Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3234382e302f32332d3234203d3e20383334.roa
File:                     38322e3133392e3234382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          rfn7k/34ptQxV8Nx9ZBbeaCxKEEUy5zukqmJcpROFO4=
Subject key identifier:   A3:3D:0E:5A:03:94:A6:37:0B:FD:87:6F:0E:57:02:54:D1:7E:BF:D1
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       531B842B19978EB4C5EE5D433202C383D9823A82
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3234382e302f32332d3234203d3e20383334.roa
Signing time:             Mon 15 Sep 2025 15:50:08 +0000
ROA not before:           Mon 15 Sep 2025 15:45:08 +0000
ROA not after:            Mon 14 Sep 2026 15:50:08 +0000
asID:                     834
IP address blocks:        82.139.248.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 14:48:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:1b:84:2b:19:97:8e:b4:c5:ee:5d:43:32:02:c3:83:d9:82:3a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 15 15:45:08 2025 GMT
            Not After : Sep 14 15:50:08 2026 GMT
        Subject: CN=A33D0E5A0394A6370BFD876F0E570254D17EBFD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a5:ae:47:0d:00:0d:77:c6:36:41:73:64:0c:
                    b4:ec:af:72:1b:d6:ec:2f:f6:54:d1:89:98:a1:41:
                    5f:fb:de:e1:8b:50:3c:9f:4c:1e:ec:bf:9a:a8:b8:
                    12:7e:fe:18:06:52:fa:f1:5b:88:a0:2c:a1:37:9e:
                    d4:9b:77:04:97:31:50:c9:c5:9a:04:9f:2f:2f:16:
                    b3:a1:09:64:71:14:85:4f:35:27:e3:94:12:9c:c4:
                    5f:07:d0:18:b3:95:c3:10:e5:c8:b9:ab:ad:0f:8e:
                    84:bf:ad:99:03:9b:24:21:ac:1d:40:3e:ec:72:d1:
                    97:97:ad:14:ce:3c:bf:c9:71:1e:35:cb:ef:77:89:
                    10:e5:d2:af:9c:9c:8b:99:5e:90:14:59:1b:03:e1:
                    72:96:62:c1:26:25:ff:6e:3d:43:58:8d:6e:16:c0:
                    68:d7:ab:3f:df:a5:5c:67:f4:35:ad:f3:51:9d:af:
                    07:f8:84:61:4f:92:59:53:51:a0:b4:c7:a2:96:66:
                    47:36:3b:a7:f3:16:a8:68:2b:6d:ad:08:a0:91:4b:
                    45:c4:2f:c1:98:b2:81:d3:f0:15:15:4b:98:46:ec:
                    71:ac:03:d3:42:0c:40:3b:f0:56:bc:78:41:30:17:
                    55:b6:84:e2:3d:f6:d0:4c:87:97:61:c0:76:39:75:
                    16:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3D:0E:5A:03:94:A6:37:0B:FD:87:6F:0E:57:02:54:D1:7E:BF:D1
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3234382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:75:f2:53:11:d4:26:91:06:6c:60:4e:47:2a:da:f3:dd:54:
         a8:b3:4f:de:be:dc:35:db:43:ff:e7:3d:a6:64:a8:7b:db:9c:
         7e:bb:53:79:79:3b:a7:5e:04:40:fe:c0:e9:e5:1b:44:e3:d8:
         33:ed:0b:a1:8a:10:17:12:b7:79:18:43:18:e2:d1:2a:ae:63:
         a2:8f:62:84:3f:9d:fc:c5:f3:3a:94:27:cc:38:3b:ec:76:83:
         1b:ce:62:e6:df:36:86:a9:ac:c7:1f:7a:6e:e8:5f:5d:4b:5a:
         a8:b3:e5:c2:a3:42:9d:8b:8e:2f:1b:54:f2:38:1d:d7:23:75:
         7a:9e:70:86:52:80:76:20:15:cd:ab:2d:c9:6b:bf:9c:a3:ae:
         be:6f:d9:ac:ea:72:2b:39:64:c6:4d:b9:28:53:f5:8f:f5:3b:
         26:1b:87:3b:2a:91:6f:87:0a:82:6f:ff:a3:87:d2:2e:55:db:
         88:19:2e:86:9f:9f:ec:23:62:f1:d4:e7:ee:2d:5c:84:e3:3f:
         2b:76:c3:7b:90:d1:64:4c:4c:74:b0:ff:3e:6b:48:7f:41:bd:
         3f:13:08:5f:23:db:ad:49:7e:37:0b:09:d9:86:96:a2:4f:2a:
         3e:bd:11:03:9f:53:88:df:f9:4e:aa:1a:22:fc:2f:bb:de:1f:
         69:42:c0:2f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUxuEKxmXjrTF7l1DMgLDg9mCOoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MTUxNTQ1MDhaFw0yNjA5MTQxNTUwMDhaMDMxMTAvBgNV
BAMTKEEzM0QwRTVBMDM5NEE2MzcwQkZEODc2RjBFNTcwMjU0RDE3RUJGRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkpa5HDQANd8Y2QXNkDLTsr3Ib
1uwv9lTRiZihQV/73uGLUDyfTB7sv5qouBJ+/hgGUvrxW4igLKE3ntSbdwSXMVDJ
xZoEny8vFrOhCWRxFIVPNSfjlBKcxF8H0BizlcMQ5ci5q60PjoS/rZkDmyQhrB1A
Puxy0ZeXrRTOPL/JcR41y+93iRDl0q+cnIuZXpAUWRsD4XKWYsEmJf9uPUNYjW4W
wGjXqz/fpVxn9DWt81Gdrwf4hGFPkllTUaC0x6KWZkc2O6fzFqhoK22tCKCRS0XE
L8GYsoHT8BUVS5hG7HGsA9NCDEA78Fa8eEEwF1W2hOI99tBMh5dhwHY5dRbfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoz0OWgOUpjcL/YdvDlcCVNF+v9EwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjM0
MzgyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFSi/gw
DQYJKoZIhvcNAQELBQADggEBAAN18lMR1CaRBmxgTkcq2vPdVKizT96+3DXbQ//n
PaZkqHvbnH67U3l5O6deBED+wOnlG0Tj2DPtC6GKEBcSt3kYQxji0SquY6KPYoQ/
nfzF8zqUJ8w4O+x2gxvOYubfNoaprMcfem7oX11LWqiz5cKjQp2Lji8bVPI4Hdcj
dXqecIZSgHYgFc2rLclrv5yjrr5v2azqcis5ZMZNuShT9Y/1OyYbhzsqkW+HCoJv
/6OH0i5V24gZLoafn+wjYvHU5+4tXITjPyt2w3uQ0WRMTHSw/z5rSH9BvT8TCF8j
261JfjcLCdmGlqJPKj69EQOfU4jf+U6qGiL8L7veH2lCwC8=
-----END CERTIFICATE-----