Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3232352e302f32342d3234203d3e2039303039.roa
File:                     38322e3133392e3232352e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          UCgzXV7xNuKD/no3KR/Vcyv+bqkO4NTPpE8y2zx0VW0=
Subject key identifier:   29:8C:5F:3A:F1:9D:C8:99:8E:3B:39:C1:17:59:19:8D:06:A2:94:74
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       58D63242C482CE9967221ECD7EF23C7A9FFE9FC5
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3232352e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     9009
IP address blocks:        82.139.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:d6:32:42:c4:82:ce:99:67:22:1e:cd:7e:f2:3c:7a:9f:fe:9f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=298C5F3AF19DC8998E3B39C11759198D06A29474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:f6:33:73:fe:f8:b1:aa:7b:90:b5:f6:67:
                    90:09:55:f9:4c:d1:91:01:4b:3a:b8:72:49:67:a2:
                    47:82:6f:df:2d:14:95:33:3b:f4:53:f2:66:f0:1b:
                    c9:a6:9e:47:df:54:73:a6:46:81:5b:c3:cf:5d:d1:
                    ba:15:1c:52:09:b3:1b:b8:e3:8a:ba:a5:b8:1f:65:
                    ba:9e:3e:e1:52:ec:1a:f2:59:0d:77:c9:11:7b:eb:
                    6c:57:40:6b:1d:5b:5a:fd:c7:ae:fc:87:db:ca:93:
                    6b:cd:5c:eb:bc:95:35:03:12:62:eb:29:c4:d4:78:
                    36:01:b0:2a:75:75:00:e2:a0:54:28:55:0c:07:bb:
                    23:a5:63:62:2f:eb:66:3b:d4:f0:d5:47:6c:61:63:
                    bf:b1:95:71:5c:82:a0:0f:d7:da:89:dc:d6:43:30:
                    e1:8e:5f:99:1a:fd:40:73:20:be:ed:5a:e6:1b:c4:
                    d2:f7:6a:a5:bd:f7:e6:ea:ed:d0:06:ab:45:00:1b:
                    a7:33:0b:b0:90:3b:99:c0:12:61:22:1c:4c:b4:ad:
                    cd:99:26:ab:38:26:00:98:96:60:0b:49:be:5f:81:
                    f1:08:3d:80:49:8e:26:ef:53:39:a7:06:21:6e:46:
                    50:8a:3f:a4:10:61:6e:cc:20:12:4c:0c:03:be:5d:
                    66:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8C:5F:3A:F1:9D:C8:99:8E:3B:39:C1:17:59:19:8D:06:A2:94:74
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3232352e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:8e:1d:31:d0:00:4e:ad:f4:c6:ac:81:fa:b1:28:7c:1e:e6:
         41:83:8a:ef:8e:8a:28:ca:5d:4a:39:de:00:a7:5a:e8:c9:4c:
         8c:93:a1:a6:05:06:be:67:70:a3:30:36:06:5c:41:fa:ad:26:
         e1:13:29:06:e9:99:ab:8e:24:e8:9b:1e:2c:8b:3d:8e:42:25:
         d8:96:fe:9c:75:36:18:9e:cf:8b:22:79:65:63:e1:fd:a8:90:
         af:4e:fa:f1:99:c4:d7:90:d5:7f:ed:ea:16:c7:e2:c9:a1:10:
         33:ec:39:9f:b8:94:a2:84:a4:04:a4:85:37:62:b0:09:a0:02:
         d1:c2:3b:3d:21:a8:f4:e6:dd:79:f6:2c:d0:ec:72:6d:f0:44:
         9d:e2:02:80:72:73:da:29:e7:dc:81:ac:5e:40:70:c4:b6:3b:
         45:78:de:1c:b0:b8:04:48:f1:ff:88:85:db:bf:f8:37:3c:4c:
         1b:c5:9e:48:51:75:81:b6:61:7d:8d:40:5b:58:25:ea:19:cf:
         b3:d7:40:f4:4c:ee:19:59:e7:d0:68:56:86:95:b7:ab:bc:92:
         8d:ba:ae:6c:a7:83:01:6b:d6:13:b4:51:26:53:27:9c:b9:2d:
         ff:bc:66:fb:be:26:4d:f4:be:07:76:96:22:aa:97:a2:f8:cf:
         1d:e9:d2:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWNYyQsSCzplnIh7NfvI8ep/+n8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKDI5OEM1RjNBRjE5REM4OTk4RTNCMzlDMTE3NTkxOThEMDZBMjk0NzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvcPYzc/74sap7kLX2Z5AJVflM
0ZEBSzq4cklnokeCb98tFJUzO/RT8mbwG8mmnkffVHOmRoFbw89d0boVHFIJsxu4
44q6pbgfZbqePuFS7BryWQ13yRF762xXQGsdW1r9x678h9vKk2vNXOu8lTUDEmLr
KcTUeDYBsCp1dQDioFQoVQwHuyOlY2Iv62Y71PDVR2xhY7+xlXFcgqAP19qJ3NZD
MOGOX5ka/UBzIL7tWuYbxNL3aqW99+bq7dAGq0UAG6czC7CQO5nAEmEiHEy0rc2Z
Jqs4JgCYlmALSb5fgfEIPYBJjibvUzmnBiFuRlCKP6QQYW7MIBJMDAO+XWbzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKYxfOvGdyJmOOznBF1kZjQailHQwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKL
4TANBgkqhkiG9w0BAQsFAAOCAQEAfY4dMdAATq30xqyB+rEofB7mQYOK746KKMpd
SjneAKda6MlMjJOhpgUGvmdwozA2BlxB+q0m4RMpBumZq44k6JseLIs9jkIl2Jb+
nHU2GJ7PiyJ5ZWPh/aiQr0768ZnE15DVf+3qFsfiyaEQM+w5n7iUooSkBKSFN2Kw
CaAC0cI7PSGo9ObdefYs0OxybfBEneICgHJz2inn3IGsXkBwxLY7RXjeHLC4BEjx
/4iF27/4NzxMG8WeSFF1gbZhfY1AW1gl6hnPs9dA9EzuGVnn0GhWhpW3q7ySjbqu
bKeDAWvWE7RRJlMnnLkt/7xm+74mTfS+B3aWIqqXovjPHenSUg==
-----END CERTIFICATE-----