Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3231322e302f32332d3234203d3e20383334.roa
File:                     38322e3133392e3231322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          HcnKymHtsjnHKoRs1v/VtPd5CyRWF7sPK4saHWPFKcY=
Subject key identifier:   3F:AA:6C:06:1E:21:07:59:63:8A:97:A5:6F:53:37:10:21:A5:B2:FA
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       09546D4CCD277115EB7AE03891228EBC1C8FA322
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3231322e302f32332d3234203d3e20383334.roa
Signing time:             Wed 17 Sep 2025 11:51:32 +0000
ROA not before:           Wed 17 Sep 2025 11:46:32 +0000
ROA not after:            Wed 16 Sep 2026 11:51:32 +0000
asID:                     834
IP address blocks:        82.139.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 08:32:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:54:6d:4c:cd:27:71:15:eb:7a:e0:38:91:22:8e:bc:1c:8f:a3:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 17 11:46:32 2025 GMT
            Not After : Sep 16 11:51:32 2026 GMT
        Subject: CN=3FAA6C061E210759638A97A56F53371021A5B2FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c4:4c:5f:1d:bf:2d:ef:a2:ac:9e:46:74:99:
                    6e:1b:fd:29:44:28:0c:8c:a0:1c:56:29:d9:6b:cf:
                    06:b9:f0:07:31:4f:6e:e1:8d:f3:8c:ba:75:5a:ff:
                    30:c4:20:98:10:65:07:04:13:92:9d:42:39:97:80:
                    f3:86:dd:04:c3:8a:2e:16:d2:cc:79:00:6b:61:4b:
                    6f:34:17:0b:48:78:5f:ff:fe:92:98:99:50:52:00:
                    6c:22:10:79:d9:99:87:48:3f:26:93:e4:2d:a5:50:
                    56:5f:dc:4d:fc:60:16:7a:7f:1e:f5:8c:c9:bb:7e:
                    6f:80:cf:19:6e:4b:8f:52:50:93:f5:52:a2:0e:9c:
                    e7:03:3c:75:e3:ff:9c:f5:82:6b:d1:39:1a:13:d9:
                    40:6b:83:26:84:dc:c6:91:a8:d2:48:13:00:38:d6:
                    21:ac:c8:d3:85:67:50:ff:14:76:9e:35:d9:cd:2c:
                    5d:80:23:ac:41:73:d4:f4:c7:e5:09:97:92:b3:82:
                    8a:1b:13:bb:49:df:e1:6a:ec:52:ab:c8:8f:73:82:
                    57:63:66:e1:97:fb:84:4f:c5:17:dd:37:0e:10:43:
                    c0:a5:45:42:63:17:9c:c5:90:54:53:32:f7:f2:13:
                    85:8e:c3:96:08:b6:49:10:65:36:4a:bb:fa:6e:29:
                    d0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:AA:6C:06:1E:21:07:59:63:8A:97:A5:6F:53:37:10:21:A5:B2:FA
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3231322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:ff:04:db:8e:04:6a:aa:01:c9:80:ac:6f:db:80:f2:63:08:
         ed:3a:52:96:43:76:5b:d1:5f:7a:e4:72:fe:c1:16:2e:4a:50:
         5e:68:26:20:69:24:94:06:57:a9:27:6c:77:15:2a:9d:d7:96:
         52:23:47:ef:8b:42:a2:f0:08:54:28:85:29:4d:a6:8a:bf:1c:
         fe:33:31:b8:3e:a3:f7:f7:cb:e2:f5:9f:42:b5:d1:18:82:e6:
         1d:b4:a5:85:60:d9:31:f4:9d:fa:c5:27:53:df:ba:fd:c4:6f:
         de:2d:23:ed:c4:d5:9a:11:c5:8b:20:95:46:0c:3d:90:74:3e:
         b2:12:f3:0a:27:6f:1e:38:a1:be:51:56:44:45:11:9b:94:cc:
         6e:7c:b4:fa:da:dd:db:46:3f:47:16:82:b4:84:f2:12:6f:9b:
         3f:32:e4:39:da:a7:c1:de:39:fe:83:4b:ff:40:89:eb:2f:aa:
         13:5f:83:e6:20:ad:8e:38:3a:bb:ab:f9:d8:0b:b2:50:4f:9f:
         53:41:b4:81:75:1e:8d:04:09:a8:76:15:bb:41:21:ea:a7:e3:
         de:02:4a:bf:e8:97:2e:0a:3a:66:30:54:a1:02:38:53:9e:b1:
         db:df:c2:49:6c:c4:7f:22:9c:16:8f:0d:a0:1c:49:49:19:5c:
         00:9d:a4:d8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCVRtTM0ncRXreuA4kSKOvByPoyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MTcxMTQ2MzJaFw0yNjA5MTYxMTUxMzJaMDMxMTAvBgNV
BAMTKDNGQUE2QzA2MUUyMTA3NTk2MzhBOTdBNTZGNTMzNzEwMjFBNUIyRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnxExfHb8t76KsnkZ0mW4b/SlE
KAyMoBxWKdlrzwa58AcxT27hjfOMunVa/zDEIJgQZQcEE5KdQjmXgPOG3QTDii4W
0sx5AGthS280FwtIeF///pKYmVBSAGwiEHnZmYdIPyaT5C2lUFZf3E38YBZ6fx71
jMm7fm+AzxluS49SUJP1UqIOnOcDPHXj/5z1gmvRORoT2UBrgyaE3MaRqNJIEwA4
1iGsyNOFZ1D/FHaeNdnNLF2AI6xBc9T0x+UJl5KzgoobE7tJ3+Fq7FKryI9zgldj
ZuGX+4RPxRfdNw4QQ8ClRUJjF5zFkFRTMvfyE4WOw5YItkkQZTZKu/puKdD9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUP6psBh4hB1ljipelb1M3ECGlsvowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjMx
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFSi9Qw
DQYJKoZIhvcNAQELBQADggEBAHb/BNuOBGqqAcmArG/bgPJjCO06UpZDdlvRX3rk
cv7BFi5KUF5oJiBpJJQGV6knbHcVKp3XllIjR++LQqLwCFQohSlNpoq/HP4zMbg+
o/f3y+L1n0K10RiC5h20pYVg2TH0nfrFJ1Pfuv3Eb94tI+3E1ZoRxYsglUYMPZB0
PrIS8wonbx44ob5RVkRFEZuUzG58tPra3dtGP0cWgrSE8hJvmz8y5Dnap8HeOf6D
S/9AiesvqhNfg+YgrY44Orur+dgLslBPn1NBtIF1Ho0ECah2FbtBIeqn494CSr/o
ly4KOmYwVKECOFOesdvfwklsxH8inBaPDaAcSUkZXACdpNg=
-----END CERTIFICATE-----