Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e382e302f32342d3234203d3e203633303233.roa
File:                     38372e3235342e382e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          yvC8qtTXjiLI2wGfbH1IrWAtdVVn7Rg1KD5mabaKrfI=
Subject key identifier:   3D:DD:ED:D0:B2:FB:A8:0C:61:BD:D0:A9:43:8B:4B:BF:1B:AE:77:3D
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       218B75649FEBD5B66A3790504D4E0C72A801B460
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e382e302f32342d3234203d3e203633303233.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     63023
IP address blocks:        87.254.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:8b:75:64:9f:eb:d5:b6:6a:37:90:50:4d:4e:0c:72:a8:01:b4:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=3DDDEDD0B2FBA80C61BDD0A9438B4BBF1BAE773D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a4:e6:a3:e5:2c:62:03:37:35:83:20:5f:cd:
                    8f:2f:7f:aa:e0:a4:2d:00:83:f5:bb:b1:13:4b:93:
                    b3:c8:ed:19:9d:4f:e2:b8:71:d9:00:b4:2d:b3:ef:
                    4f:5b:3a:e8:8d:8a:a0:6f:e2:65:a7:20:e4:39:f2:
                    1b:e5:d7:4e:4c:6e:ed:80:64:8f:6b:00:88:18:52:
                    ec:61:33:6c:a2:35:26:2a:73:32:7b:17:3b:e4:69:
                    9a:a3:5d:3f:dc:94:ba:ef:3f:f7:e9:d8:62:e0:03:
                    2d:3f:f7:21:0c:65:ab:6b:3c:5a:87:0e:1d:48:6e:
                    57:02:2b:ac:dc:fd:4d:96:d3:9d:3a:d2:44:87:37:
                    87:49:b2:78:8a:db:64:65:a0:cc:f1:bd:9e:6f:d1:
                    ec:91:f6:9e:6a:08:5d:ca:7c:79:f8:bf:06:25:2a:
                    68:21:43:38:66:94:73:49:75:1e:15:0f:ac:6e:7a:
                    98:81:5e:f0:b4:45:38:3f:13:53:f9:ea:f3:56:3e:
                    0e:5a:7d:56:2a:a1:84:27:d9:40:70:99:df:25:85:
                    18:7e:4d:5b:e5:b5:f2:9f:15:18:d1:46:46:40:80:
                    f1:94:d1:f4:d1:5b:5c:78:e3:bd:b8:a3:fd:1a:55:
                    c5:3e:21:ae:ff:fe:c3:a0:c8:f2:c5:b7:8b:a0:0f:
                    07:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:DD:ED:D0:B2:FB:A8:0C:61:BD:D0:A9:43:8B:4B:BF:1B:AE:77:3D
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e382e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:36:1f:c4:78:11:16:c7:65:e2:fc:2e:18:49:3f:bf:50:d7:
         58:76:0b:a9:08:e7:d1:60:d9:6c:8d:25:47:b5:89:d4:4c:12:
         a6:67:08:a7:2a:e8:b9:14:03:eb:c0:fa:c1:2d:70:50:f6:30:
         a8:1d:7a:62:a5:9e:00:51:41:65:48:4e:7a:e6:79:36:b3:e4:
         72:14:05:89:e7:ff:86:2d:ef:db:08:4f:33:ba:d2:55:bd:8f:
         f4:80:fd:8e:7f:50:c5:89:b6:fa:65:75:44:83:52:c0:4a:b7:
         f4:a2:ca:e1:2f:83:93:2b:49:ee:21:2c:a4:a9:a2:8c:64:59:
         f6:5b:6a:f1:86:26:d7:e4:12:74:4f:ba:ca:95:58:55:f3:fe:
         e5:3f:c7:3a:25:81:bb:e8:ac:55:af:0b:31:77:e1:cd:47:2d:
         93:8a:bf:19:f1:b7:53:2b:15:ca:d2:ad:cc:b7:61:24:47:7d:
         90:fd:b1:17:3e:3e:7e:69:47:a1:e8:ee:fe:00:6f:15:d5:15:
         8a:1a:b9:4d:0e:7f:cc:75:2f:bf:50:96:ee:e9:b6:9b:d8:b1:
         01:a7:af:c9:63:34:d3:ee:6e:91:43:a3:14:c0:c4:48:1a:b7:
         44:1f:94:53:e3:77:2d:ec:89:05:47:2e:80:06:71:5c:f8:f8:
         20:88:59:4c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIYt1ZJ/r1bZqN5BQTU4McqgBtGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKDNERERFREQwQjJGQkE4MEM2MUJERDBBOTQzOEI0QkJGMUJBRTc3M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfpOaj5SxiAzc1gyBfzY8vf6rg
pC0Ag/W7sRNLk7PI7RmdT+K4cdkAtC2z709bOuiNiqBv4mWnIOQ58hvl105Mbu2A
ZI9rAIgYUuxhM2yiNSYqczJ7FzvkaZqjXT/clLrvP/fp2GLgAy0/9yEMZatrPFqH
Dh1IblcCK6zc/U2W05060kSHN4dJsniK22RloMzxvZ5v0eyR9p5qCF3KfHn4vwYl
KmghQzhmlHNJdR4VD6xuepiBXvC0RTg/E1P56vNWPg5afVYqoYQn2UBwmd8lhRh+
TVvltfKfFRjRRkZAgPGU0fTRW1x44724o/0aVcU+Ia7//sOgyPLFt4ugDwdxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPd3t0LL7qAxhvdCpQ4tLvxuudz0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzMDMyMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX/ggw
DQYJKoZIhvcNAQELBQADggEBAKk2H8R4ERbHZeL8LhhJP79Q11h2C6kI59Fg2WyN
JUe1idRMEqZnCKcq6LkUA+vA+sEtcFD2MKgdemKlngBRQWVITnrmeTaz5HIUBYnn
/4Yt79sITzO60lW9j/SA/Y5/UMWJtvpldUSDUsBKt/SiyuEvg5MrSe4hLKSpooxk
WfZbavGGJtfkEnRPusqVWFXz/uU/xzolgbvorFWvCzF34c1HLZOKvxnxt1MrFcrS
rcy3YSRHfZD9sRc+Pn5pR6Ho7v4AbxXVFYoauU0Of8x1L79Qlu7ptpvYsQGnr8lj
NNPubpFDoxTAxEgat0QflFPjdy3siQVHLoAGcVz4+CCIWUw=
-----END CERTIFICATE-----