Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32332d3234203d3e20383334.roa
File:                     38372e3235342e362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          L7mkIiiG3ybT6NdjHrai5/78u1drGYjxIAEt1zGcxPI=
Subject key identifier:   C2:39:3E:33:F2:2D:CA:78:D3:65:0E:88:A3:05:C1:2E:19:E1:2F:91
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       014D274A55A5147110EB84EABE733F209104089F
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32332d3234203d3e20383334.roa
Signing time:             Tue 16 Jun 2026 10:18:05 +0000
ROA not before:           Tue 16 Jun 2026 10:13:05 +0000
ROA not after:            Tue 15 Jun 2027 10:18:05 +0000
asID:                     834
IP address blocks:        87.254.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:4d:27:4a:55:a5:14:71:10:eb:84:ea:be:73:3f:20:91:04:08:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Jun 16 10:13:05 2026 GMT
            Not After : Jun 15 10:18:05 2027 GMT
        Subject: CN=C2393E33F22DCA78D3650E88A305C12E19E12F91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f8:c4:5d:bd:c9:a6:11:2a:d8:2e:62:6a:76:
                    54:3b:31:e7:2e:a8:f2:f2:25:d7:20:65:98:a6:4b:
                    8b:ee:ac:a3:32:01:22:1d:46:02:75:67:5b:1b:38:
                    0c:b3:b1:4f:0b:d5:7c:7a:72:de:1c:be:b2:62:48:
                    b5:18:3e:ff:17:69:f8:0d:1d:c3:ae:16:3e:06:2a:
                    41:8d:d7:4a:e1:3c:56:03:7a:6a:a9:85:8a:98:40:
                    3c:df:dd:99:d4:94:7b:c3:4b:81:1c:30:bf:dd:06:
                    93:80:ad:f9:8e:88:23:d6:b0:c1:e7:6f:89:3d:c9:
                    d2:aa:e2:eb:0f:0c:70:f1:b6:26:9d:35:b6:5d:7e:
                    ec:73:8e:bd:de:f2:e7:1e:0e:19:df:4e:5c:ec:b2:
                    be:14:f9:c6:f2:ba:88:db:15:f2:70:e4:ec:11:af:
                    a6:5b:a8:ee:82:c5:cb:e2:c8:ed:5c:b3:ad:18:fa:
                    33:7e:4a:a2:5b:97:be:80:f3:f6:c1:f2:30:ed:a6:
                    09:5b:cc:db:d3:4e:d1:cc:11:1b:7c:1c:4a:c4:45:
                    82:e5:b2:7e:e7:db:43:9a:37:4d:db:62:68:0a:07:
                    62:15:04:a6:16:c3:73:5d:96:71:a3:d6:ff:50:2f:
                    6d:4e:28:d7:08:6d:61:f5:a4:75:ab:8c:26:db:6f:
                    af:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:39:3E:33:F2:2D:CA:78:D3:65:0E:88:A3:05:C1:2E:19:E1:2F:91
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:92:43:d6:8f:2a:35:b8:5b:c0:54:da:c9:37:0f:e4:1a:21:
         8c:35:43:d8:b2:1c:ed:e6:04:ef:77:e8:fe:42:b7:a0:43:cc:
         e3:3d:a3:53:09:6e:bb:f8:9b:65:26:c5:4d:4f:e2:ef:87:0b:
         f3:dd:4b:61:97:69:88:00:38:c8:7e:3c:5d:94:f2:56:4e:f0:
         7b:5e:74:f7:b3:80:a5:b3:39:33:9a:d2:87:a8:c4:8f:6a:4a:
         1d:a7:c1:8e:38:5d:64:0a:7f:82:2f:d1:3c:96:e9:6b:73:14:
         b4:cc:cc:a4:bd:a2:9b:a0:6f:1d:e6:bb:4e:5d:2f:bf:21:07:
         93:89:19:c6:4b:08:a6:43:2a:35:b5:1c:59:36:88:f2:48:e9:
         70:59:90:a4:7d:8a:34:b2:0d:c3:7c:ce:99:8c:4c:df:8e:69:
         b1:12:85:9c:50:8a:32:61:bf:c6:32:be:49:78:d0:14:8e:53:
         f8:16:e9:d9:32:7a:d0:d5:db:fe:d0:7e:59:31:0f:31:95:07:
         e0:16:c1:f3:26:6e:38:39:c3:01:9e:b2:21:1b:69:94:92:86:
         81:88:d5:2f:75:88:68:f8:ad:52:ff:de:4e:5c:ea:9f:4b:7a:
         c1:4f:1f:ab:4d:f1:1c:41:27:b8:67:18:87:44:88:ef:37:93:
         2e:fa:2b:c5
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUAU0nSlWlFHEQ64TqvnM/IJEECJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA2MTYxMDEzMDVaFw0yNzA2MTUxMDE4MDVaMDMxMTAvBgNV
BAMTKEMyMzkzRTMzRjIyRENBNzhEMzY1MEU4OEEzMDVDMTJFMTlFMTJGOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL+MRdvcmmESrYLmJqdlQ7Mecu
qPLyJdcgZZimS4vurKMyASIdRgJ1Z1sbOAyzsU8L1Xx6ct4cvrJiSLUYPv8XafgN
HcOuFj4GKkGN10rhPFYDemqphYqYQDzf3ZnUlHvDS4EcML/dBpOArfmOiCPWsMHn
b4k9ydKq4usPDHDxtiadNbZdfuxzjr3e8uceDhnfTlzssr4U+cbyuojbFfJw5OwR
r6ZbqO6CxcviyO1cs60Y+jN+SqJbl76A8/bB8jDtpglbzNvTTtHMERt8HErERYLl
sn7n20OaN03bYmgKB2IVBKYWw3NdlnGj1v9QL21OKNcIbWH1pHWrjCbbb6/PAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUwjk+M/ItynjTZQ6IowXBLhnhL5EwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVf+BjANBgkq
hkiG9w0BAQsFAAOCAQEAa5JD1o8qNbhbwFTayTcP5BohjDVD2LIc7eYE73fo/kK3
oEPM4z2jUwluu/ibZSbFTU/i74cL891LYZdpiAA4yH48XZTyVk7we15097OApbM5
M5rSh6jEj2pKHafBjjhdZAp/gi/RPJbpa3MUtMzMpL2im6BvHea7Tl0vvyEHk4kZ
xksIpkMqNbUcWTaI8kjpcFmQpH2KNLINw3zOmYxM345psRKFnFCKMmG/xjK+SXjQ
FI5T+Bbp2TJ60NXb/tB+WTEPMZUH4BbB8yZuODnDAZ6yIRtplJKGgYjVL3WIaPit
Uv/eTlzqn0t6wU8fq03xHEEnuGcYh0SI7zeTLvorxQ==
-----END CERTIFICATE-----