Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32342d3234203d3e20343032323938.roa
File:                     38372e3235342e342e302f32342d3234203d3e20343032323938.roa (raw, json)
Hash identifier:          kxeMyddAMpYGi3Jm4PuMlOkbS97uwx/9FcMzLNbKvSU=
Subject key identifier:   54:60:12:27:4B:48:C7:10:57:90:8C:A9:54:FE:BF:0A:60:85:5E:DF
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       51B22D268969605DA5EC7C74E2AEE3AAAF5AB571
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32342d3234203d3e20343032323938.roa
Signing time:             Wed 29 Apr 2026 16:44:51 +0000
ROA not before:           Wed 29 Apr 2026 16:39:51 +0000
ROA not after:            Wed 28 Apr 2027 16:44:51 +0000
asID:                     402298
IP address blocks:        87.254.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 14:07:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:b2:2d:26:89:69:60:5d:a5:ec:7c:74:e2:ae:e3:aa:af:5a:b5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Apr 29 16:39:51 2026 GMT
            Not After : Apr 28 16:44:51 2027 GMT
        Subject: CN=546012274B48C71057908CA954FEBF0A60855EDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:dd:19:e8:ef:1c:39:bf:6a:16:8e:23:d7:c2:
                    d7:45:be:f1:f6:9e:74:51:1d:42:f9:97:a3:23:31:
                    ff:fa:5f:b7:0d:f8:ca:01:48:f9:62:4e:f5:8c:be:
                    cc:c2:29:ca:c3:90:7c:cc:ef:b5:01:31:d9:6a:57:
                    38:b6:5f:2c:69:da:7b:9c:0f:ab:a9:86:1f:d4:fe:
                    ed:c9:83:31:c2:8f:af:9a:c3:54:94:84:80:5e:8d:
                    fd:4d:4a:55:57:a1:97:87:76:53:6b:b2:e0:e1:88:
                    46:e0:ae:fc:d1:4f:6b:a5:be:c8:c9:68:a6:8d:dd:
                    a5:bc:82:0a:26:5f:d1:8e:15:8f:cf:4e:0b:be:13:
                    c4:2c:92:0e:fe:38:2f:82:61:c0:54:db:e7:7a:15:
                    cf:81:0c:8e:16:85:ff:a3:4a:bf:dc:a1:d1:b1:04:
                    6a:3b:8a:6f:60:94:42:13:5a:5a:49:15:a9:03:84:
                    25:ad:30:7c:b6:b3:29:ad:ba:c0:0a:38:b3:82:d3:
                    90:90:63:5e:5d:8a:60:52:f2:fc:a0:bb:9e:85:f7:
                    a1:4d:5d:76:e7:82:8a:c4:21:91:fd:9a:ad:61:9c:
                    88:c8:26:10:be:6d:22:11:61:fc:3b:72:41:e1:ce:
                    3b:fc:8a:14:71:1e:89:41:29:17:bb:59:42:cb:06:
                    51:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:60:12:27:4B:48:C7:10:57:90:8C:A9:54:FE:BF:0A:60:85:5E:DF
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32342d3234203d3e20343032323938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:68:ba:97:b1:91:d5:d4:8e:a3:ca:de:bb:00:e4:c6:78:c2:
         cb:4e:ae:f2:a3:cf:16:03:c0:e1:a3:c4:d2:a1:91:d9:db:f3:
         7c:19:82:99:4b:e5:aa:d2:bf:8c:59:51:88:9b:56:82:1f:98:
         e4:31:78:fe:03:6e:3f:a4:17:3e:76:5b:ca:5d:96:1d:72:1e:
         2d:56:ad:46:cd:c8:71:98:cf:da:a3:78:e1:cd:67:fe:18:6d:
         41:ca:fd:a5:02:a2:dc:a2:da:1c:2d:7b:72:36:bb:18:e2:26:
         c3:5d:8f:1c:a3:c4:2d:a2:bc:5f:b5:9d:98:0d:45:80:86:3d:
         70:34:f4:67:3c:d6:6d:9a:6a:33:df:72:53:9d:04:d5:40:84:
         33:11:35:8b:29:f9:65:08:5f:18:d3:c3:a9:09:d5:d3:bd:78:
         c9:fa:15:37:dc:9d:3c:46:c2:95:cc:28:77:8a:5e:15:2d:28:
         7c:16:12:8e:cd:7c:bd:cb:a0:1b:64:1b:fc:72:fa:52:c1:65:
         9f:34:29:be:7a:f6:8b:39:7e:fa:1c:16:4d:46:06:c3:71:ff:
         b3:06:6d:da:4e:5f:fb:88:40:cb:71:8c:ee:b2:9c:1f:22:19:
         38:04:24:88:d0:a0:59:16:47:2e:05:3f:7f:6c:86:1b:7a:33:
         09:49:8e:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUbItJolpYF2l7Hx04q7jqq9atXEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjkxNjM5NTFaFw0yNzA0MjgxNjQ0NTFaMDMxMTAvBgNV
BAMTKDU0NjAxMjI3NEI0OEM3MTA1NzkwOENBOTU0RkVCRjBBNjA4NTVFREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ3Rno7xw5v2oWjiPXwtdFvvH2
nnRRHUL5l6MjMf/6X7cN+MoBSPliTvWMvszCKcrDkHzM77UBMdlqVzi2Xyxp2nuc
D6uphh/U/u3JgzHCj6+aw1SUhIBejf1NSlVXoZeHdlNrsuDhiEbgrvzRT2ulvsjJ
aKaN3aW8ggomX9GOFY/PTgu+E8Qskg7+OC+CYcBU2+d6Fc+BDI4Whf+jSr/codGx
BGo7im9glEITWlpJFakDhCWtMHy2symtusAKOLOC05CQY15dimBS8vygu56F96FN
XXbngorEIZH9mq1hnIjIJhC+bSIRYfw7ckHhzjv8ihRxHolBKRe7WULLBlGnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVGASJ0tIxxBXkIypVP6/CmCFXt8wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
BDANBgkqhkiG9w0BAQsFAAOCAQEAG2i6l7GR1dSOo8reuwDkxnjCy06u8qPPFgPA
4aPE0qGR2dvzfBmCmUvlqtK/jFlRiJtWgh+Y5DF4/gNuP6QXPnZbyl2WHXIeLVat
Rs3IcZjP2qN44c1n/hhtQcr9pQKi3KLaHC17cja7GOImw12PHKPELaK8X7WdmA1F
gIY9cDT0ZzzWbZpqM99yU50E1UCEMxE1iyn5ZQhfGNPDqQnV0714yfoVN9ydPEbC
lcwod4peFS0ofBYSjs18vcugG2Qb/HL6UsFlnzQpvnr2izl++hwWTUYGw3H/swZt
2k5f+4hAy3GM7rKcHyIZOAQkiNCgWRZHLgU/f2yGG3ozCUmOpA==
-----END CERTIFICATE-----