Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32332d3234203d3e20383334.roa
File:                     38372e3235342e31322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          UWjmZenZgQ6GpdGZbayi4FQY4UxY0dqXvzhbQdAIi5g=
Subject key identifier:   96:3F:55:EE:27:BF:64:DF:1B:CD:04:32:66:A9:C2:43:92:77:86:21
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       0745A16C4D9C3FE06FCBB505DFA84DA5789559BB
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32332d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:38 +0000
ROA not before:           Mon 02 Mar 2026 11:33:38 +0000
ROA not after:            Mon 01 Mar 2027 11:38:38 +0000
asID:                     834
IP address blocks:        87.254.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:45:a1:6c:4d:9c:3f:e0:6f:cb:b5:05:df:a8:4d:a5:78:95:59:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:38 2026 GMT
            Not After : Mar  1 11:38:38 2027 GMT
        Subject: CN=963F55EE27BF64DF1BCD043266A9C24392778621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7b:9c:f1:06:3f:c5:8e:ff:25:cd:13:53:df:
                    e7:4a:1b:2e:50:52:3f:93:23:c0:f4:c0:34:28:4b:
                    c1:a3:6f:53:e7:55:e8:d0:c6:b8:10:a6:15:b9:77:
                    9c:f2:3d:7d:a6:b5:6d:0c:07:ba:5e:15:37:f2:e0:
                    01:67:71:0f:6a:40:ff:83:0d:38:ec:38:5d:45:34:
                    16:f6:f0:88:23:26:68:4d:5f:95:fa:ec:c8:9c:75:
                    33:38:02:21:44:17:f4:46:0c:af:ba:14:9e:f1:de:
                    c7:68:6a:75:ea:fd:cf:3d:89:96:eb:57:c0:1e:58:
                    db:53:28:c3:88:0a:f2:4c:0c:bc:1a:d1:7e:39:72:
                    d0:5e:66:93:98:9e:aa:3d:96:17:6d:f1:b8:ee:bf:
                    8e:d9:e6:67:9f:77:57:41:0d:ac:14:a2:ab:57:58:
                    b6:9e:d7:32:6c:f6:34:cd:33:a9:3c:2f:97:7c:a0:
                    8c:17:90:0f:a5:df:c6:1b:76:15:97:c0:76:cf:4c:
                    bb:86:cf:5c:bf:2a:d8:c1:2c:f7:2d:d2:dc:26:ea:
                    59:c4:2b:33:46:99:a4:64:7a:b0:ae:86:3a:78:75:
                    b2:4b:3c:32:87:ae:e8:a9:68:9d:41:b3:44:a7:bf:
                    15:9c:d1:ef:4e:9a:e0:e4:e7:59:61:77:6b:a6:b7:
                    c7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:3F:55:EE:27:BF:64:DF:1B:CD:04:32:66:A9:C2:43:92:77:86:21
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:d6:09:11:31:93:86:01:0a:42:73:32:6f:a9:1c:66:4e:63:
         64:5d:7e:8c:62:1c:f4:4e:cc:2b:39:80:84:89:52:db:ad:22:
         04:1c:d9:95:c3:e4:bb:8c:1c:ce:27:2f:76:03:bd:4f:c7:ad:
         dc:4c:d5:cf:94:d6:0a:99:d3:5a:bb:31:a1:8f:1a:67:3e:00:
         85:9d:29:2a:66:67:d5:5d:aa:89:07:ec:22:68:3e:f8:ed:7f:
         6c:fa:92:a4:a0:3c:6d:8f:ab:42:a8:76:75:fb:1b:05:9a:39:
         74:1d:d4:74:32:6b:35:18:9c:34:e9:5e:d0:32:84:4a:d0:bc:
         7d:9d:4f:ef:ea:a0:f5:93:92:bd:cc:00:90:69:68:39:90:b1:
         1e:a2:52:fe:cf:3a:35:44:66:58:62:4d:cc:82:aa:87:21:da:
         28:96:ae:e1:8c:7c:b2:83:ae:d2:bb:da:1d:dd:7b:4f:69:ba:
         be:00:cc:f5:06:ec:e8:7b:a5:19:8f:2f:3b:30:01:41:04:c9:
         c1:4d:4f:56:eb:9c:6f:40:2e:f5:9d:74:3d:2a:58:eb:b9:48:
         b6:aa:f6:37:ec:f4:f2:cf:72:50:f6:bc:3c:1e:fe:d8:a3:4e:
         02:6f:df:d5:07:5e:3b:09:61:a4:25:b6:29:50:80:63:64:90:
         89:e1:94:ea
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUB0WhbE2cP+Bvy7UF36hNpXiVWbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzhaFw0yNzAzMDExMTM4MzhaMDMxMTAvBgNV
BAMTKDk2M0Y1NUVFMjdCRjY0REYxQkNEMDQzMjY2QTlDMjQzOTI3Nzg2MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIe5zxBj/Fjv8lzRNT3+dKGy5Q
Uj+TI8D0wDQoS8Gjb1PnVejQxrgQphW5d5zyPX2mtW0MB7peFTfy4AFncQ9qQP+D
DTjsOF1FNBb28IgjJmhNX5X67MicdTM4AiFEF/RGDK+6FJ7x3sdoanXq/c89iZbr
V8AeWNtTKMOICvJMDLwa0X45ctBeZpOYnqo9lhdt8bjuv47Z5mefd1dBDawUoqtX
WLae1zJs9jTNM6k8L5d8oIwXkA+l38YbdhWXwHbPTLuGz1y/KtjBLPct0twm6lnE
KzNGmaRkerCuhjp4dbJLPDKHruipaJ1Bs0SnvxWc0e9OmuDk51lhd2umt8eVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUlj9V7ie/ZN8bzQQyZqnCQ5J3hiEwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/4MMA0G
CSqGSIb3DQEBCwUAA4IBAQAq1gkRMZOGAQpCczJvqRxmTmNkXX6MYhz0TswrOYCE
iVLbrSIEHNmVw+S7jBzOJy92A71Px63cTNXPlNYKmdNauzGhjxpnPgCFnSkqZmfV
XaqJB+wiaD747X9s+pKkoDxtj6tCqHZ1+xsFmjl0HdR0Mms1GJw06V7QMoRK0Lx9
nU/v6qD1k5K9zACQaWg5kLEeolL+zzo1RGZYYk3MgqqHIdoolq7hjHyyg67Su9od
3XtPabq+AMz1Buzoe6UZjy87MAFBBMnBTU9W65xvQC71nXQ9KljruUi2qvY37PTy
z3JQ9rw8Hv7Yo04Cb9/VB147CWGkJbYpUIBjZJCJ4ZTq
-----END CERTIFICATE-----