Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3230302e302f32322d3234203d3e2038383230.roa
File:                     38322e3133392e3230302e302f32322d3234203d3e2038383230.roa (raw, json)
Hash identifier:          mFtxX5ywEXf7uE2QUqmR9nDbiIccaCY4xAaXdSR0UnU=
Subject key identifier:   BC:98:6F:37:DB:65:29:8A:18:D8:DD:4D:E9:C4:7A:8B:60:ED:67:32
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       50D094527B3FF95AEC62EB23E3787ED9A4E70C42
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3230302e302f32322d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:05 +0000
ROA not before:           Thu 04 Sep 2025 10:35:05 +0000
ROA not after:            Thu 03 Sep 2026 10:40:05 +0000
asID:                     8820
IP address blocks:        82.139.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:d0:94:52:7b:3f:f9:5a:ec:62:eb:23:e3:78:7e:d9:a4:e7:0c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:05 2025 GMT
            Not After : Sep  3 10:40:05 2026 GMT
        Subject: CN=BC986F37DB65298A18D8DD4DE9C47A8B60ED6732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:74:eb:5d:ac:29:f1:a9:bc:3f:25:b1:cc:a7:
                    32:1b:21:a5:d8:cd:a0:8e:b0:d6:7a:a8:29:e5:bb:
                    a2:b9:8d:0e:ce:ac:40:6b:66:1c:cd:5f:d8:45:e8:
                    c2:e6:0e:a9:8a:56:80:cb:d3:3d:ed:58:ee:17:44:
                    a0:bc:71:82:ae:40:41:99:79:fc:a5:44:31:4f:96:
                    33:75:99:93:be:4e:2e:f8:c2:5c:65:8b:e4:06:79:
                    16:ce:00:1c:84:a0:e0:f0:65:f7:ab:a9:e7:62:33:
                    c8:b5:73:c4:ed:24:43:68:88:71:21:81:59:e3:23:
                    49:99:e3:23:12:2a:15:2b:86:30:b3:81:b8:1a:84:
                    ab:52:4e:36:4b:aa:8a:2d:0d:23:d6:a8:a7:90:77:
                    59:53:93:2f:99:b8:42:3b:2a:5f:11:ca:00:4e:f6:
                    88:ce:c4:f1:93:c0:b9:5c:cb:83:53:5b:7c:f7:5f:
                    31:59:19:b2:cd:58:dc:cc:56:e5:b3:90:6d:58:f1:
                    a8:85:52:a7:6b:2c:3c:ab:0c:dc:7b:53:36:54:50:
                    9a:a5:f4:ba:c6:65:6a:40:34:fe:51:4f:b6:54:d8:
                    e8:70:96:91:bc:11:18:d8:f6:76:f6:ef:06:6d:e9:
                    ef:a8:d5:9d:e4:d7:e6:e6:dc:17:a6:45:59:11:b2:
                    a3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:98:6F:37:DB:65:29:8A:18:D8:DD:4D:E9:C4:7A:8B:60:ED:67:32
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3230302e302f32322d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:19:ec:04:33:a9:cc:37:5c:73:2d:c0:9f:3d:5b:65:f0:c1:
         cf:3c:ad:1b:14:9f:d8:5f:26:a2:44:03:b1:05:71:ae:fb:7a:
         2b:60:3c:75:73:91:9e:ae:7d:e3:ba:63:45:75:4a:bd:84:ea:
         33:d4:7a:c2:3d:9e:0e:42:88:d7:58:4d:34:cd:b2:f6:78:de:
         d8:6f:2c:c1:eb:f7:bf:9a:e5:04:02:b7:d8:73:ef:f1:51:ad:
         32:e6:85:88:99:60:71:d0:18:0e:1a:42:67:44:f5:3c:d3:b1:
         ab:2c:06:73:c3:05:8e:7e:50:94:7f:78:bc:b9:9b:50:eb:cb:
         71:f1:9e:c5:d4:61:de:20:47:ef:50:c5:6c:42:1e:48:db:5e:
         1b:ff:04:8c:fb:d6:d9:eb:be:18:aa:88:31:a3:78:1f:b0:2e:
         cb:7a:ef:2c:f9:ec:05:7b:20:85:b3:2a:f5:02:55:48:b0:4c:
         57:c5:bd:f6:20:9d:df:92:1b:c1:8c:48:46:1f:bd:8d:58:63:
         1f:14:c5:a6:6c:ce:b4:30:97:04:89:4a:99:40:30:f8:91:32:
         ab:88:3a:a9:86:8b:86:40:2d:62:bd:b9:26:9c:b6:d2:a6:ce:
         b4:a6:b2:da:5b:af:d9:6f:29:59:66:24:f0:aa:b9:35:d6:9b:
         17:ee:9b:2a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUNCUUns/+VrsYusj43h+2aTnDEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDVaFw0yNjA5MDMxMDQwMDVaMDMxMTAvBgNV
BAMTKEJDOTg2RjM3REI2NTI5OEExOEQ4REQ0REU5QzQ3QThCNjBFRDY3MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDndOtdrCnxqbw/JbHMpzIbIaXY
zaCOsNZ6qCnlu6K5jQ7OrEBrZhzNX9hF6MLmDqmKVoDL0z3tWO4XRKC8cYKuQEGZ
efylRDFPljN1mZO+Ti74wlxli+QGeRbOAByEoODwZferqediM8i1c8TtJENoiHEh
gVnjI0mZ4yMSKhUrhjCzgbgahKtSTjZLqootDSPWqKeQd1lTky+ZuEI7Kl8RygBO
9ojOxPGTwLlcy4NTW3z3XzFZGbLNWNzMVuWzkG1Y8aiFUqdrLDyrDNx7UzZUUJql
9LrGZWpANP5RT7ZU2OhwlpG8ERjY9nb27wZt6e+o1Z3k1+bm3BemRVkRsqMtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvJhvN9tlKYoY2N1N6cR6i2DtZzIwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjMw
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODM4MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlKL
yDANBgkqhkiG9w0BAQsFAAOCAQEApxnsBDOpzDdccy3Anz1bZfDBzzytGxSf2F8m
okQDsQVxrvt6K2A8dXORnq5947pjRXVKvYTqM9R6wj2eDkKI11hNNM2y9nje2G8s
wev3v5rlBAK32HPv8VGtMuaFiJlgcdAYDhpCZ0T1PNOxqywGc8MFjn5QlH94vLmb
UOvLcfGexdRh3iBH71DFbEIeSNteG/8EjPvW2eu+GKqIMaN4H7Auy3rvLPnsBXsg
hbMq9QJVSLBMV8W99iCd35IbwYxIRh+9jVhjHxTFpmzOtDCXBIlKmUAw+JEyq4g6
qYaLhkAtYr25Jpy20qbOtKay2luv2W8pWWYk8Kq5NdabF+6bKg==
-----END CERTIFICATE-----