:6d:
         d9:38:ab:b6:22:af:d4:ac:13:68:b2:5f:ef:e8:86:8e:0b:aa:
         ec:d7:18:10:86:e9:00:4a:bd:1a:af:30:5d:8e:7b:53:33:3f:
         f2:22:27:59:a3:1d:f9:4d:27:d2:77:5c:ce:90:79:7c:ff:6e:
         cf:89:86:2b:80:f2:ea:a0:2d:ba:de:82:f2:8d:c7:d2:0c:54:
         92:3e:eb:c6:e2:a4:8d:d2:2f:1b:ef:23:57:c9:8d:62:60:8e:
         10:62:3b:86:b7:66:71:b8:a5:2b:cf:5e:b1:63:de:16:70:75:
         c0:4c:94:67:53:f5:cf:e5:c6:af:63:ed:57:54:9a:3e:1d:44:
         8b:de:97:5c:39:3c:82:37:26:2a:12:50:c5:d5:c3:b3:93:f9:
         f4:a9:fa:fd:33:b2:5d:89:8c:46:07:ba:31:36:37:2d:21:ee:
         06:c7:cc:63:13:f8:0f:b3:2d:9c:80:40:86:51:55:96:76:ea:
         a3:fb:25:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOvhm6I900PBMnUsdWbNKWVS/njgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKDdFMDhFMDFFMUUyRTg3REY5NkNFNjI3NTU1RUUyOEFEM0ExMjFCMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxfsHiD+1XRYiAOQKVUpLGFFeh
GedjAetFSws/Aq1o3bcv0+PMhw1rid+5g789vGBgwCyZVcVEE3l+4R8y1SdeETDG
U+yCuUDIZK4hrG8iSmBx3j0BzJxC8CPHBuPFJmanQoZQkmG6jRM832UT3z2LWOWs
8o9R//+5qa35lOU+Qdsk4euo3bWSxgzu+LQMqcdf2Uv1qsBu1l10dtmViD0tNKHH
4QjRGom55pf+RUEApgT3hZYlEvEjURnxR7kLIOq2FRNSClLga2G7g1amjxCyLYUu
OyQch6H3GABSNJ5WnLLjkQa1/mmbrkl/1HaDAW5Ub/pksSjNwKOg+EHDKSvxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfgjgHh4uh9+WzmJ1Ve4orToSGyMwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMTM5
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODM4MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlKL
xDANBgkqhkiG9w0BAQsFAAOCAQEACs1j4CM6M9PhbdwaVaEKfHef4OXpHkj1B2nt
qvLUQ2uNJBoripfAaXLAzuW/sS3R38bJaiqrkv2vMpIIq1fvXHkLbkoLqzRt2Tir
tiKv1KwTaLJf7+iGjguq7NcYEIbpAEq9Gq8wXY57UzM/8iInWaMd+U0n0ndczpB5
fP9uz4mGK4Dy6qAtut6C8o3H0gxUkj7rxuKkjdIvG+8jV8mNYmCOEGI7hrdmcbil
K89esWPeFnB1wEyUZ1P1z+XGr2PtV1SaPh1Ei96XXDk8gjcmKhJQxdXDs5P59Kn6
/TOyXYmMRge6MTY3LSHuBsfMYxP4D7MtnIBAhlFVlnbqo/slVw==
-----END CERTIFICATE-----