Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31382e302f32332d3234203d3e20383334.roa
File:                     38372e3235342e31382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          Q4p501nKB0sgnI21+akfDBIvF6GWoCBkfDAhgfWAEgM=
Subject key identifier:   C5:D0:58:B1:43:99:50:1A:5D:E9:B8:8E:61:31:48:D0:BD:ED:3E:46
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       61EC54B23436663E620B4585FBB033BDF70DF311
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31382e302f32332d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     834
IP address blocks:        87.254.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ec:54:b2:34:36:66:3e:62:0b:45:85:fb:b0:33:bd:f7:0d:f3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=C5D058B14399501A5DE9B88E613148D0BDED3E46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:38:29:e2:ab:ba:31:a3:16:80:5a:bd:1b:99:
                    9b:2d:02:96:39:58:07:b2:1b:52:15:b0:3b:65:c4:
                    04:15:e1:a1:96:55:a9:bc:47:a5:87:fc:71:9a:51:
                    8d:73:63:7e:a8:37:98:2f:bc:8d:f9:76:41:8a:43:
                    fc:93:56:f5:7f:6a:7f:c1:93:3b:e3:07:54:f1:54:
                    ca:bd:18:55:5f:8e:e9:c9:72:c9:5b:e6:63:6c:36:
                    05:ef:c8:da:0b:a1:ab:54:db:a3:84:6e:a8:31:bf:
                    57:d3:2c:1a:ad:6c:be:fe:5f:94:3c:00:55:d5:9b:
                    d6:52:b7:9a:0d:1b:f8:a7:7b:ca:1a:74:cd:e5:d5:
                    52:a8:ba:fd:95:3b:9a:4c:d7:fc:f5:7e:79:e3:af:
                    a0:fd:57:0e:53:12:4a:c4:0f:f6:35:26:1f:cc:be:
                    59:fc:62:24:0d:48:82:83:88:3c:2d:7f:b9:0c:3c:
                    4e:42:cf:e5:93:2d:81:29:6c:fa:d9:30:88:06:f7:
                    5a:80:b7:55:b0:f3:11:f5:fb:d9:f8:2b:39:80:b8:
                    fd:5a:ba:8a:5e:6d:a7:0b:38:8a:cd:6f:28:a3:75:
                    81:59:0d:a1:3a:78:f2:e4:70:75:b5:fd:20:52:60:
                    f7:44:07:f4:be:93:1e:24:bf:7f:41:bc:39:a6:26:
                    94:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D0:58:B1:43:99:50:1A:5D:E9:B8:8E:61:31:48:D0:BD:ED:3E:46
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:23:d2:98:f4:c1:3a:43:5b:b4:4a:fd:5e:8a:f7:58:33:a9:
         e4:4a:88:20:63:73:af:e9:a5:c9:cb:19:e6:7f:2f:98:01:10:
         f8:89:91:0b:cf:33:27:3a:cf:7d:87:1f:d2:df:e8:db:aa:46:
         5e:40:4d:36:05:95:ca:a3:cb:5d:88:51:61:b7:67:b7:f0:6d:
         8c:c6:d1:02:65:a7:ed:10:77:a1:d0:fe:7e:56:fe:7a:21:70:
         3e:ca:e6:8f:48:43:1d:3b:c5:5d:d6:4e:17:b8:2c:ea:0e:de:
         14:80:22:01:e0:80:f0:45:7c:4f:61:3a:b2:ce:db:ef:23:ea:
         87:d5:2b:95:22:5e:6b:ab:1f:d0:d6:18:e7:68:10:50:5f:cb:
         1d:56:c9:c3:3f:7d:75:65:c9:85:be:a7:29:79:e4:97:cd:69:
         3a:08:c9:72:2b:69:b1:48:da:5f:e4:a9:bb:6f:32:2c:76:9d:
         59:3a:4f:a5:9c:2d:00:9d:f0:55:78:92:c9:2b:78:78:76:4e:
         df:86:4e:04:73:9f:35:e9:33:64:8c:be:23:54:7b:71:ea:32:
         02:de:e7:c2:94:c0:e4:b8:9c:14:b3:e8:32:25:39:c0:6e:39:
         74:68:ff:56:0d:f3:f1:49:04:d8:6d:e2:5d:f3:83:05:9c:db:
         60:78:03:04
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYexUsjQ2Zj5iC0WF+7AzvfcN8xEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKEM1RDA1OEIxNDM5OTUwMUE1REU5Qjg4RTYxMzE0OEQwQkRFRDNFNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFOCniq7oxoxaAWr0bmZstApY5
WAeyG1IVsDtlxAQV4aGWVam8R6WH/HGaUY1zY36oN5gvvI35dkGKQ/yTVvV/an/B
kzvjB1TxVMq9GFVfjunJcslb5mNsNgXvyNoLoatU26OEbqgxv1fTLBqtbL7+X5Q8
AFXVm9ZSt5oNG/ine8oadM3l1VKouv2VO5pM1/z1fnnjr6D9Vw5TEkrED/Y1Jh/M
vln8YiQNSIKDiDwtf7kMPE5Cz+WTLYEpbPrZMIgG91qAt1Ww8xH1+9n4KzmAuP1a
uopebacLOIrNbyijdYFZDaE6ePLkcHW1/SBSYPdEB/S+kx4kv39BvDmmJpR/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUxdBYsUOZUBpd6biOYTFI0L3tPkYwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/4SMA0G
CSqGSIb3DQEBCwUAA4IBAQCAI9KY9ME6Q1u0Sv1eivdYM6nkSoggY3Ov6aXJyxnm
fy+YARD4iZELzzMnOs99hx/S3+jbqkZeQE02BZXKo8tdiFFht2e38G2MxtECZaft
EHeh0P5+Vv56IXA+yuaPSEMdO8Vd1k4XuCzqDt4UgCIB4IDwRXxPYTqyztvvI+qH
1SuVIl5rqx/Q1hjnaBBQX8sdVsnDP311ZcmFvqcpeeSXzWk6CMlyK2mxSNpf5Km7
bzIsdp1ZOk+lnC0AnfBVeJLJK3h4dk7fhk4Ec5816TNkjL4jVHtx6jIC3ufClMDk
uJwUs+gyJTnAbjl0aP9WDfPxSQTYbeJd84MFnNtgeAME
-----END CERTIFICATE-----