Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/38332e3135302e3231362e302f32342d3234203d3e20383334.roa
File:                     38332e3135302e3231362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          yIerDS3BnxCTxkZm2IubfaXiz5eohPBi/h93FaQmFsw=
Subject key identifier:   F1:5B:75:8B:0C:2F:3B:7D:B9:2F:B7:1C:9E:8D:8E:DF:5D:A2:8C:00
Certificate issuer:       /CN=5e5179bb1757068d7028510feeb1177aa7cc8818
Certificate serial:       6D2B2AB1B53F6B84CCBDC5228A5A46EC959101C5
Authority key identifier: 5E:51:79:BB:17:57:06:8D:70:28:51:0F:EE:B1:17:7A:A7:CC:88:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XlF5uxdXBo1wKFEP7rEXeqfMiBg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/38332e3135302e3231362e302f32342d3234203d3e20383334.roa
Signing time:             Fri 27 Mar 2026 15:34:55 +0000
ROA not before:           Fri 27 Mar 2026 15:29:55 +0000
ROA not after:            Fri 26 Mar 2027 15:34:55 +0000
asID:                     834
IP address blocks:        83.150.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/5E5179BB1757068D7028510FEEB1177AA7CC8818.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/5E5179BB1757068D7028510FEEB1177AA7CC8818.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XlF5uxdXBo1wKFEP7rEXeqfMiBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 14:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:2b:2a:b1:b5:3f:6b:84:cc:bd:c5:22:8a:5a:46:ec:95:91:01:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e5179bb1757068d7028510feeb1177aa7cc8818
        Validity
            Not Before: Mar 27 15:29:55 2026 GMT
            Not After : Mar 26 15:34:55 2027 GMT
        Subject: CN=F15B758B0C2F3B7DB92FB71C9E8D8EDF5DA28C00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b5:0f:87:35:e6:6a:48:71:a6:c2:ad:f5:b9:
                    22:2a:d1:72:1f:3e:f8:56:f3:7c:21:b0:a0:61:1e:
                    3a:03:5c:57:0b:c1:a5:29:fc:d0:fa:67:64:0c:1f:
                    cf:a4:71:ac:7a:1f:07:17:5a:cb:b4:78:f6:e3:8c:
                    8a:04:fd:50:17:22:30:00:de:14:bf:57:14:34:84:
                    48:e6:95:bb:4e:a6:d1:c3:30:ec:81:e2:d1:0c:d9:
                    7f:f9:6a:80:31:1c:50:91:3f:2c:bf:ed:bd:81:e4:
                    e6:fd:9f:8e:ef:e9:a7:89:3a:6e:9c:8b:5c:c2:7d:
                    d3:88:49:9c:c0:fb:55:80:39:c9:b9:79:1a:ae:97:
                    ee:f5:0f:06:26:e6:32:68:4a:25:b5:c9:69:99:3a:
                    99:b0:aa:90:88:49:4a:ef:00:a9:51:af:81:8c:62:
                    24:c3:ed:84:23:79:53:12:d7:29:dd:2d:be:a5:34:
                    45:0b:fa:d9:30:e1:d3:db:87:fb:aa:42:e2:e5:ac:
                    0e:28:ca:1f:3f:e6:e2:db:37:73:39:c5:e6:fd:ae:
                    59:81:77:00:b8:ee:38:51:80:3f:2e:60:73:a4:75:
                    e2:06:6b:5c:d0:40:73:02:44:68:3a:11:45:0f:ab:
                    4b:a9:8c:4f:cd:8d:e0:9e:a4:37:bf:37:37:c9:e4:
                    53:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:5B:75:8B:0C:2F:3B:7D:B9:2F:B7:1C:9E:8D:8E:DF:5D:A2:8C:00
            X509v3 Authority Key Identifier:
