Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3138382e302f32322d3234203d3e203634323637.roa
File:                     38302e38332e3138382e302f32322d3234203d3e203634323637.roa (raw, json)
Hash identifier:          usGVmfBSjshsI+jZ0UI5vbfRCtEIbFpWtlpk5JhJZu8=
Subject key identifier:   8B:CE:5F:B3:BD:62:70:D5:AE:3E:6A:FF:C2:D6:06:0E:0B:E4:63:BB
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       52A369FFB1628F597278BAD88C6703D19BF4ECA2
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3138382e302f32322d3234203d3e203634323637.roa
Signing time:             Fri 29 Aug 2025 08:14:30 +0000
ROA not before:           Fri 29 Aug 2025 08:09:30 +0000
ROA not after:            Fri 28 Aug 2026 08:14:30 +0000
asID:                     64267
IP address blocks:        80.83.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:a3:69:ff:b1:62:8f:59:72:78:ba:d8:8c:67:03:d1:9b:f4:ec:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:30 2025 GMT
            Not After : Aug 28 08:14:30 2026 GMT
        Subject: CN=8BCE5FB3BD6270D5AE3E6AFFC2D6060E0BE463BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:74:6c:2a:18:c6:e3:22:c0:ba:48:58:ac:d6:
                    9c:12:36:8e:b5:24:6c:cd:e2:b7:0f:32:75:1e:a0:
                    dd:51:0a:2a:26:3a:d2:43:a5:72:48:c1:eb:16:c4:
                    91:47:63:22:6b:97:d9:2f:d4:e0:c3:d0:90:d2:79:
                    33:d8:70:4f:1e:a3:4b:b6:e3:03:06:90:a4:20:92:
                    eb:b0:bb:88:27:eb:a4:9f:a8:04:88:41:7e:d4:81:
                    b6:21:71:84:5b:dc:a2:1f:a7:81:fc:ad:c3:9d:53:
                    6e:46:6c:01:a1:f0:27:f1:08:2c:2f:03:c6:2c:9c:
                    70:70:d9:25:4b:80:44:20:ae:61:a5:98:cd:1b:96:
                    a3:0c:c4:a8:9e:c9:bf:64:30:b4:ee:b1:d2:86:c5:
                    13:79:8a:af:2e:84:9d:77:84:7b:11:64:97:02:7c:
                    1b:3e:35:a7:96:94:8f:a1:8f:70:86:83:61:21:0e:
                    69:75:29:5b:b3:ec:df:46:94:62:58:7e:cf:cc:56:
                    11:78:9a:da:0a:3f:5d:0a:6d:33:f7:d6:5a:a7:5b:
                    36:7f:71:ca:2d:25:3a:3b:4a:55:76:88:6c:79:62:
                    eb:c7:37:99:c3:70:23:cc:b2:69:61:fb:e0:c1:7d:
                    4a:ae:66:43:2d:f9:9f:fb:61:c5:df:69:73:40:98:
                    fc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CE:5F:B3:BD:62:70:D5:AE:3E:6A:FF:C2:D6:06:0E:0B:E4:63:BB
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3138382e302f32322d3234203d3e203634323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:28:62:57:2d:b9:6e:94:ad:9d:b3:52:90:66:29:36:7c:b9:
         1b:1f:b8:79:f2:f7:da:41:1e:fe:ee:81:75:c2:f4:ee:91:5c:
         08:a0:3b:37:e3:1a:a2:b6:b3:02:1c:bf:ad:57:e0:9e:bb:37:
         bc:87:3d:81:0b:8b:9e:b9:dc:f9:f4:f0:6b:e1:14:86:47:d5:
         3f:56:76:17:81:53:83:b7:87:b0:0b:36:22:85:32:97:27:6b:
         f8:0f:e8:32:55:c5:f8:a2:10:9b:e6:7f:0e:7b:ab:21:eb:ee:
         5a:12:85:92:84:b2:77:ec:2f:2e:20:a6:83:f4:a0:f7:4a:aa:
         44:07:5f:73:24:a3:a5:c1:d1:78:92:f9:5d:3e:a5:d1:b9:35:
         c4:c3:96:27:9e:ae:25:ff:ee:58:ff:a7:16:46:00:0e:9a:b6:
         0f:85:8a:34:97:53:a0:46:ce:cd:f1:3d:72:70:ad:ac:45:a8:
         32:29:38:6b:20:2c:cc:3b:ab:df:c9:1e:f8:9b:e4:d8:8c:3e:
         7e:1e:86:b7:25:57:a8:39:af:bc:a2:93:81:99:8b:06:c0:d7:
         44:e7:b2:e8:16:0f:9b:7d:f1:b7:57:c0:2f:9d:74:77:e5:81:
         c5:13:2c:a9:5a:b6:fd:65:62:f9:97:67:23:b3:f0:3c:97:9a:
         38:b2:54:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUqNp/7Fij1lyeLrYjGcD0Zv07KIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MzBaFw0yNjA4MjgwODE0MzBaMDMxMTAvBgNV
BAMTKDhCQ0U1RkIzQkQ2MjcwRDVBRTNFNkFGRkMyRDYwNjBFMEJFNDYzQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpdGwqGMbjIsC6SFis1pwSNo61
JGzN4rcPMnUeoN1RCiomOtJDpXJIwesWxJFHYyJrl9kv1ODD0JDSeTPYcE8eo0u2
4wMGkKQgkuuwu4gn66SfqASIQX7UgbYhcYRb3KIfp4H8rcOdU25GbAGh8CfxCCwv
A8YsnHBw2SVLgEQgrmGlmM0blqMMxKieyb9kMLTusdKGxRN5iq8uhJ13hHsRZJcC
fBs+NaeWlI+hj3CGg2EhDml1KVuz7N9GlGJYfs/MVhF4mtoKP10KbTP31lqnWzZ/
ccotJTo7SlV2iGx5YuvHN5nDcCPMsmlh++DBfUquZkMt+Z/7YcXfaXNAmPwvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUi85fs71icNWuPmr/wtYGDgvkY7swHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzgzMDJlMzgzMzJlMzEzODM4
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzYzNDMyMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlBT
vDANBgkqhkiG9w0BAQsFAAOCAQEACShiVy25bpStnbNSkGYpNny5Gx+4efL32kEe
/u6BdcL07pFcCKA7N+MaorazAhy/rVfgnrs3vIc9gQuLnrnc+fTwa+EUhkfVP1Z2
F4FTg7eHsAs2IoUylydr+A/oMlXF+KIQm+Z/DnurIevuWhKFkoSyd+wvLiCmg/Sg
90qqRAdfcySjpcHReJL5XT6l0bk1xMOWJ56uJf/uWP+nFkYADpq2D4WKNJdToEbO
zfE9cnCtrEWoMik4ayAszDur38ke+Jvk2Iw+fh6GtyVXqDmvvKKTgZmLBsDXROey
6BYPm33xt1fAL510d+WBxRMsqVq2/WVi+ZdnI7PwPJeaOLJUPQ==
-----END CERTIFICATE-----