Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235302e302f32342d3234203d3e20383334.roa
File:                     38322e3133392e3235302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          HN6UoYrhA2A8FwGbi6eTD7ypMbxgWHPyAvnTmoFqEws=
Subject key identifier:   6C:2C:AC:8B:EF:85:63:6F:99:8D:83:2E:3D:09:BB:EF:43:9A:D7:C3
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       3D67E4824DEE630B77F19164C536AAFD2C9F2380
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 15 Sep 2025 15:50:08 +0000
ROA not before:           Mon 15 Sep 2025 15:45:08 +0000
ROA not after:            Mon 14 Sep 2026 15:50:08 +0000
asID:                     834
IP address blocks:        82.139.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 08:32:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:67:e4:82:4d:ee:63:0b:77:f1:91:64:c5:36:aa:fd:2c:9f:23:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 15 15:45:08 2025 GMT
            Not After : Sep 14 15:50:08 2026 GMT
        Subject: CN=6C2CAC8BEF85636F998D832E3D09BBEF439AD7C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d5:73:34:02:87:16:7a:d6:60:1e:8f:09:c7:
                    b2:71:59:2c:41:9d:03:4f:50:e0:0a:ba:82:c5:a3:
                    19:61:60:02:eb:48:b2:46:bb:51:96:f8:9e:d0:d5:
                    24:cc:8b:66:28:7c:fa:56:62:f6:3b:96:e6:a1:39:
                    15:f5:99:6a:00:88:75:64:e0:35:61:79:25:76:65:
                    01:69:bf:12:5e:a3:b9:68:fb:5b:9e:ce:71:24:47:
                    c3:0f:6a:8f:32:74:a4:cb:5a:0b:5e:2c:79:3b:19:
                    9f:e7:87:c5:9c:63:18:a4:f8:7c:c3:73:23:0b:a7:
                    e1:86:2c:ac:3b:12:a6:b7:ee:6b:fc:9d:c3:f4:05:
                    fa:4c:49:cf:1b:67:3e:6d:a3:27:7a:51:a5:25:6b:
                    4e:b0:a7:d0:0b:bb:e4:4e:6a:fa:b2:be:8e:62:06:
                    8f:cb:9c:8b:36:d0:f6:f6:46:cc:80:e2:96:22:73:
                    5b:2d:23:bd:36:31:84:7e:5e:58:b1:98:08:9a:03:
                    43:34:41:a3:09:00:d8:e5:c2:dd:59:d2:41:bb:c2:
                    f0:19:c0:0c:b9:14:c7:82:6f:ef:b9:ea:3e:c1:61:
                    2c:75:d4:57:61:fa:0f:c3:55:ce:ac:eb:06:cf:8e:
                    22:05:ff:0e:e1:b9:41:1f:42:ca:80:63:18:89:9e:
                    5c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2C:AC:8B:EF:85:63:6F:99:8D:83:2E:3D:09:BB:EF:43:9A:D7:C3
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:a4:67:db:32:27:37:a0:28:e6:47:fb:de:4f:d7:40:2d:17:
         ff:12:f6:bc:35:3c:f7:0f:dd:d5:8e:6c:4f:84:91:c5:12:2c:
         96:8d:2d:1d:3e:4f:7c:5b:bb:9d:4c:db:5c:0e:35:ff:77:91:
         18:4f:b8:84:6e:96:16:85:45:01:02:e0:05:b0:22:dc:eb:f1:
         73:c5:de:d2:d2:ce:8a:a9:fe:17:ed:8c:ae:b3:eb:ae:9a:e6:
         0c:ae:cf:c0:2f:db:25:1e:33:1c:65:27:40:2b:9a:02:17:53:
         fc:c6:6e:b7:7c:48:ba:f5:9a:70:cf:f3:aa:63:b3:a5:f7:3c:
         47:ed:ae:c7:8c:19:01:fc:5a:ea:4d:e3:04:9a:82:6b:46:31:
         b9:ff:57:0f:1f:a9:62:5f:69:2a:27:4c:80:16:14:cb:69:37:
         9c:57:61:eb:63:47:a6:14:d4:28:a0:89:b0:24:70:1e:80:36:
         59:e5:3c:31:20:3b:4d:2e:70:ca:9b:2f:04:71:04:e4:10:21:
         82:fc:6e:a0:63:6a:11:83:05:4d:9a:9d:1a:e3:29:19:9d:8f:
         da:9b:64:c4:33:c3:62:f8:43:c5:3c:4c:a1:0a:4b:99:19:e8:
         a4:c9:c0:56:06:d1:94:ad:4f:1b:86:d7:25:80:72:32:32:0f:
         16:f1:4a:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPWfkgk3uYwt38ZFkxTaq/SyfI4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MTUxNTQ1MDhaFw0yNjA5MTQxNTUwMDhaMDMxMTAvBgNV
BAMTKDZDMkNBQzhCRUY4NTYzNkY5OThEODMyRTNEMDlCQkVGNDM5QUQ3QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ1XM0AocWetZgHo8Jx7JxWSxB
nQNPUOAKuoLFoxlhYALrSLJGu1GW+J7Q1STMi2YofPpWYvY7luahORX1mWoAiHVk
4DVheSV2ZQFpvxJeo7lo+1ueznEkR8MPao8ydKTLWgteLHk7GZ/nh8WcYxik+HzD
cyMLp+GGLKw7Eqa37mv8ncP0BfpMSc8bZz5toyd6UaUla06wp9ALu+ROavqyvo5i
Bo/LnIs20Pb2RsyA4pYic1stI702MYR+XlixmAiaA0M0QaMJANjlwt1Z0kG7wvAZ
wAy5FMeCb++56j7BYSx11Fdh+g/DVc6s6wbPjiIF/w7huUEfQsqAYxiJnlxtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbCysi++FY2+ZjYMuPQm770Oa18MwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjM1
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi/ow
DQYJKoZIhvcNAQELBQADggEBAIikZ9syJzegKOZH+95P10AtF/8S9rw1PPcP3dWO
bE+EkcUSLJaNLR0+T3xbu51M21wONf93kRhPuIRulhaFRQEC4AWwItzr8XPF3tLS
zoqp/hftjK6z666a5gyuz8Av2yUeMxxlJ0ArmgIXU/zGbrd8SLr1mnDP86pjs6X3
PEftrseMGQH8WupN4wSagmtGMbn/Vw8fqWJfaSonTIAWFMtpN5xXYetjR6YU1Cig
ibAkcB6ANlnlPDEgO00ucMqbLwRxBOQQIYL8bqBjahGDBU2anRrjKRmdj9qbZMQz
w2L4Q8U8TKEKS5kZ6KTJwFYG0ZStTxuG1yWAcjIyDxbxSsw=
-----END CERTIFICATE-----