Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31312e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e31312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          R+azz9nLKyNU6dgOPMnSlskgJSHgrUg6U88QCwoeH8I=
Subject key identifier:   4A:2C:77:5F:F0:8B:06:8E:90:97:CA:FD:0C:3D:F5:C7:62:E3:B3:A4
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       2D9A25C2F578DEDA09DC85AD9736011972FF013F
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:39 +0000
ROA not before:           Mon 02 Mar 2026 11:33:39 +0000
ROA not after:            Mon 01 Mar 2027 11:38:39 +0000
asID:                     834
IP address blocks:        87.254.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:9a:25:c2:f5:78:de:da:09:dc:85:ad:97:36:01:19:72:ff:01:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:39 2026 GMT
            Not After : Mar  1 11:38:39 2027 GMT
        Subject: CN=4A2C775FF08B068E9097CAFD0C3DF5C762E3B3A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:f4:af:52:2e:0b:20:53:2f:00:59:6c:a3:
                    84:15:cb:c7:57:6e:6f:ab:b7:c9:cb:76:f7:cc:89:
                    c7:1d:ca:f5:77:3c:aa:42:8f:83:f9:c4:80:12:65:
                    98:2a:46:cf:94:6c:51:85:64:50:0f:2c:83:7c:c2:
                    ab:02:e4:91:3c:be:6f:9f:f7:a6:c4:1c:11:48:47:
                    36:69:d8:c0:61:93:2d:91:cb:53:c1:1c:6f:2e:17:
                    b7:bd:3b:ab:ab:53:ba:59:b8:f3:3b:10:cb:36:ff:
                    69:3b:33:fb:be:a0:d1:d9:89:76:50:f9:ca:ee:36:
                    f7:65:53:b2:b9:e7:e4:a8:d8:b0:c0:04:31:9b:7e:
                    ec:e4:b7:41:eb:97:69:64:8d:d3:37:6d:e8:80:ee:
                    f2:4b:26:8a:d7:2d:c9:9b:b8:8c:db:e2:d2:fa:69:
                    90:47:48:ad:1e:4c:24:14:b2:0d:cf:fa:f5:d2:05:
                    56:ef:c8:82:eb:0b:f2:5c:eb:27:c2:83:9a:a5:b5:
                    aa:14:9b:7b:fe:a7:41:f0:74:1d:1b:0c:d1:aa:bb:
                    17:b0:8d:c9:b8:f7:c9:54:11:21:09:0c:86:f0:7e:
                    57:df:fb:56:c1:49:a8:cb:4e:a3:6c:d1:c9:1e:34:
                    17:a1:2f:75:76:05:d1:c2:d9:02:05:62:67:54:4a:
                    47:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2C:77:5F:F0:8B:06:8E:90:97:CA:FD:0C:3D:F5:C7:62:E3:B3:A4
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:19:35:d9:8a:4e:74:5f:ce:8c:ba:0d:b3:03:c1:c9:b7:3f:
         e5:b5:4d:e1:c7:95:76:45:b3:78:a6:d6:e0:0f:f8:a6:46:86:
         d8:6f:5b:b8:86:50:9d:fe:e2:a2:07:38:8c:b9:52:ab:57:da:
         82:30:42:c2:84:be:e2:78:4e:3c:26:7d:26:23:ef:7a:6e:24:
         d0:26:97:d0:6b:1b:ca:1a:6d:28:f0:a7:af:1e:d3:48:eb:29:
         42:bc:94:cb:ab:4d:38:58:64:48:e1:35:ae:9f:55:a1:e5:23:
         a2:96:05:36:29:74:d1:65:e6:24:58:8c:2e:75:9f:7b:77:75:
         0a:b0:30:71:2a:a0:1b:ec:17:53:4f:21:d7:69:bb:b7:40:88:
         ed:07:a4:03:2c:e5:28:de:81:1a:9c:70:21:90:3e:1f:56:8f:
         2d:bc:cf:a4:ad:49:65:1f:a2:e9:ed:38:a6:77:ab:09:cf:8a:
         a7:e5:de:82:3e:86:3c:b1:89:2a:b9:fc:3e:03:2b:8c:d2:91:
         a3:2b:e3:3c:61:63:5c:9e:78:b3:57:30:24:fe:e8:ca:8c:a9:
         29:25:61:99:bd:e8:79:b8:f3:c2:bf:99:55:1b:7e:3c:01:9c:
         72:cd:b7:bf:dc:0c:bf:e8:fc:f9:09:b7:aa:5e:dd:39:d9:89:
         9b:ca:fa:50
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULZolwvV43toJ3IWtlzYBGXL/AT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzlaFw0yNzAzMDExMTM4MzlaMDMxMTAvBgNV
BAMTKDRBMkM3NzVGRjA4QjA2OEU5MDk3Q0FGRDBDM0RGNUM3NjJFM0IzQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkffSvUi4LIFMvAFlso4QVy8dX
bm+rt8nLdvfMiccdyvV3PKpCj4P5xIASZZgqRs+UbFGFZFAPLIN8wqsC5JE8vm+f
96bEHBFIRzZp2MBhky2Ry1PBHG8uF7e9O6urU7pZuPM7EMs2/2k7M/u+oNHZiXZQ
+cruNvdlU7K55+So2LDABDGbfuzkt0Hrl2lkjdM3beiA7vJLJorXLcmbuIzb4tL6
aZBHSK0eTCQUsg3P+vXSBVbvyILrC/Jc6yfCg5qltaoUm3v+p0HwdB0bDNGquxew
jcm498lUESEJDIbwflff+1bBSajLTqNs0ckeNBehL3V2BdHC2QIFYmdUSkfvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUSix3X/CLBo6Ql8r9DD31x2Ljs6QwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4LMA0G
CSqGSIb3DQEBCwUAA4IBAQAEGTXZik50X86Mug2zA8HJtz/ltU3hx5V2RbN4ptbg
D/imRobYb1u4hlCd/uKiBziMuVKrV9qCMELChL7ieE48Jn0mI+96biTQJpfQaxvK
Gm0o8KevHtNI6ylCvJTLq004WGRI4TWun1Wh5SOilgU2KXTRZeYkWIwudZ97d3UK
sDBxKqAb7BdTTyHXabu3QIjtB6QDLOUo3oEanHAhkD4fVo8tvM+krUllH6Lp7Tim
d6sJz4qn5d6CPoY8sYkqufw+AyuM0pGjK+M8YWNcnnizVzAk/ujKjKkpJWGZveh5
uPPCv5lVG348AZxyzbe/3Ay/6Pz5CbeqXt052YmbyvpQ
-----END CERTIFICATE-----