Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e322e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          0lftYrBwhyfbi4cjY9zWfmHR2CJaW7nri13R884O3dA=
Subject key identifier:   C9:75:44:5D:B9:BD:B5:59:10:BA:1F:B1:CE:AC:32:12:7C:D2:FD:06
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       01B5C893ADA03564B89088B234FA7A5234EFD4DF
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     834
IP address blocks:        87.254.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b5:c8:93:ad:a0:35:64:b8:90:88:b2:34:fa:7a:52:34:ef:d4:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=C975445DB9BDB55910BA1FB1CEAC32127CD2FD06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f5:8a:8c:39:79:84:af:86:6a:e6:bb:66:f5:
                    78:45:42:8e:51:a4:0f:1d:21:75:d6:5c:63:11:a5:
                    d9:28:77:1b:5f:13:db:b6:0b:c5:49:2a:24:03:e0:
                    7d:f0:0d:30:6f:44:1b:a6:82:28:07:af:6b:88:85:
                    0a:50:05:ea:35:1a:f8:66:d7:3a:eb:1f:76:60:19:
                    00:4c:d2:ca:8c:76:83:7e:e9:11:ae:72:72:62:76:
                    70:16:83:9b:bf:18:21:97:e5:cd:35:17:6a:83:39:
                    1d:1e:7f:ce:2a:c3:52:5b:d2:74:13:44:32:3e:e2:
                    36:35:94:64:33:2e:e8:5a:63:1f:2c:47:61:b2:ef:
                    b5:33:fc:65:26:49:c5:d8:69:d5:64:44:27:dc:a1:
                    62:72:03:fc:7a:11:d2:99:2d:12:0c:09:ca:ad:02:
                    f6:10:a7:11:0e:9e:d3:38:ba:b6:24:1b:88:7d:13:
                    f7:b7:fc:37:72:5f:a9:c7:22:d7:1f:b2:db:86:d1:
                    0f:99:23:9c:ff:db:e0:ed:84:70:60:74:60:05:5a:
                    cf:a1:be:51:d4:05:8f:d3:55:fd:61:46:d3:14:2f:
                    75:04:30:34:7b:68:57:6f:39:b4:7a:9c:fd:2c:6d:
                    ef:e6:d8:8b:f3:9a:c1:3c:75:d9:0a:2b:ab:90:2f:
                    4a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:75:44:5D:B9:BD:B5:59:10:BA:1F:B1:CE:AC:32:12:7C:D2:FD:06
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:70:d2:b6:f7:8a:4e:af:78:1f:07:06:7d:7e:52:13:62:03:
         95:88:6a:d2:44:9e:64:6b:f2:ad:de:a0:75:57:87:57:bd:95:
         13:37:78:0d:69:1b:bd:25:ac:3f:37:12:1b:3a:ad:45:25:2f:
         70:9a:c5:30:c3:31:8c:54:72:f0:9e:0d:4a:dd:fe:74:b1:b4:
         13:43:fc:de:61:5e:ec:a8:27:f1:66:8a:e2:ca:74:f5:93:22:
         60:eb:3b:a5:8d:dd:f8:09:25:c5:3b:85:09:ed:ae:70:51:03:
         d0:fa:2d:b6:35:5c:62:b1:f0:8d:84:81:d2:45:48:ff:c7:80:
         db:10:43:1c:9f:63:e8:cf:1b:81:d2:3f:e9:89:54:b8:81:6d:
         fd:67:a8:8a:ac:2f:93:08:6c:cf:15:79:b3:0f:f5:ae:bb:19:
         3a:e9:de:00:88:ae:2d:cd:1c:b0:6d:58:a5:e6:60:ac:22:f9:
         03:bc:28:56:03:f9:36:93:3f:d0:22:3a:7c:4b:4f:65:ae:79:
         0e:58:e2:9f:23:b5:cf:6d:0b:5b:0e:25:65:50:7e:d3:13:a3:
         6f:63:e6:de:a0:76:c5:07:38:97:18:c2:9b:50:ac:8c:e7:66:
         d6:71:ab:0e:60:71:57:5a:41:94:61:46:00:f0:e2:0c:fa:4c:
         2f:95:4e:d1
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUAbXIk62gNWS4kIiyNPp6UjTv1N8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKEM5NzU0NDVEQjlCREI1NTkxMEJBMUZCMUNFQUMzMjEyN0NEMkZEMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb9YqMOXmEr4Zq5rtm9XhFQo5R
pA8dIXXWXGMRpdkodxtfE9u2C8VJKiQD4H3wDTBvRBumgigHr2uIhQpQBeo1Gvhm
1zrrH3ZgGQBM0sqMdoN+6RGucnJidnAWg5u/GCGX5c01F2qDOR0ef84qw1Jb0nQT
RDI+4jY1lGQzLuhaYx8sR2Gy77Uz/GUmScXYadVkRCfcoWJyA/x6EdKZLRIMCcqt
AvYQpxEOntM4urYkG4h9E/e3/DdyX6nHItcfstuG0Q+ZI5z/2+DthHBgdGAFWs+h
vlHUBY/TVf1hRtMUL3UEMDR7aFdvObR6nP0sbe/m2IvzmsE8ddkKK6uQL0rvAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUyXVEXbm9tVkQuh+xzqwyEnzS/QYwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+AjANBgkq
hkiG9w0BAQsFAAOCAQEAOHDStveKTq94HwcGfX5SE2IDlYhq0kSeZGvyrd6gdVeH
V72VEzd4DWkbvSWsPzcSGzqtRSUvcJrFMMMxjFRy8J4NSt3+dLG0E0P83mFe7Kgn
8WaK4sp09ZMiYOs7pY3d+AklxTuFCe2ucFED0PottjVcYrHwjYSB0kVI/8eA2xBD
HJ9j6M8bgdI/6YlUuIFt/WeoiqwvkwhszxV5sw/1rrsZOuneAIiuLc0csG1YpeZg
rCL5A7woVgP5NpM/0CI6fEtPZa55DljinyO1z20LWw4lZVB+0xOjb2Pm3qB2xQc4
lxjCm1CsjOdm1nGrDmBxV1pBlGFGAPDiDPpML5VO0Q==
-----END CERTIFICATE-----