Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31362e302f32342d3234203d3e203631333137.roa
File:                     38372e3235342e31362e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          OnoBFru6gXkLx/IpdA8BMf1f3KgH5QjPForAWZMVmzo=
Subject key identifier:   61:FA:48:46:E8:BC:6D:AE:89:B5:EF:AD:71:50:B4:70:93:9B:F7:FD
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       60E17EC1D5C15CD3E8778FD9E0704828A1539EE9
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31362e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     61317
IP address blocks:        87.254.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:e1:7e:c1:d5:c1:5c:d3:e8:77:8f:d9:e0:70:48:28:a1:53:9e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=61FA4846E8BC6DAE89B5EFAD7150B470939BF7FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4d:b8:f8:b3:c3:e7:1b:7f:62:06:5e:65:80:
                    71:29:51:3b:1d:3c:00:6c:8e:fb:13:96:2b:b9:d4:
                    76:2b:97:16:c2:72:29:65:c6:64:cc:c1:ca:8a:91:
                    3b:03:22:95:1e:84:0e:07:4f:4c:24:a9:b6:e5:cb:
                    95:dc:12:e3:dc:23:36:00:f4:c7:14:e1:12:e6:f8:
                    cc:f9:44:23:b9:f6:00:58:4a:18:03:53:6f:70:71:
                    1d:93:2f:1a:f3:56:f2:16:1d:97:80:37:ab:75:b8:
                    73:74:d3:0c:fd:30:4f:95:71:a2:fe:96:0d:ac:18:
                    fc:05:cd:3c:42:67:c2:75:f8:5c:be:74:76:97:0d:
                    59:96:7e:c9:e8:ab:8c:c6:da:de:3b:ab:1a:03:d4:
                    23:32:20:ab:a0:c8:73:27:81:e9:da:7b:5b:b6:c0:
                    8a:b7:dd:b8:ad:38:bf:8b:5f:dd:12:26:3b:8d:b3:
                    5b:d9:2b:0a:f8:5a:d3:b4:d4:2f:a0:86:9d:cb:1f:
                    f3:fd:00:59:0e:39:64:6a:1c:60:85:a8:a9:52:ce:
                    cf:d3:52:0f:02:ec:c2:64:3a:a3:59:72:05:69:8a:
                    91:66:50:58:ce:2a:23:9b:a2:34:82:7f:4a:12:96:
                    f0:68:92:8b:82:bb:16:ab:ad:86:4b:71:7d:80:82:
                    ea:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FA:48:46:E8:BC:6D:AE:89:B5:EF:AD:71:50:B4:70:93:9B:F7:FD
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31362e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:97:13:4c:36:f1:67:ac:2e:03:aa:c4:23:25:e0:d0:85:5e:
         d6:50:a0:54:fe:39:6e:4d:d7:d3:36:e9:2d:a5:3c:bc:b6:86:
         15:52:61:b2:4d:07:5f:51:60:1b:96:e6:4e:f0:b8:05:11:36:
         1f:51:c2:b7:21:28:63:75:01:81:16:3b:a9:63:c8:ba:8f:21:
         a3:b9:82:e4:61:19:f6:c1:76:5b:96:23:1f:f6:32:a3:49:d7:
         f7:a3:20:2e:07:d2:b3:0b:e1:85:94:25:68:3a:51:d5:f2:29:
         4e:36:68:f5:f1:5e:c6:04:5c:8a:59:7a:ba:a3:72:38:ec:ef:
         ca:0b:8c:b8:68:b9:52:54:a8:68:c3:65:22:46:ff:7e:f3:01:
         1b:32:bd:e6:55:63:dd:d1:3b:f3:6a:fb:38:3a:c4:28:83:43:
         8f:4e:aa:50:43:92:56:93:b5:e6:8a:01:0d:4a:78:ca:bd:02:
         8b:58:3a:24:9d:44:cd:1c:4f:00:94:65:a4:46:a4:c0:31:6f:
         77:a6:db:b1:37:ec:5d:fe:53:8d:6d:91:8e:96:b2:b2:4f:43:
         bd:d9:a4:64:c0:07:be:f0:49:5f:6c:04:e4:00:71:29:3c:45:
         aa:b5:7c:01:96:5c:fe:f4:c4:88:89:01:92:f1:7d:12:60:68:
         ee:1e:33:24
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYOF+wdXBXNPod4/Z4HBIKKFTnukwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKDYxRkE0ODQ2RThCQzZEQUU4OUI1RUZBRDcxNTBCNDcwOTM5QkY3RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSTbj4s8PnG39iBl5lgHEpUTsd
PABsjvsTliu51HYrlxbCcillxmTMwcqKkTsDIpUehA4HT0wkqbbly5XcEuPcIzYA
9McU4RLm+Mz5RCO59gBYShgDU29wcR2TLxrzVvIWHZeAN6t1uHN00wz9ME+VcaL+
lg2sGPwFzTxCZ8J1+Fy+dHaXDVmWfsnoq4zG2t47qxoD1CMyIKugyHMngenae1u2
wIq33bitOL+LX90SJjuNs1vZKwr4WtO01C+ghp3LH/P9AFkOOWRqHGCFqKlSzs/T
Ug8C7MJkOqNZcgVpipFmUFjOKiObojSCf0oSlvBokouCuxarrYZLcX2AguqpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYfpIRui8ba6Jte+tcVC0cJOb9/0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
EDANBgkqhkiG9w0BAQsFAAOCAQEAWJcTTDbxZ6wuA6rEIyXg0IVe1lCgVP45bk3X
0zbpLaU8vLaGFVJhsk0HX1FgG5bmTvC4BRE2H1HCtyEoY3UBgRY7qWPIuo8ho7mC
5GEZ9sF2W5YjH/Yyo0nX96MgLgfSswvhhZQlaDpR1fIpTjZo9fFexgRcill6uqNy
OOzvyguMuGi5UlSoaMNlIkb/fvMBGzK95lVj3dE782r7ODrEKINDj06qUEOSVpO1
5ooBDUp4yr0Ci1g6JJ1EzRxPAJRlpEakwDFvd6bbsTfsXf5TjW2Rjpaysk9Dvdmk
ZMAHvvBJX2wE5ABxKTxFqrV8AZZc/vTEiIkBkvF9EmBo7h4zJA==
-----END CERTIFICATE-----