Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235322e302f32322d3234203d3e2038383230.roa
File:                     38322e3133392e3235322e302f32322d3234203d3e2038383230.roa (raw, json)
Hash identifier:          nHwDQ4fb3uLL+dMLVnOKr4GI/kYScJk31rO+LaYS+AE=
Subject key identifier:   EC:1C:94:E7:EC:0C:41:58:4F:FB:A0:E2:BE:8D:2B:28:4D:BB:2C:F2
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       3EA17011C70514420D98077872BD7878FC71C9A9
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235322e302f32322d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:03 +0000
ROA not before:           Thu 04 Sep 2025 10:35:03 +0000
ROA not after:            Thu 03 Sep 2026 10:40:03 +0000
asID:                     8820
IP address blocks:        82.139.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:a1:70:11:c7:05:14:42:0d:98:07:78:72:bd:78:78:fc:71:c9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:03 2025 GMT
            Not After : Sep  3 10:40:03 2026 GMT
        Subject: CN=EC1C94E7EC0C41584FFBA0E2BE8D2B284DBB2CF2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:81:eb:32:b4:4e:9d:52:35:92:95:09:fc:e7:
                    0c:d0:54:0d:e9:60:dc:04:39:39:4f:ba:56:69:5d:
                    23:32:22:8b:00:99:ee:78:54:09:fb:e9:db:64:69:
                    24:f4:a0:27:75:94:16:57:3a:be:21:7a:40:3c:82:
                    2c:76:d7:3f:62:52:35:f1:a2:a7:94:2f:00:dd:01:
                    73:ea:71:74:6b:34:e8:8b:88:57:3c:54:d5:4e:bc:
                    ba:9d:9d:25:bd:57:14:81:72:28:4e:53:76:ac:de:
                    42:a3:f9:b8:8a:01:57:93:f2:25:d9:40:ed:3c:22:
                    8c:ae:59:cd:44:20:41:4f:65:86:f1:ff:ea:85:93:
                    78:9f:70:d3:c6:c0:56:a8:1d:52:d0:ef:fb:30:6c:
                    f2:bc:2a:79:a9:62:82:7f:26:2d:8e:c4:2b:70:11:
                    82:a6:da:90:8e:b2:31:38:81:ea:ba:ab:36:9f:e1:
                    e6:e1:b3:32:57:df:e9:20:19:e2:0d:22:bb:20:c8:
                    5d:e3:39:1e:63:ef:e4:6e:f0:c2:79:ef:9a:31:15:
                    be:62:70:19:64:3a:4f:9e:52:d4:af:f6:c1:93:99:
                    ea:9c:01:ce:0b:80:69:9b:f3:2d:bf:62:37:da:80:
                    54:da:bd:41:01:bb:88:05:37:04:a3:24:e1:61:48:
                    7f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:1C:94:E7:EC:0C:41:58:4F:FB:A0:E2:BE:8D:2B:28:4D:BB:2C:F2
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3235322e302f32322d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:21:e8:fe:51:9b:40:e1:31:d7:89:68:20:9e:d8:1c:e0:f3:
         94:ce:93:f0:b5:12:e7:5a:57:98:3f:e9:2c:21:43:5f:d0:48:
         64:e6:a4:8a:0f:02:b0:a3:7e:de:15:68:eb:3f:ac:fa:f7:45:
         18:83:f4:6c:d8:5a:02:e7:b3:f7:68:38:f7:74:40:e5:af:6e:
         5d:94:15:50:ad:de:ee:0e:29:df:d9:cb:53:23:2c:b5:90:c3:
         31:5b:42:81:f9:05:55:96:e3:6a:24:f6:25:fc:45:61:73:d1:
         3a:fd:e1:22:ae:a9:dd:e5:9c:21:c9:79:47:d5:82:77:37:e1:
         25:d8:e2:98:7e:1e:44:82:e3:07:ce:c3:8b:36:bf:3f:ea:b2:
         1a:93:8f:cb:81:b7:9a:6e:16:f8:8c:f5:28:29:d7:b0:70:3e:
         10:76:b1:1a:33:a2:a8:ce:a2:15:13:99:0e:03:9a:08:6a:df:
         f6:d8:c6:2d:c1:d6:fe:b9:af:6c:0a:f9:ff:bc:22:77:0d:df:
         e2:4c:30:4e:05:cb:8c:32:39:12:7b:9b:65:7c:ce:41:0a:92:
         7b:ee:d1:b4:21:9c:56:c5:0a:87:b2:c0:9a:4f:08:60:e5:a7:
         50:e4:1f:0d:67:bb:1b:6b:5f:f9:16:64:b2:25:c4:42:27:67:
         53:59:43:fc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPqFwEccFFEINmAd4cr14ePxxyakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDNaFw0yNjA5MDMxMDQwMDNaMDMxMTAvBgNV
BAMTKEVDMUM5NEU3RUMwQzQxNTg0RkZCQTBFMkJFOEQyQjI4NERCQjJDRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUgesytE6dUjWSlQn85wzQVA3p
YNwEOTlPulZpXSMyIosAme54VAn76dtkaST0oCd1lBZXOr4hekA8gix21z9iUjXx
oqeULwDdAXPqcXRrNOiLiFc8VNVOvLqdnSW9VxSBcihOU3as3kKj+biKAVeT8iXZ
QO08IoyuWc1EIEFPZYbx/+qFk3ifcNPGwFaoHVLQ7/swbPK8KnmpYoJ/Ji2OxCtw
EYKm2pCOsjE4geq6qzaf4ebhszJX3+kgGeINIrsgyF3jOR5j7+Ru8MJ575oxFb5i
cBlkOk+eUtSv9sGTmeqcAc4LgGmb8y2/YjfagFTavUEBu4gFNwSjJOFhSH+1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7ByU5+wMQVhP+6Divo0rKE27LPIwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjM1
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODM4MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlKL
/DANBgkqhkiG9w0BAQsFAAOCAQEATiHo/lGbQOEx14loIJ7YHODzlM6T8LUS51pX
mD/pLCFDX9BIZOakig8CsKN+3hVo6z+s+vdFGIP0bNhaAuez92g493RA5a9uXZQV
UK3e7g4p39nLUyMstZDDMVtCgfkFVZbjaiT2JfxFYXPROv3hIq6p3eWcIcl5R9WC
dzfhJdjimH4eRILjB87Diza/P+qyGpOPy4G3mm4W+Iz1KCnXsHA+EHaxGjOiqM6i
FROZDgOaCGrf9tjGLcHW/rmvbAr5/7widw3f4kwwTgXLjDI5EnubZXzOQQqSe+7R
tCGcVsUKh7LAmk8IYOWnUOQfDWe7G2tf+RZksiXEQidnU1lD/A==
-----END CERTIFICATE-----