Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233322e302f32342d3234203d3e2039333034.roa
File:                     38322e3133392e3233322e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          IYmcETJUxq9OXjKdbVPn5BlUd+fICrzYcU8Soz1Po8c=
Subject key identifier:   DA:11:27:B3:14:17:49:20:50:6A:DD:74:0B:C3:C7:9F:BD:68:DC:58
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       7FB3D99DDF5ACE57D7905608056A5953AA3105E4
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233322e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     9304
IP address blocks:        82.139.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b3:d9:9d:df:5a:ce:57:d7:90:56:08:05:6a:59:53:aa:31:05:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=DA1127B314174920506ADD740BC3C79FBD68DC58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c9:bb:91:c7:4e:c4:88:8d:74:3d:35:69:97:
                    3b:01:84:ca:15:d7:58:e2:e2:40:71:a9:e2:95:e9:
                    60:a6:3f:a0:08:da:16:34:ed:c8:2c:b6:fe:1c:7a:
                    b4:23:5f:b8:e0:31:d1:b1:7d:7e:4b:29:78:25:ee:
                    0b:07:87:43:c8:69:c2:c4:f5:34:1b:2d:6a:20:1c:
                    69:b0:5e:96:76:fe:58:29:2b:e3:3e:ef:a1:1f:b3:
                    79:17:25:3e:d6:f9:d9:2e:b0:ee:15:31:04:d6:54:
                    3e:b2:9b:8c:41:0e:bb:2c:b3:4e:36:02:77:f1:cc:
                    6f:cf:af:39:12:cb:a2:95:89:f2:b9:05:66:48:de:
                    7a:a6:a1:fd:c7:34:61:b0:bb:76:de:dd:c0:f0:a2:
                    5a:ab:97:7f:0c:b5:52:33:00:ef:3b:fe:f1:ce:a4:
                    50:6a:0f:8c:4d:cd:0f:42:0b:41:5e:33:c8:2d:7e:
                    e1:71:0d:dd:f6:fd:bd:cb:a8:91:58:12:41:e9:a6:
                    aa:c0:5e:4f:8c:ce:31:1a:a0:ac:bc:f6:c1:41:24:
                    25:66:ba:2e:65:cf:85:10:95:7a:5c:4a:3a:68:a7:
                    a8:8b:98:d6:54:c8:27:19:5d:c7:50:6a:d5:49:1a:
                    71:d9:e7:66:e6:b9:fe:77:f5:5d:52:31:92:7f:5c:
                    61:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:11:27:B3:14:17:49:20:50:6A:DD:74:0B:C3:C7:9F:BD:68:DC:58
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233322e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ef:69:16:55:ff:8c:a8:f5:b3:95:c5:8b:f3:8b:ca:e5:f2:
         16:18:c8:68:28:70:5a:f3:0f:af:5d:b4:5c:38:0e:35:c5:7b:
         87:3b:29:3c:07:9b:93:57:d1:05:59:3a:3d:69:32:21:29:f1:
         07:55:d1:45:61:97:df:db:36:f7:d9:25:5a:2b:91:d5:7a:6a:
         c3:16:b8:a3:a4:c2:af:82:a1:d7:8d:9e:cf:f9:a5:e5:75:f7:
         ff:82:af:52:6d:05:41:c3:c6:30:27:01:ed:ea:bf:b3:93:3b:
         67:5d:43:2c:2a:92:db:8f:1a:03:6e:c0:e2:81:64:42:f4:eb:
         14:e1:0a:a5:89:cd:d2:0e:a8:29:2c:da:01:74:17:7b:df:c8:
         74:b8:b7:14:ba:2e:cd:d6:39:7e:c5:8c:dc:96:5b:a3:35:66:
         5e:35:57:c1:2b:ce:de:02:dc:36:90:e7:1f:01:0a:ca:f1:ad:
         7b:fb:fc:2c:37:18:f3:0f:fe:3e:f5:37:b6:46:7d:69:c1:3d:
         30:99:fc:08:92:f1:18:67:fd:a3:00:1b:7d:42:f5:08:91:93:
         23:f4:63:3b:95:60:cf:67:ad:3a:b1:5a:9e:6e:60:27:34:cd:
         64:60:7d:a4:61:de:2e:e1:46:72:c0:44:d9:ca:9a:97:2e:a8:
         5c:e3:9d:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUf7PZnd9azlfXkFYIBWpZU6oxBeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKERBMTEyN0IzMTQxNzQ5MjA1MDZBREQ3NDBCQzNDNzlGQkQ2OERDNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKybuRx07EiI10PTVplzsBhMoV
11ji4kBxqeKV6WCmP6AI2hY07cgstv4cerQjX7jgMdGxfX5LKXgl7gsHh0PIacLE
9TQbLWogHGmwXpZ2/lgpK+M+76Efs3kXJT7W+dkusO4VMQTWVD6ym4xBDrsss042
AnfxzG/PrzkSy6KVifK5BWZI3nqmof3HNGGwu3be3cDwolqrl38MtVIzAO87/vHO
pFBqD4xNzQ9CC0FeM8gtfuFxDd32/b3LqJFYEkHppqrAXk+MzjEaoKy89sFBJCVm
ui5lz4UQlXpcSjpop6iLmNZUyCcZXcdQatVJGnHZ52bmuf539V1SMZJ/XGEFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2hEnsxQXSSBQat10C8PHn71o3FgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjMz
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKL
6DANBgkqhkiG9w0BAQsFAAOCAQEAMu9pFlX/jKj1s5XFi/OLyuXyFhjIaChwWvMP
r120XDgONcV7hzspPAebk1fRBVk6PWkyISnxB1XRRWGX39s299klWiuR1Xpqwxa4
o6TCr4Kh142ez/ml5XX3/4KvUm0FQcPGMCcB7eq/s5M7Z11DLCqS248aA27A4oFk
QvTrFOEKpYnN0g6oKSzaAXQXe9/IdLi3FLouzdY5fsWM3JZbozVmXjVXwSvO3gLc
NpDnHwEKyvGte/v8LDcY8w/+PvU3tkZ9acE9MJn8CJLxGGf9owAbfUL1CJGTI/Rj
O5Vgz2etOrFanm5gJzTNZGB9pGHeLuFGcsBE2cqaly6oXOOd8Q==
-----END CERTIFICATE-----