Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31372e302f32342d3234203d3e203631333137.roa
File:                     38372e3235342e31372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          iUdPEp/zg1lgw8SWDOnC/cWw7iD/otvfqF3P7vlXliU=
Subject key identifier:   27:19:E8:83:77:5A:66:B6:68:25:72:F0:F9:17:FD:C2:87:83:2C:ED
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       03E6A0C61E4E163ABD7D9775E65C9F5B959153A3
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31372e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 02 Mar 2026 11:38:36 +0000
ROA not before:           Mon 02 Mar 2026 11:33:36 +0000
ROA not after:            Mon 01 Mar 2027 11:38:36 +0000
asID:                     61317
IP address blocks:        87.254.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e6:a0:c6:1e:4e:16:3a:bd:7d:97:75:e6:5c:9f:5b:95:91:53:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:36 2026 GMT
            Not After : Mar  1 11:38:36 2027 GMT
        Subject: CN=2719E883775A66B6682572F0F917FDC287832CED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f3:61:ee:b6:4b:d9:2c:59:90:95:34:ef:47:
                    a2:37:0f:be:ac:2e:e2:a3:d2:15:d5:80:a7:2f:4f:
                    38:26:c2:b2:d4:de:89:37:13:58:47:45:ac:68:1c:
                    67:a4:83:a1:5c:f3:62:c9:ce:80:0e:2b:70:79:7c:
                    e3:48:5b:9e:29:dd:28:66:eb:20:c9:99:9b:4b:77:
                    74:52:38:f4:c0:6b:06:40:3c:7f:56:b8:2d:56:95:
                    bf:96:63:39:7d:c2:0f:bb:50:e2:7a:fa:c0:11:73:
                    f6:8c:5e:35:ed:7b:10:d0:6b:0a:0e:9e:fe:89:4b:
                    c5:fb:98:46:ea:de:48:4b:d6:33:b9:0d:8a:c5:58:
                    fa:74:8c:1f:55:5b:45:86:70:d5:49:9b:3e:f6:e1:
                    30:39:33:96:bd:e8:78:8a:f3:3c:66:ff:2a:b2:53:
                    dc:1d:b2:c8:f8:c4:54:64:4f:af:34:72:3e:85:a6:
                    6f:d4:55:83:0d:fe:15:f6:e6:b5:9e:ed:c5:a0:a4:
                    44:77:19:14:fb:41:a9:47:c6:1b:8a:97:a5:11:a4:
                    95:2a:f9:36:e5:4f:25:81:4d:ff:70:7f:b6:2e:76:
                    80:28:16:a6:77:42:c1:0f:ce:ff:cc:e9:b0:c3:7e:
                    8f:5b:ac:ba:a1:a9:2b:b1:30:4e:e7:d6:43:8a:f2:
                    ee:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:19:E8:83:77:5A:66:B6:68:25:72:F0:F9:17:FD:C2:87:83:2C:ED
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ec:85:73:96:6b:b9:77:c4:e2:a5:bb:44:69:f5:c4:9e:f2:
         ac:bc:7a:34:e0:98:9c:64:8b:ef:14:f4:0a:51:00:6c:7e:36:
         fd:36:56:9e:19:f1:6d:e3:1d:f1:d9:9d:91:48:6b:19:8b:07:
         cf:09:3d:a5:52:fc:f1:63:46:fa:44:5c:42:a9:ca:01:13:34:
         b2:f5:3b:a8:ab:91:e0:86:d0:5f:63:db:e8:6f:06:2c:49:1f:
         51:39:6e:2a:74:37:ee:b4:23:7c:89:87:e2:bf:cc:b3:7c:ab:
         79:29:c8:a5:64:fb:37:78:7b:98:54:b2:bb:cc:99:01:a0:98:
         83:02:a8:a7:43:7a:64:16:c9:ab:b1:89:f5:c2:e4:a6:72:1b:
         d8:62:71:86:dc:95:08:74:2c:5f:52:84:80:df:3b:4d:7c:96:
         f2:e5:38:2f:23:d1:81:7c:78:45:37:cb:21:10:8e:98:c7:6a:
         d4:07:f8:95:eb:d8:49:6f:2c:ab:57:68:d1:f9:65:8b:f0:0d:
         7f:4a:cc:d9:ee:26:27:d2:f1:18:5f:5b:b1:07:e0:a5:44:ae:
         93:8b:fe:80:b5:3e:37:d3:03:1d:dd:8a:16:a3:58:5c:23:4b:
         ef:ad:4a:cd:05:bc:e8:6a:a2:17:6b:64:72:71:23:74:b7:d2:
         b2:9f:43:d9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA+agxh5OFjq9fZd15lyfW5WRU6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzZaFw0yNzAzMDExMTM4MzZaMDMxMTAvBgNV
BAMTKDI3MTlFODgzNzc1QTY2QjY2ODI1NzJGMEY5MTdGREMyODc4MzJDRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd82HutkvZLFmQlTTvR6I3D76s
LuKj0hXVgKcvTzgmwrLU3ok3E1hHRaxoHGekg6Fc82LJzoAOK3B5fONIW54p3Shm
6yDJmZtLd3RSOPTAawZAPH9WuC1Wlb+WYzl9wg+7UOJ6+sARc/aMXjXtexDQawoO
nv6JS8X7mEbq3khL1jO5DYrFWPp0jB9VW0WGcNVJmz724TA5M5a96HiK8zxm/yqy
U9wdssj4xFRkT680cj6Fpm/UVYMN/hX25rWe7cWgpER3GRT7QalHxhuKl6URpJUq
+TblTyWBTf9wf7YudoAoFqZ3QsEPzv/M6bDDfo9brLqhqSuxME7n1kOK8u7TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJxnog3daZrZoJXLw+Rf9woeDLO0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
ETANBgkqhkiG9w0BAQsFAAOCAQEAneyFc5ZruXfE4qW7RGn1xJ7yrLx6NOCYnGSL
7xT0ClEAbH42/TZWnhnxbeMd8dmdkUhrGYsHzwk9pVL88WNG+kRcQqnKARM0svU7
qKuR4IbQX2Pb6G8GLEkfUTluKnQ37rQjfImH4r/Ms3yreSnIpWT7N3h7mFSyu8yZ
AaCYgwKop0N6ZBbJq7GJ9cLkpnIb2GJxhtyVCHQsX1KEgN87TXyW8uU4LyPRgXx4
RTfLIRCOmMdq1Af4levYSW8sq1do0flli/ANf0rM2e4mJ9LxGF9bsQfgpUSuk4v+
gLU+N9MDHd2KFqNYXCNL761KzQW86GqiF2tkcnEjdLfSsp9D2Q==
-----END CERTIFICATE-----