                keyid:5E:51:79:BB:17:57:06:8D:70:28:51:0F:EE:B1:17:7A:A7:CC:88:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/5E5179BB1757068D7028510FEEB1177AA7CC8818.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XlF5uxdXBo1wKFEP7rEXeqfMiBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/83e4757f-d37f-4fd6-a69b-d74bdd6b87dc/0/38332e3135302e3231362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:58:d4:ba:a2:0e:2b:2d:7d:3f:c9:2b:0c:41:c8:5a:11:0b:
         ee:1d:f0:ea:ac:d7:e9:93:83:4c:01:32:32:ab:d6:fc:10:8c:
         b4:89:26:e4:b7:9a:3a:8b:84:2d:71:1d:60:29:34:e6:aa:d3:
         de:73:f8:34:5a:15:7a:27:6d:63:bb:41:f0:66:85:1f:c7:25:
         5e:c9:2f:1e:77:6b:ed:15:b9:3b:03:9a:61:cd:32:a1:4c:37:
         30:98:1e:50:1e:74:ec:2c:0c:fd:a5:7c:ed:75:cd:fc:cb:12:
         45:f7:03:be:fd:74:fc:4d:7e:71:d5:12:d4:da:e8:60:54:ed:
         29:11:24:e8:95:70:3c:0a:b2:57:4c:1c:4f:b8:0f:75:a7:e6:
         f3:64:33:6f:d6:fe:3a:b6:c2:1e:ea:7a:00:9f:70:dd:c4:f5:
         f3:6f:17:d9:50:ef:f9:a6:65:50:b1:de:14:5e:14:e5:a8:0b:
         42:cc:11:e8:80:03:56:62:2a:9d:b1:b6:95:9d:c1:5b:a5:e8:
         9c:cb:bb:e8:23:3a:31:ce:3c:5c:39:d3:0e:bf:a6:9d:05:93:
         0d:99:6e:93:2a:e5:74:42:07:b2:17:e7:37:e9:e7:f3:f5:e9:
         2c:ab:4d:5e:7f:25:ce:51:29:75:29:93:9e:dc:a7:b7:6a:8d:
         1e:d6:75:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbSsqsbU/a4TMvcUiilpG7JWRAcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWU1MTc5YmIxNzU3MDY4ZDcwMjg1MTBmZWViMTE3N2Fh
N2NjODgxODAeFw0yNjAzMjcxNTI5NTVaFw0yNzAzMjYxNTM0NTVaMDMxMTAvBgNV
BAMTKEYxNUI3NThCMEMyRjNCN0RCOTJGQjcxQzlFOEQ4RURGNURBMjhDMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6tQ+HNeZqSHGmwq31uSIq0XIf
PvhW83whsKBhHjoDXFcLwaUp/ND6Z2QMH8+kcax6HwcXWsu0ePbjjIoE/VAXIjAA
3hS/VxQ0hEjmlbtOptHDMOyB4tEM2X/5aoAxHFCRPyy/7b2B5Ob9n47v6aeJOm6c
i1zCfdOISZzA+1WAOcm5eRqul+71DwYm5jJoSiW1yWmZOpmwqpCISUrvAKlRr4GM
YiTD7YQjeVMS1yndLb6lNEUL+tkw4dPbh/uqQuLlrA4oyh8/5uLbN3M5xeb9rlmB
dwC47jhRgD8uYHOkdeIGa1zQQHMCRGg6EUUPq0upjE/NjeCepDe/NzfJ5FOfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU8Vt1iwwvO325L7ccno2O312ijAAwHwYDVR0j
BBgwFoAUXlF5uxdXBo1wKFEP7rEXeqfMiBgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODNlNDc1N2YtZDM3Zi00ZmQ2LWE2OWItZDc0YmRkNmI4
N2RjLzAvNUU1MTc5QkIxNzU3MDY4RDcwMjg1MTBGRUVCMTE3N0FBN0NDODgxOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hsRjV1eGRYQm8xd0tGRVA3ckVYZXFm
TWlCZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODNlNDc1N2Yt
ZDM3Zi00ZmQ2LWE2OWItZDc0YmRkNmI4N2RjLzAvMzgzMzJlMzEzNTMwMmUzMjMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABTltgw
DQYJKoZIhvcNAQELBQADggEBADZY1LqiDistfT/JKwxByFoRC+4d8Oqs1+mTg0wB
MjKr1vwQjLSJJuS3mjqLhC1xHWApNOaq095z+DRaFXonbWO7QfBmhR/HJV7JLx53
a+0VuTsDmmHNMqFMNzCYHlAedOwsDP2lfO11zfzLEkX3A779dPxNfnHVEtTa6GBU
7SkRJOiVcDwKsldMHE+4D3Wn5vNkM2/W/jq2wh7qegCfcN3E9fNvF9lQ7/mmZVCx
3hReFOWoC0LMEeiAA1ZiKp2xtpWdwVul6JzLu+gjOjHOPFw50w6/pp0Fkw2ZbpMq
5XRCB7IX5zfp5/P16SyrTV5/Jc5RKXUpk57cp7dqjR7WdRo=
-----END CERTIFICATE-----