Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e302e302f32332d3233203d3e20323037363435.roa
File:                     38372e3235342e302e302f32332d3233203d3e20323037363435.roa (raw, json)
Hash identifier:          Bt15oUjcprVGI2OHoJeHUu5XnHIcVhhgAZKYjYn6V5A=
Subject key identifier:   E4:4E:1B:88:3F:C2:07:4A:E5:8C:1C:55:1C:A8:CE:35:DA:36:26:5F
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       51EFACDE7177C6256028295B4715EDD534EE558B
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e302e302f32332d3233203d3e20323037363435.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     207645
IP address blocks:        87.254.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ef:ac:de:71:77:c6:25:60:28:29:5b:47:15:ed:d5:34:ee:55:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=E44E1B883FC2074AE58C1C551CA8CE35DA36265F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:39:b8:ac:e9:a9:8f:4d:23:3b:b4:d0:af:70:
                    9f:1f:48:e5:5f:36:07:64:a5:f2:52:13:90:38:f9:
                    38:22:12:70:9b:d4:83:7a:3a:c7:dd:ab:40:7e:56:
                    25:21:2e:0a:78:9a:f8:7d:ed:b0:7d:b9:20:5b:c9:
                    0c:1a:fd:81:5c:77:af:56:43:eb:e0:e6:78:4b:34:
                    e6:b7:b4:5f:e6:39:57:06:aa:07:ad:88:7d:1f:a5:
                    cc:4b:11:ce:7d:21:65:95:13:85:63:05:4b:c8:a0:
                    9d:13:42:89:05:f5:f4:77:b4:be:46:ab:d1:57:93:
                    8b:38:c9:09:99:06:8a:b6:a8:8c:01:bd:fb:95:41:
                    41:38:29:e2:0a:5d:e9:e0:1f:f3:10:2d:84:c0:f5:
                    4c:3f:45:ce:77:a1:74:90:78:f7:30:18:fc:93:86:
                    fc:43:e2:55:0b:4e:ba:ae:4b:64:19:ed:f7:a0:75:
                    79:cd:d8:dc:36:76:e4:f5:2f:fe:7f:1c:d4:16:ae:
                    1e:7d:0a:a0:f2:15:d1:4a:46:8e:cf:d5:db:74:4a:
                    13:a8:28:c5:72:40:3f:91:2c:bc:d2:d4:c8:77:63:
                    6d:37:c4:ef:50:5d:41:e0:26:c9:99:be:fe:ee:07:
                    c6:c6:7e:d4:c5:34:53:88:a3:8a:6d:31:61:4c:71:
                    70:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:4E:1B:88:3F:C2:07:4A:E5:8C:1C:55:1C:A8:CE:35:DA:36:26:5F
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e302e302f32332d3233203d3e20323037363435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:02:dc:b4:de:69:4a:70:0f:fc:30:9d:52:6f:ff:ae:19:6b:
         7f:6a:29:32:f9:89:41:8e:20:f3:9f:d1:74:d0:a9:f8:7f:a5:
         17:99:42:a5:a8:4e:c9:4a:34:c6:08:d0:9b:c9:b7:0c:71:7d:
         06:1a:32:2f:2d:07:85:48:43:8b:96:c6:b6:39:93:5d:b3:d5:
         47:cb:b2:a6:06:66:80:92:57:b0:8d:29:e1:16:b8:82:a6:e6:
         28:c9:c8:c4:80:c0:6d:33:2a:b4:cb:d0:f4:fd:d6:b2:3d:79:
         67:82:d1:a2:70:20:36:ac:01:b0:04:07:a9:4f:be:48:9d:ba:
         cf:d7:a0:de:26:77:34:91:39:48:20:14:d6:7f:da:62:d8:bf:
         c8:7e:5c:97:81:f9:f2:32:96:c4:67:b4:1a:e4:3d:2e:7f:06:
         b8:7a:b8:d0:89:5b:6a:30:2c:e0:7d:fe:58:0f:b0:64:3b:74:
         6a:24:ad:b5:ed:db:cb:bf:80:21:80:74:99:92:30:f4:5d:63:
         5a:91:13:9c:1e:8f:18:81:ab:ba:ec:c6:09:fc:57:a9:55:dc:
         df:bb:9f:c1:96:e5:63:19:3e:2a:f4:ab:f2:5f:c4:14:12:07:
         14:21:ce:b3:c6:7a:24:f5:3e:9f:54:57:7d:4c:31:13:bd:00:
         e5:7d:14:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUe+s3nF3xiVgKClbRxXt1TTuVYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKEU0NEUxQjg4M0ZDMjA3NEFFNThDMUM1NTFDQThDRTM1REEzNjI2NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtObis6amPTSM7tNCvcJ8fSOVf
NgdkpfJSE5A4+TgiEnCb1IN6Osfdq0B+ViUhLgp4mvh97bB9uSBbyQwa/YFcd69W
Q+vg5nhLNOa3tF/mOVcGqgetiH0fpcxLEc59IWWVE4VjBUvIoJ0TQokF9fR3tL5G
q9FXk4s4yQmZBoq2qIwBvfuVQUE4KeIKXengH/MQLYTA9Uw/Rc53oXSQePcwGPyT
hvxD4lULTrquS2QZ7fegdXnN2Nw2duT1L/5/HNQWrh59CqDyFdFKRo7P1dt0ShOo
KMVyQD+RLLzS1Mh3Y203xO9QXUHgJsmZvv7uB8bGftTFNFOIo4ptMWFMcXC5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5E4biD/CB0rljBxVHKjONdo2Jl8wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMDJl
MzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMyMzAzNzM2MzQzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVf+
ADANBgkqhkiG9w0BAQsFAAOCAQEACgLctN5pSnAP/DCdUm//rhlrf2opMvmJQY4g
85/RdNCp+H+lF5lCpahOyUo0xgjQm8m3DHF9BhoyLy0HhUhDi5bGtjmTXbPVR8uy
pgZmgJJXsI0p4Ra4gqbmKMnIxIDAbTMqtMvQ9P3Wsj15Z4LRonAgNqwBsAQHqU++
SJ26z9eg3iZ3NJE5SCAU1n/aYti/yH5cl4H58jKWxGe0GuQ9Ln8GuHq40IlbajAs
4H3+WA+wZDt0aiStte3by7+AIYB0mZIw9F1jWpETnB6PGIGruuzGCfxXqVXc37uf
wZblYxk+KvSr8l/EFBIHFCHOs8Z6JPU+n1RXfUwxE70A5X0UgQ==
-----END CERTIFICATE-----