Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31302e302f32332d3234203d3e20383334.roa
File:                     38372e3235342e31302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          gtWS54K+PO4E4oLTUH11vJs7Wo2BTDfPQKFHefT0Vzc=
Subject key identifier:   31:B0:5F:C2:65:0E:DC:28:0A:69:AB:C4:CE:77:55:6B:8F:C3:FF:91
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       12139E7563789C6E2ACC2CDE5A9AC2F0F903B808
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31302e302f32332d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:35 +0000
ROA not before:           Mon 02 Mar 2026 11:33:35 +0000
ROA not after:            Mon 01 Mar 2027 11:38:35 +0000
asID:                     834
IP address blocks:        87.254.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:13:9e:75:63:78:9c:6e:2a:cc:2c:de:5a:9a:c2:f0:f9:03:b8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:35 2026 GMT
            Not After : Mar  1 11:38:35 2027 GMT
        Subject: CN=31B05FC2650EDC280A69ABC4CE77556B8FC3FF91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a0:f9:d7:3d:b0:d5:ff:99:cc:51:96:60:a9:
                    ad:cf:90:5a:e5:16:aa:22:af:89:13:63:b3:31:ea:
                    ea:3d:3b:14:c6:4e:af:85:5e:48:8c:7b:b5:5f:3b:
                    94:39:ac:7f:43:36:06:b7:dd:0e:30:bd:15:d6:7e:
                    09:ec:fb:fc:d4:42:20:75:13:e7:49:03:c7:f0:c9:
                    ea:b2:44:bd:d2:14:3a:d3:66:96:d0:bf:66:0c:52:
                    49:34:2d:fc:78:d3:63:85:91:b8:8a:b1:ce:7c:1e:
                    cc:1b:15:74:bb:9f:a0:5a:c4:b4:32:e2:d1:f4:57:
                    cf:f5:ad:fe:0f:f6:7c:cd:f4:19:58:3f:e8:10:83:
                    d9:80:90:94:1a:d7:ce:1d:25:4a:26:b5:2c:d4:bf:
                    e6:4d:cf:a0:d9:64:c0:d6:39:c8:c2:b0:b6:fb:18:
                    3a:4e:d8:71:26:7e:77:93:89:0e:32:ec:32:73:6e:
                    eb:af:5a:6c:db:49:54:79:28:3e:2f:c5:9f:e4:3b:
                    09:be:96:dc:90:62:e2:3e:13:e2:8a:5f:18:75:ad:
                    70:b4:3e:a8:c7:5b:8c:57:82:74:75:dd:84:61:6c:
                    c7:33:d6:1f:f7:27:bf:a4:2b:54:1b:f7:26:e4:c2:
                    cc:e0:4b:e9:6f:10:b0:51:6f:ed:1e:16:80:90:5d:
                    62:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B0:5F:C2:65:0E:DC:28:0A:69:AB:C4:CE:77:55:6B:8F:C3:FF:91
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:89:d4:76:ed:e9:6f:dd:6f:c9:e9:5a:4e:e8:e7:d6:26:64:
         e6:7d:5d:ea:a9:58:79:b6:ca:c1:ef:4f:dd:ae:36:f0:9f:97:
         bd:7a:53:98:3e:09:9a:36:85:a8:2f:2b:82:5c:48:c6:50:83:
         e8:8c:cc:93:a4:4a:52:47:22:1a:88:d4:09:1a:44:2a:00:a2:
         5a:de:20:55:52:9f:19:b4:9e:0c:32:e1:71:5c:32:71:d0:8a:
         c7:3b:93:57:6e:c6:fd:16:9f:c6:28:9b:f4:60:05:cf:e0:c0:
         e0:8c:bd:4d:69:67:57:0e:66:e3:6b:6c:1f:ff:fc:e4:cf:9c:
         26:f2:ea:0c:1c:b3:6f:58:c2:38:f6:7e:2e:44:df:52:d9:27:
         ca:ab:d4:0a:e4:03:51:40:61:49:b2:c2:3f:f6:53:56:f0:0c:
         d5:b7:11:d1:62:b4:b8:30:11:ba:91:68:04:73:7f:90:d2:76:
         f2:cf:63:de:f9:a6:f1:5b:07:c5:4b:51:35:75:6d:a6:ac:e1:
         fe:51:35:64:3e:c5:b5:cb:cf:ea:22:c3:4a:90:10:2d:7a:5f:
         b8:31:4f:ed:55:1c:3c:79:76:25:5b:3a:c7:b9:89:1a:80:42:
         33:71:c5:15:d4:07:6b:1f:20:f7:fb:4f:8a:85:74:1f:95:f4:
         ea:55:fb:c8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUEhOedWN4nG4qzCzeWprC8PkDuAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzVaFw0yNzAzMDExMTM4MzVaMDMxMTAvBgNV
BAMTKDMxQjA1RkMyNjUwRURDMjgwQTY5QUJDNENFNzc1NTZCOEZDM0ZGOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCooPnXPbDV/5nMUZZgqa3PkFrl
Fqoir4kTY7Mx6uo9OxTGTq+FXkiMe7VfO5Q5rH9DNga33Q4wvRXWfgns+/zUQiB1
E+dJA8fwyeqyRL3SFDrTZpbQv2YMUkk0Lfx402OFkbiKsc58HswbFXS7n6BaxLQy
4tH0V8/1rf4P9nzN9BlYP+gQg9mAkJQa184dJUomtSzUv+ZNz6DZZMDWOcjCsLb7
GDpO2HEmfneTiQ4y7DJzbuuvWmzbSVR5KD4vxZ/kOwm+ltyQYuI+E+KKXxh1rXC0
PqjHW4xXgnR13YRhbMcz1h/3J7+kK1Qb9ybkwszgS+lvELBRb+0eFoCQXWK7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUMbBfwmUO3CgKaavEzndVa4/D/5EwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/4KMA0G
CSqGSIb3DQEBCwUAA4IBAQAoidR27elv3W/J6VpO6OfWJmTmfV3qqVh5tsrB70/d
rjbwn5e9elOYPgmaNoWoLyuCXEjGUIPojMyTpEpSRyIaiNQJGkQqAKJa3iBVUp8Z
tJ4MMuFxXDJx0IrHO5NXbsb9Fp/GKJv0YAXP4MDgjL1NaWdXDmbja2wf//zkz5wm
8uoMHLNvWMI49n4uRN9S2SfKq9QK5ANRQGFJssI/9lNW8AzVtxHRYrS4MBG6kWgE
c3+Q0nbyz2Pe+abxWwfFS1E1dW2mrOH+UTVkPsW1y8/qIsNKkBAtel+4MU/tVRw8
eXYlWzrHuYkagEIzccUV1AdrHyD3+0+KhXQflfTqVfvI
-----END CERTIFICATE-----