Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e32392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          EY22VbjNlGcefMgcbkvZMeBmlRw1T/U4a2awyQKCH7c=
Subject key identifier:   F3:2F:A7:50:3B:B4:53:8F:E5:18:DB:99:0D:84:A2:84:20:E9:96:AD
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       0D4B3B22FCAEE2BF3531E19132DE041BB7AA1A6A
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:36 +0000
ROA not before:           Mon 02 Mar 2026 11:33:36 +0000
ROA not after:            Mon 01 Mar 2027 11:38:36 +0000
asID:                     834
IP address blocks:        87.254.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:4b:3b:22:fc:ae:e2:bf:35:31:e1:91:32:de:04:1b:b7:aa:1a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:36 2026 GMT
            Not After : Mar  1 11:38:36 2027 GMT
        Subject: CN=F32FA7503BB4538FE518DB990D84A28420E996AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:35:53:03:fd:1a:89:23:17:85:16:b1:a5:
                    a9:e0:67:e3:de:59:9a:1c:62:50:be:b4:01:84:f7:
                    33:ca:93:24:8e:73:23:22:90:75:9f:77:d4:8c:3e:
                    f5:a1:45:04:74:15:09:ea:3d:cb:cd:12:43:ab:f0:
                    e0:b1:97:45:2d:66:ba:c1:23:24:0c:08:05:3c:af:
                    80:45:4e:45:30:de:29:72:01:7f:f9:47:e1:fc:45:
                    91:b8:1e:18:2b:6c:18:a8:0b:31:f2:92:f9:52:26:
                    50:cf:c0:28:f0:a6:c5:14:75:51:5b:ec:2a:ed:de:
                    89:eb:b3:98:57:b0:fa:f5:b0:01:77:b9:66:8b:27:
                    31:05:5e:eb:00:fb:0d:ce:f7:43:9c:00:74:5a:14:
                    1b:df:ac:94:09:25:7a:9a:91:4b:a4:a5:c9:b1:d9:
                    15:d5:59:ac:51:3a:37:09:16:21:7d:fa:f3:e1:97:
                    e7:01:38:f0:2e:ea:f4:d9:c1:50:80:a9:31:9b:99:
                    b8:2a:71:4d:9e:a3:f9:1a:ae:67:2c:a9:e1:c3:2f:
                    4a:ed:12:95:99:e0:48:ce:52:66:5b:d6:a1:c5:f8:
                    b8:f3:98:b3:39:5f:de:42:46:00:0c:4b:de:a0:98:
                    08:39:ef:4c:58:2e:4c:3f:ba:01:ff:84:e1:79:4a:
                    8c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2F:A7:50:3B:B4:53:8F:E5:18:DB:99:0D:84:A2:84:20:E9:96:AD
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:15:9f:ab:b7:b7:ad:f4:ee:8b:e1:16:9f:ec:0f:38:75:d2:
         bb:7d:43:49:5e:b2:ca:01:c8:21:70:24:7a:bf:2f:e5:a7:d6:
         49:70:dc:71:bf:84:32:f0:a8:c6:12:8e:8b:cf:9c:d5:24:5f:
         a2:d9:b9:53:a7:e1:f8:2f:ba:a3:69:13:2f:e3:f1:16:3d:55:
         7b:7e:57:b6:67:01:11:5e:c6:eb:e3:2f:22:e4:5c:fb:a7:05:
         32:3e:14:90:07:ca:72:40:22:de:0e:43:ef:0c:47:d5:b9:82:
         c1:5e:3b:44:7f:20:11:30:38:47:ae:39:9c:e5:d0:41:18:d1:
         b7:e2:05:27:78:44:1b:08:0a:1f:93:ac:b2:69:2a:91:cf:21:
         36:21:b1:62:76:6e:58:6b:08:b3:a1:bc:80:34:55:9a:8e:b2:
         ea:82:97:0b:f3:2b:ee:f3:d2:c5:b0:da:61:09:fe:ef:59:2f:
         b4:3e:11:9d:98:42:fa:7f:ed:a9:75:b5:6f:51:f1:c1:a4:93:
         a9:74:b9:6c:b1:fb:df:eb:47:9f:a0:32:9b:9d:43:38:d8:6b:
         eb:de:6b:d0:be:90:81:63:08:98:4c:71:22:2a:ee:30:65:8f:
         1e:5d:e8:d3:b5:95:97:bd:f1:32:7a:42:45:42:df:87:71:98:
         b4:65:b2:c7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDUs7Ivyu4r81MeGRMt4EG7eqGmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzZaFw0yNzAzMDExMTM4MzZaMDMxMTAvBgNV
BAMTKEYzMkZBNzUwM0JCNDUzOEZFNTE4REI5OTBEODRBMjg0MjBFOTk2QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsqTVTA/0aiSMXhRaxpangZ+Pe
WZocYlC+tAGE9zPKkySOcyMikHWfd9SMPvWhRQR0FQnqPcvNEkOr8OCxl0UtZrrB
IyQMCAU8r4BFTkUw3ilyAX/5R+H8RZG4HhgrbBioCzHykvlSJlDPwCjwpsUUdVFb
7Crt3onrs5hXsPr1sAF3uWaLJzEFXusA+w3O90OcAHRaFBvfrJQJJXqakUukpcmx
2RXVWaxROjcJFiF9+vPhl+cBOPAu6vTZwVCAqTGbmbgqcU2eo/karmcsqeHDL0rt
EpWZ4EjOUmZb1qHF+LjzmLM5X95CRgAMS96gmAg570xYLkw/ugH/hOF5SoyBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU8y+nUDu0U4/lGNuZDYSihCDplq0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4dMA0G
CSqGSIb3DQEBCwUAA4IBAQB9FZ+rt7et9O6L4Raf7A84ddK7fUNJXrLKAcghcCR6
vy/lp9ZJcNxxv4Qy8KjGEo6Lz5zVJF+i2blTp+H4L7qjaRMv4/EWPVV7fle2ZwER
Xsbr4y8i5Fz7pwUyPhSQB8pyQCLeDkPvDEfVuYLBXjtEfyARMDhHrjmc5dBBGNG3
4gUneEQbCAofk6yyaSqRzyE2IbFidm5YawizobyANFWajrLqgpcL8yvu89LFsNph
Cf7vWS+0PhGdmEL6f+2pdbVvUfHBpJOpdLlssfvf60efoDKbnUM42Gvr3mvQvpCB
YwiYTHEiKu4wZY8eXejTtZWXvfEyekJFQt+HcZi0ZbLH
-----END CERTIFICATE-----