Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e332e302f32342d3234203d3e20313337343039.roa
File:                     38372e3235342e332e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier:          oOqDRHnQhKkW0bsS7sECikqkcHxGG+LEWNClGo/2tL4=
Subject key identifier:   FC:68:CE:E1:33:DD:1A:8B:4C:12:92:5C:F6:30:8C:E9:1A:29:EE:6F
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       1DFA84D6D53C913AC9FAA006CC58E46C2858254A
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e332e302f32342d3234203d3e20313337343039.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     137409
IP address blocks:        87.254.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:fa:84:d6:d5:3c:91:3a:c9:fa:a0:06:cc:58:e4:6c:28:58:25:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=FC68CEE133DD1A8B4C12925CF6308CE91A29EE6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7d:79:49:12:6e:d2:98:e4:42:9c:60:5d:8e:
                    d2:60:66:c6:bb:c2:60:4f:44:26:1c:af:a5:dc:64:
                    ab:82:48:61:cb:48:fb:e5:d0:e2:43:37:6f:a9:d1:
                    01:e4:6c:c7:6d:9d:55:0e:49:ee:8b:f3:6b:de:87:
                    fd:5f:14:60:fb:89:f3:b9:e2:25:f2:c8:69:3b:64:
                    dd:75:ea:f8:57:c5:6a:b3:af:47:2a:3f:69:56:39:
                    29:37:d2:63:dc:b4:67:dc:82:f0:ef:7e:c6:50:aa:
                    10:3d:75:0b:ac:3b:ec:21:5d:6c:58:4c:fa:5c:65:
                    f4:bc:c3:59:81:b1:c5:ad:c7:35:b0:f3:bb:f7:d6:
                    ef:d6:cd:7f:65:7b:0f:49:7b:ce:f8:2d:9a:b0:15:
                    b2:de:34:cc:bf:7e:c0:f6:b1:ae:95:7b:0d:5c:8e:
                    b0:6c:94:af:eb:bb:cc:c5:c8:3c:cc:b1:e8:06:f5:
                    7c:ca:1b:af:1e:ba:2a:7d:00:d6:5c:11:5f:e2:68:
                    1f:bb:bf:bc:ab:21:8b:7a:8b:fe:8e:24:90:34:ac:
                    d1:e5:5e:c0:cc:a8:48:f7:c9:5d:80:fc:19:f2:63:
                    c0:04:2d:7f:81:47:14:a9:6b:82:9f:3c:fc:04:09:
                    94:ad:28:83:ed:fd:32:6b:73:0a:1e:9b:8b:96:19:
                    c7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:68:CE:E1:33:DD:1A:8B:4C:12:92:5C:F6:30:8C:E9:1A:29:EE:6F
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e332e302f32342d3234203d3e20313337343039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:69:b1:d0:43:9e:c1:32:4f:cc:0f:02:ec:35:ea:70:16:dc:
         a6:f1:ca:7a:f8:ad:8d:a6:f7:bc:d2:3f:78:ab:54:6f:56:9b:
         a5:26:c9:34:e4:de:dd:ea:59:a2:85:1e:a2:79:ce:7a:1d:a0:
         8a:23:c9:7e:cf:9f:0c:ed:3f:8c:e3:62:ce:06:77:40:0b:4b:
         d9:65:31:e6:fa:37:6e:47:4a:22:c0:e1:a9:06:ad:96:06:f7:
         fe:ce:39:fa:79:a6:55:9b:20:97:b5:2f:11:7f:98:5e:e4:50:
         8e:69:19:e7:81:db:35:63:f9:89:b8:76:bb:1d:93:4f:2f:e5:
         1d:a2:37:ff:bf:d6:47:11:6e:3c:58:2e:01:97:33:de:30:1d:
         4b:04:31:5b:cf:6d:b0:16:75:15:8c:53:a8:bf:b3:7d:35:b8:
         c5:b2:d8:68:55:b5:c6:e2:cb:1c:b4:ae:d9:56:77:7a:76:f3:
         bb:bc:18:08:58:9d:1d:13:f9:0c:b5:e0:6d:a4:52:69:e2:c0:
         0a:76:69:27:d0:0c:f3:a2:59:e2:43:77:98:03:c4:79:8e:35:
         1c:9a:35:39:41:0b:6b:d8:a8:a8:48:6c:0b:b4:c8:8b:ef:1c:
         48:d3:2f:35:82:5a:59:44:48:1a:93:ac:95:bd:00:44:2f:aa:
         56:e0:09:ce
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHfqE1tU8kTrJ+qAGzFjkbChYJUowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKEZDNjhDRUUxMzNERDFBOEI0QzEyOTI1Q0Y2MzA4Q0U5MUEyOUVFNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIfXlJEm7SmORCnGBdjtJgZsa7
wmBPRCYcr6XcZKuCSGHLSPvl0OJDN2+p0QHkbMdtnVUOSe6L82veh/1fFGD7ifO5
4iXyyGk7ZN116vhXxWqzr0cqP2lWOSk30mPctGfcgvDvfsZQqhA9dQusO+whXWxY
TPpcZfS8w1mBscWtxzWw87v31u/WzX9lew9Je874LZqwFbLeNMy/fsD2sa6Vew1c
jrBslK/ru8zFyDzMsegG9XzKG68euip9ANZcEV/iaB+7v7yrIYt6i/6OJJA0rNHl
XsDMqEj3yV2A/BnyY8AELX+BRxSpa4KfPPwECZStKIPt/TJrcwoem4uWGcfFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/GjO4TPdGotMEpJc9jCM6Rop7m8wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
AzANBgkqhkiG9w0BAQsFAAOCAQEAZ2mx0EOewTJPzA8C7DXqcBbcpvHKevitjab3
vNI/eKtUb1abpSbJNOTe3epZooUeonnOeh2giiPJfs+fDO0/jONizgZ3QAtL2WUx
5vo3bkdKIsDhqQatlgb3/s45+nmmVZsgl7UvEX+YXuRQjmkZ54HbNWP5ibh2ux2T
Ty/lHaI3/7/WRxFuPFguAZcz3jAdSwQxW89tsBZ1FYxTqL+zfTW4xbLYaFW1xuLL
HLSu2VZ3enbzu7wYCFidHRP5DLXgbaRSaeLACnZpJ9AM86JZ4kN3mAPEeY41HJo1
OUELa9ioqEhsC7TIi+8cSNMvNYJaWURIGpOslb0ARC+qVuAJzg==
-----END CERTIFICATE-----