Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32322e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e32322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rBcnHeM9UN/n2/ZoIT3IiOmRRqgoBqMFBe8vdR0Fp3M=
Subject key identifier:   03:CB:D3:D7:6D:3D:0D:D6:03:CD:3F:BF:E3:CB:61:DA:87:81:35:41
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       470993C8AE49BFBC2300153BFF74443781AF9138
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     834
IP address blocks:        87.254.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:09:93:c8:ae:49:bf:bc:23:00:15:3b:ff:74:44:37:81:af:91:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=03CBD3D76D3D0DD603CD3FBFE3CB61DA87813541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e7:a5:dc:6c:cd:06:73:fe:1c:5d:26:93:15:
                    6c:5f:7e:53:6f:5d:9b:1c:c6:e4:92:e7:39:1e:b0:
                    de:a8:ae:17:e5:e8:bc:d8:f5:f6:29:ec:66:f5:a9:
                    fa:a0:e2:62:f9:15:2e:b4:3f:81:5a:eb:00:5f:84:
                    cf:95:e7:2d:00:ad:81:61:e9:40:fb:9b:21:06:c6:
                    14:0b:3b:45:86:a1:f1:21:8f:44:66:dd:73:91:e7:
                    f4:a9:33:08:ef:f8:e6:47:70:10:77:0b:48:ed:5b:
                    43:17:ab:50:d8:ae:aa:46:84:5c:41:45:50:d4:58:
                    a5:30:82:c6:1f:2d:9a:17:9b:40:2b:c0:51:06:8f:
                    5a:bd:00:40:71:73:b4:82:96:aa:96:52:3f:44:d7:
                    20:d9:55:32:e7:60:1a:ba:cf:60:98:80:19:83:79:
                    98:62:80:1a:8e:b1:5b:ef:92:3c:a5:39:b4:82:0e:
                    7a:16:ff:71:cb:51:f5:7b:a6:5a:58:fb:cb:60:20:
                    84:7f:be:8a:19:f6:b8:a2:ba:3b:b7:11:0a:fa:1a:
                    5f:fa:6a:61:61:f1:8f:65:78:35:de:2c:07:1c:9d:
                    c8:7f:a6:1f:de:aa:ef:1c:6f:e0:58:48:b5:ae:cf:
                    9a:13:a7:4f:dd:53:91:47:f3:ee:42:e0:6f:ad:18:
                    c5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CB:D3:D7:6D:3D:0D:D6:03:CD:3F:BF:E3:CB:61:DA:87:81:35:41
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8c:c2:ba:ec:6d:10:65:28:b6:28:52:f2:2d:d9:78:09:85:
         3a:9e:b6:2e:eb:a0:5b:25:cf:95:aa:42:22:9d:7e:1b:82:4c:
         3c:22:b6:44:28:80:5e:4c:13:d5:c9:6b:9a:24:44:be:d6:08:
         58:73:39:86:6f:3c:a5:39:7b:c1:2f:78:fd:0f:fe:6b:3c:87:
         08:dd:c7:c1:55:99:79:c7:20:a8:d2:fc:47:88:5b:d8:10:c8:
         57:ba:4a:db:78:bd:bb:bc:73:87:0e:f9:98:d2:bb:c0:68:60:
         b2:88:ee:bf:b8:4d:72:be:38:12:0f:50:19:67:e4:09:5e:9f:
         d6:c9:c9:6f:37:00:14:fd:2f:b8:74:f3:ed:5a:65:f7:34:a2:
         fc:fb:2d:9d:b9:79:13:16:91:fc:e0:9e:e6:f7:90:94:6a:43:
         54:11:96:2f:e1:9d:bd:d4:df:2c:de:ac:0b:1e:f5:71:ec:8f:
         2a:4f:e1:75:e0:fc:14:6e:e9:58:86:79:51:21:31:31:12:6e:
         53:3a:2d:51:cf:4f:56:0f:3e:dc:7f:49:08:bb:cf:af:23:e6:
         96:b7:65:fb:aa:40:a4:ee:19:80:8f:7e:73:08:c4:02:ea:0d:
         98:5e:2f:f5:73:00:e2:40:a8:73:77:46:8a:d7:3d:10:cf:dc:
         d0:30:18:6a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURwmTyK5Jv7wjABU7/3REN4GvkTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKDAzQ0JEM0Q3NkQzRDBERDYwM0NEM0ZCRkUzQ0I2MURBODc4MTM1NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG56XcbM0Gc/4cXSaTFWxfflNv
XZscxuSS5zkesN6orhfl6LzY9fYp7Gb1qfqg4mL5FS60P4Fa6wBfhM+V5y0ArYFh
6UD7myEGxhQLO0WGofEhj0Rm3XOR5/SpMwjv+OZHcBB3C0jtW0MXq1DYrqpGhFxB
RVDUWKUwgsYfLZoXm0ArwFEGj1q9AEBxc7SClqqWUj9E1yDZVTLnYBq6z2CYgBmD
eZhigBqOsVvvkjylObSCDnoW/3HLUfV7plpY+8tgIIR/vooZ9riiuju3EQr6Gl/6
amFh8Y9leDXeLAccnch/ph/equ8cb+BYSLWuz5oTp0/dU5FH8+5C4G+tGMUBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUA8vT1209DdYDzT+/48th2oeBNUEwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4WMA0G
CSqGSIb3DQEBCwUAA4IBAQCNjMK67G0QZSi2KFLyLdl4CYU6nrYu66BbJc+VqkIi
nX4bgkw8IrZEKIBeTBPVyWuaJES+1ghYczmGbzylOXvBL3j9D/5rPIcI3cfBVZl5
xyCo0vxHiFvYEMhXukrbeL27vHOHDvmY0rvAaGCyiO6/uE1yvjgSD1AZZ+QJXp/W
yclvNwAU/S+4dPPtWmX3NKL8+y2duXkTFpH84J7m95CUakNUEZYv4Z291N8s3qwL
HvVx7I8qT+F14PwUbulYhnlRITExEm5TOi1Rz09WDz7cf0kIu8+vI+aWt2X7qkCk
7hmAj35zCMQC6g2YXi/1cwDiQKhzd0aK1z0Qz9zQMBhq
-----END CERTIFICATE-----