Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e392e302f32342d3234203d3e20313534303439.roa
File:                     38372e3235342e392e302f32342d3234203d3e20313534303439.roa (raw, json)
Hash identifier:          Hq9PYTOQCseLfaxNiEXnFMG4fnzCVo7PsWTjAFrRtkw=
Subject key identifier:   15:BB:5A:88:77:74:20:60:43:B8:C9:F9:AD:35:02:04:76:FF:19:30
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       0D6276156A4AE1F1A971B38DAC51D263BE0F6C72
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e392e302f32342d3234203d3e20313534303439.roa
Signing time:             Mon 02 Mar 2026 11:38:38 +0000
ROA not before:           Mon 02 Mar 2026 11:33:38 +0000
ROA not after:            Mon 01 Mar 2027 11:38:38 +0000
asID:                     154049
IP address blocks:        87.254.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:62:76:15:6a:4a:e1:f1:a9:71:b3:8d:ac:51:d2:63:be:0f:6c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:38 2026 GMT
            Not After : Mar  1 11:38:38 2027 GMT
        Subject: CN=15BB5A887774206043B8C9F9AD35020476FF1930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:08:ba:38:68:cc:02:1b:1f:2b:d0:45:78:1b:
                    fe:8b:56:4e:8f:20:c9:47:0c:44:a3:5e:9d:a5:8c:
                    19:b2:c1:f4:46:6f:7e:33:84:21:be:b2:a5:62:9b:
                    e1:17:e1:cf:63:b8:ac:f2:28:a6:56:3b:2e:bd:0f:
                    7f:79:df:95:39:b9:c5:2f:21:4c:40:e2:4c:d2:34:
                    4a:4c:71:bc:8b:8c:28:33:f3:05:6d:35:5c:06:96:
                    c2:ed:9f:34:72:03:b4:86:0b:12:c8:9b:4d:a8:38:
                    f0:b9:fb:09:33:a0:a5:7a:5c:95:6a:70:d7:f3:20:
                    04:19:4c:e0:fd:63:2b:f9:d0:c1:7d:75:d1:71:8b:
                    bb:2a:98:44:65:29:b6:a3:ab:6a:59:f4:db:b5:8d:
                    fb:0c:76:15:43:1c:d9:52:ee:15:4f:3a:5f:a1:d6:
                    29:99:e5:b0:47:19:af:3e:e7:a3:56:5a:d4:2e:7c:
                    fb:30:89:4a:3e:fe:55:0e:cc:c4:e5:77:37:bc:7e:
                    b0:6c:b6:cc:78:01:99:15:42:16:fe:e7:aa:f1:6e:
                    47:65:d0:96:d3:2d:0a:30:94:c0:dd:a0:07:19:d8:
                    24:94:43:c5:69:9a:a5:2d:72:33:23:57:4b:8f:85:
                    83:c6:1a:8c:cd:78:85:6c:18:ba:b8:9a:1c:ac:61:
                    57:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:BB:5A:88:77:74:20:60:43:B8:C9:F9:AD:35:02:04:76:FF:19:30
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e392e302f32342d3234203d3e20313534303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:46:8a:06:2a:f9:26:cc:42:70:88:ea:8a:3c:d5:8f:0c:14:
         5e:b4:48:dd:0f:29:91:8d:5b:11:e4:09:0c:d2:23:53:fd:28:
         88:db:54:31:25:40:9e:03:24:12:df:d7:c4:f9:ba:da:36:05:
         db:53:a5:4c:ec:f2:00:6f:e7:9b:a4:ce:7f:8e:11:64:f9:e2:
         b7:5c:d3:09:80:aa:b5:90:99:2c:8b:2d:c0:73:eb:04:b9:8f:
         d9:23:1f:c3:3c:4c:55:04:13:42:e3:1d:e1:dc:4e:b7:2a:8f:
         99:34:56:fb:0f:d2:cf:5f:3b:b5:52:d5:2f:47:dc:c5:13:53:
         48:8e:1e:9f:0a:35:58:f9:3c:a5:08:ed:17:77:6d:de:ae:eb:
         cc:9a:e3:6e:8e:62:8c:05:79:bc:a9:03:f9:3a:6d:8c:1b:32:
         2d:4d:b0:9b:72:d4:80:da:45:ad:c5:7e:62:b0:9f:fe:d9:03:
         02:f3:2e:53:eb:d0:fe:14:9e:9a:e8:7e:e6:6e:f9:9d:c2:b0:
         3f:bd:09:d6:72:07:fe:ce:62:95:14:4c:63:b9:6b:95:bc:d5:
         8a:41:ed:60:93:56:a6:e0:05:01:94:7b:06:f0:a8:10:14:40:
         31:a8:19:f4:68:cf:58:59:85:51:59:ae:1f:e0:02:f2:10:ab:
         2f:18:6a:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDWJ2FWpK4fGpcbONrFHSY74PbHIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzhaFw0yNzAzMDExMTM4MzhaMDMxMTAvBgNV
BAMTKDE1QkI1QTg4Nzc3NDIwNjA0M0I4QzlGOUFEMzUwMjA0NzZGRjE5MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJCLo4aMwCGx8r0EV4G/6LVk6P
IMlHDESjXp2ljBmywfRGb34zhCG+sqVim+EX4c9juKzyKKZWOy69D39535U5ucUv
IUxA4kzSNEpMcbyLjCgz8wVtNVwGlsLtnzRyA7SGCxLIm02oOPC5+wkzoKV6XJVq
cNfzIAQZTOD9Yyv50MF9ddFxi7sqmERlKbajq2pZ9Nu1jfsMdhVDHNlS7hVPOl+h
1imZ5bBHGa8+56NWWtQufPswiUo+/lUOzMTldze8frBstsx4AZkVQhb+56rxbkdl
0JbTLQowlMDdoAcZ2CSUQ8VpmqUtcjMjV0uPhYPGGozNeIVsGLq4mhysYVcVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFbtaiHd0IGBDuMn5rTUCBHb/GTAwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzNDMwMzQzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
CTANBgkqhkiG9w0BAQsFAAOCAQEATkaKBir5JsxCcIjqijzVjwwUXrRI3Q8pkY1b
EeQJDNIjU/0oiNtUMSVAngMkEt/XxPm62jYF21OlTOzyAG/nm6TOf44RZPnit1zT
CYCqtZCZLIstwHPrBLmP2SMfwzxMVQQTQuMd4dxOtyqPmTRW+w/Sz187tVLVL0fc
xRNTSI4enwo1WPk8pQjtF3dt3q7rzJrjbo5ijAV5vKkD+TptjBsyLU2wm3LUgNpF
rcV+YrCf/tkDAvMuU+vQ/hSemuh+5m75ncKwP70J1nIH/s5ilRRMY7lrlbzVikHt
YJNWpuAFAZR7BvCoEBRAMagZ9GjPWFmFUVmuH+AC8hCrLxhqQg==
-----END CERTIFICATE-----