Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32342e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e32342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3heYW94siEFBzrT3gihXCI5Vho56FAEmPFruRGdpNo8=
Subject key identifier:   DE:5E:5F:DB:99:BE:F5:A0:65:32:A5:C7:9E:E3:8B:D9:F0:D9:59:9D
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       0BBDD4D3C6851F1849B852FBF8964E5FBEEB85FF
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32342e302f32342d3234203d3e20383334.roa
Signing time:             Sun 14 Jun 2026 07:24:15 +0000
ROA not before:           Sun 14 Jun 2026 07:19:15 +0000
ROA not after:            Sun 13 Jun 2027 07:24:15 +0000
asID:                     834
IP address blocks:        87.254.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:bd:d4:d3:c6:85:1f:18:49:b8:52:fb:f8:96:4e:5f:be:eb:85:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Jun 14 07:19:15 2026 GMT
            Not After : Jun 13 07:24:15 2027 GMT
        Subject: CN=DE5E5FDB99BEF5A06532A5C79EE38BD9F0D9599D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ea:13:c3:02:7f:ed:b2:d3:f6:24:84:a4:eb:
                    fd:80:31:73:55:00:d7:06:b3:ca:c7:4b:28:52:53:
                    3e:a1:b9:ce:af:8c:1d:a0:a0:f1:bd:f3:2d:f6:83:
                    ad:ec:8d:2c:ec:45:f7:fa:df:77:f7:70:f7:5e:c7:
                    76:31:68:99:61:9c:c4:df:0a:81:53:f3:f8:b6:39:
                    13:61:56:36:54:93:66:18:55:f3:32:f0:07:4c:cf:
                    77:1b:b3:cc:42:8f:86:bb:3f:53:a5:03:7e:d4:fa:
                    10:e2:d0:2a:d5:5f:8b:6a:9d:19:ee:36:b4:b1:31:
                    8e:65:a4:90:e5:0c:3c:56:7f:63:bc:4a:b1:f4:9d:
                    5c:57:eb:73:b2:06:8d:a9:83:d4:ad:2b:06:b0:1e:
                    b8:1f:3e:75:0b:8c:62:8c:c8:ff:79:2f:1d:ea:ba:
                    d8:e9:a5:6e:9e:a1:3e:be:c8:07:6a:e3:33:a5:73:
                    63:e4:48:57:1d:06:19:06:98:10:6d:6c:5f:34:a1:
                    ae:92:36:65:22:92:04:40:ad:3a:00:4f:ec:0f:a1:
                    86:c0:cc:b8:5d:e1:0e:b2:b6:23:a4:80:f2:56:4d:
                    9f:0f:80:d0:f9:b7:bd:c1:b3:5b:88:f7:36:7a:2e:
                    c3:72:b0:8d:e1:7d:2e:1c:a0:b0:02:24:92:8b:53:
                    83:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:5E:5F:DB:99:BE:F5:A0:65:32:A5:C7:9E:E3:8B:D9:F0:D9:59:9D
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:cb:9e:7c:a3:be:96:a0:2c:f6:eb:35:1b:29:86:a1:8a:6b:
         f1:a4:72:84:21:e5:61:4e:20:6a:1e:31:a5:9f:57:08:9e:33:
         b5:0c:f2:d4:3f:eb:15:d1:64:ee:16:7a:fc:3a:51:85:f4:d8:
         04:8b:42:3f:67:f2:89:6f:f8:bd:f4:f7:5f:34:ff:83:a2:72:
         eb:f8:32:e6:87:20:cf:42:05:f1:e2:49:6d:79:8d:6b:2f:b1:
         03:0f:5b:45:30:09:c9:1e:20:f2:33:45:d4:85:43:a5:6f:d9:
         95:03:c6:fe:d1:b3:ff:aa:2f:ef:d6:22:e7:48:8e:46:29:a8:
         f2:ed:c6:94:15:0e:5a:f1:7f:2e:b7:dd:17:1b:c1:38:1b:cb:
         12:6d:7b:9e:12:cf:98:32:7f:80:5b:5f:c5:ef:7a:f1:d0:6f:
         9b:3d:6e:f8:c0:7d:ba:6b:1c:75:d2:70:d3:c7:46:35:bb:7a:
         53:05:a3:88:23:d2:9f:ec:c7:97:52:50:8a:0a:33:15:f8:06:
         ca:e5:a8:4d:5f:1e:78:fd:79:90:f3:0e:17:3d:ab:b5:1c:8d:
         22:4f:c9:eb:bc:09:9e:31:c4:f2:6b:6f:5b:b7:93:ea:f1:e2:
         4e:b6:74:14:55:b0:a7:d4:00:9b:60:0c:ec:59:32:8e:a5:fc:
         ea:2d:67:a3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUC73U08aFHxhJuFL7+JZOX77rhf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA2MTQwNzE5MTVaFw0yNzA2MTMwNzI0MTVaMDMxMTAvBgNV
BAMTKERFNUU1RkRCOTlCRUY1QTA2NTMyQTVDNzlFRTM4QkQ5RjBEOTU5OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf6hPDAn/tstP2JISk6/2AMXNV
ANcGs8rHSyhSUz6huc6vjB2goPG98y32g63sjSzsRff633f3cPdex3YxaJlhnMTf
CoFT8/i2ORNhVjZUk2YYVfMy8AdMz3cbs8xCj4a7P1OlA37U+hDi0CrVX4tqnRnu
NrSxMY5lpJDlDDxWf2O8SrH0nVxX63OyBo2pg9StKwawHrgfPnULjGKMyP95Lx3q
utjppW6eoT6+yAdq4zOlc2PkSFcdBhkGmBBtbF80oa6SNmUikgRArToAT+wPoYbA
zLhd4Q6ytiOkgPJWTZ8PgND5t73Bs1uI9zZ6LsNysI3hfS4coLACJJKLU4M1AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3l5f25m+9aBlMqXHnuOL2fDZWZ0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4YMA0G
CSqGSIb3DQEBCwUAA4IBAQCby558o76WoCz26zUbKYahimvxpHKEIeVhTiBqHjGl
n1cInjO1DPLUP+sV0WTuFnr8OlGF9NgEi0I/Z/KJb/i99PdfNP+DonLr+DLmhyDP
QgXx4klteY1rL7EDD1tFMAnJHiDyM0XUhUOlb9mVA8b+0bP/qi/v1iLnSI5GKajy
7caUFQ5a8X8ut90XG8E4G8sSbXueEs+YMn+AW1/F73rx0G+bPW74wH26axx10nDT
x0Y1u3pTBaOII9Kf7MeXUlCKCjMV+AbK5ahNXx54/XmQ8w4XPau1HI0iT8nrvAme
McTya29bt5Pq8eJOtnQUVbCn1ACbYAzsWTKOpfzqLWej
-----END CERTIFICATE-----