Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20313939313836.roa
File:                     38372e3235342e352e302f32342d3234203d3e20313939313836.roa (raw, json)
Hash identifier:          HZquRjrtVmHqbu4fPIBJgtIt3FEOMJfNRllTAEB2bxc=
Subject key identifier:   20:7D:65:20:F7:DA:1E:BB:A1:C8:CE:DF:41:B5:06:D2:F7:95:63:14
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       3FC928A1EEC92E4C6687C2D23069305484E89059
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20313939313836.roa
Signing time:             Fri 22 May 2026 11:15:55 +0000
ROA not before:           Fri 22 May 2026 11:10:55 +0000
ROA not after:            Fri 21 May 2027 11:15:55 +0000
asID:                     199186
IP address blocks:        87.254.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:c9:28:a1:ee:c9:2e:4c:66:87:c2:d2:30:69:30:54:84:e8:90:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May 22 11:10:55 2026 GMT
            Not After : May 21 11:15:55 2027 GMT
        Subject: CN=207D6520F7DA1EBBA1C8CEDF41B506D2F7956314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f4:ec:c1:26:a8:a8:7d:85:31:1f:fd:47:7d:
                    63:c7:2b:17:5f:d2:93:36:13:b3:59:c3:7a:1c:29:
                    58:2e:74:3c:c7:7d:75:8b:89:d5:17:f0:60:bf:17:
                    88:84:e2:c8:b0:48:d5:b8:61:d3:27:20:9f:03:c6:
                    43:88:c9:40:47:29:27:7e:ae:88:2e:87:f2:05:86:
                    71:54:51:96:c7:98:20:70:76:4c:04:70:c5:92:f3:
                    b7:2a:68:ad:49:a5:04:bf:52:10:7b:46:b9:2c:0e:
                    a6:93:6c:98:7c:1e:bb:77:8f:9f:93:39:dd:c9:70:
                    30:09:ff:de:13:90:ad:9b:93:7c:75:a7:b2:ef:73:
                    c4:ba:4b:1b:a5:30:78:44:a1:76:2a:43:c0:f1:dd:
                    97:a4:da:e8:5d:e6:c0:7a:7c:95:e1:d7:c4:22:43:
                    d8:43:02:12:de:30:be:df:73:f4:d6:5f:fa:02:c5:
                    5d:19:40:f3:9f:22:76:ce:ea:4f:65:bc:86:4a:c2:
                    71:9d:7d:9f:d0:ef:fd:5c:16:37:81:3f:76:15:d9:
                    c3:be:ec:94:36:fc:a3:52:c8:da:9d:88:9f:f3:95:
                    12:95:54:7f:79:89:6e:bb:f5:ca:a5:7f:48:02:ba:
                    3e:4c:72:19:01:af:c2:26:05:96:d1:ab:a5:6f:3e:
                    50:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7D:65:20:F7:DA:1E:BB:A1:C8:CE:DF:41:B5:06:D2:F7:95:63:14
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20313939313836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:81:d2:04:b1:76:48:5f:53:80:5c:21:7d:84:29:da:38:4a:
         70:0d:e7:5c:8e:95:c0:c3:fe:ee:a0:93:a2:32:6e:cf:84:62:
         ca:f5:e0:d9:96:c4:48:7d:6f:42:4d:ec:2e:9e:7a:0f:2a:e6:
         ae:15:4b:f2:70:65:6f:ce:52:5f:ce:dd:b1:15:32:a1:7b:2e:
         e0:11:2a:33:38:b8:0b:89:6e:42:82:9f:2a:dd:61:ce:f4:58:
         1a:08:a2:69:4d:e2:95:31:0c:11:a6:34:1e:e3:94:c4:fa:77:
         0a:a6:fd:f1:9e:b5:62:1a:12:d0:6f:4f:16:7d:a3:53:cc:8c:
         b5:3b:c4:46:df:b1:eb:80:ec:a6:30:a6:54:e2:f0:93:0c:2b:
         fd:d1:e0:aa:cd:5b:11:31:cd:59:bf:a2:f1:dd:b9:4f:ef:70:
         50:64:86:a3:ad:c1:49:e4:b4:36:74:a5:66:bd:00:02:5c:47:
         2a:db:c3:a7:ad:93:34:17:65:b8:e9:4d:ed:5e:f7:62:b1:6d:
         a4:06:67:53:ff:34:e7:5c:b6:ee:b9:17:3d:6f:f4:e7:a0:82:
         e3:82:62:39:e1:d4:2f:de:fd:ff:19:d2:aa:03:16:48:5d:db:
         3a:f8:3a:75:16:eb:f8:c0:de:bd:4e:d2:5f:9c:14:2f:e5:79:
         43:2c:81:b7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP8kooe7JLkxmh8LSMGkwVITokFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MjIxMTEwNTVaFw0yNzA1MjExMTE1NTVaMDMxMTAvBgNV
BAMTKDIwN0Q2NTIwRjdEQTFFQkJBMUM4Q0VERjQxQjUwNkQyRjc5NTYzMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz9OzBJqiofYUxH/1HfWPHKxdf
0pM2E7NZw3ocKVgudDzHfXWLidUX8GC/F4iE4siwSNW4YdMnIJ8DxkOIyUBHKSd+
roguh/IFhnFUUZbHmCBwdkwEcMWS87cqaK1JpQS/UhB7RrksDqaTbJh8Hrt3j5+T
Od3JcDAJ/94TkK2bk3x1p7Lvc8S6SxulMHhEoXYqQ8Dx3Zek2uhd5sB6fJXh18Qi
Q9hDAhLeML7fc/TWX/oCxV0ZQPOfInbO6k9lvIZKwnGdfZ/Q7/1cFjeBP3YV2cO+
7JQ2/KNSyNqdiJ/zlRKVVH95iW679cqlf0gCuj5MchkBr8ImBZbRq6VvPlDBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIH1lIPfaHruhyM7fQbUG0veVYxQwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzOTMxMzgzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
BTANBgkqhkiG9w0BAQsFAAOCAQEAnIHSBLF2SF9TgFwhfYQp2jhKcA3nXI6VwMP+
7qCTojJuz4RiyvXg2ZbESH1vQk3sLp56DyrmrhVL8nBlb85SX87dsRUyoXsu4BEq
Mzi4C4luQoKfKt1hzvRYGgiiaU3ilTEMEaY0HuOUxPp3Cqb98Z61YhoS0G9PFn2j
U8yMtTvERt+x64DspjCmVOLwkwwr/dHgqs1bETHNWb+i8d25T+9wUGSGo63BSeS0
NnSlZr0AAlxHKtvDp62TNBdluOlN7V73YrFtpAZnU/8051y27rkXPW/056CC44Ji
OeHUL979/xnSqgMWSF3bOvg6dRbr+MDevU7SX5wUL+V5QyyBtw==
-----END CERTIFICATE-----