Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38107.roa
File:                     AS38107.roa (raw, json)
Hash identifier:          K+QOLGwXiNCj+O+f9k3uKtYytfMrWtCxtXtesOXlZ5U=
Subject key identifier:   F8:47:13:85:B3:FC:2D:29:8D:90:84:86:AF:77:1A:47:30:F4:DF:6B
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2EAB5C9E1C7059851C68C8F616E6E687AC9285DC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38107.roa
Signing time:             Wed 18 Mar 2026 03:46:48 +0000
ROA not before:           Wed 18 Mar 2026 03:41:48 +0000
ROA not after:            Wed 17 Mar 2027 03:46:48 +0000
asID:                     38107
IP address blocks:        141.11.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 17:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ab:5c:9e:1c:70:59:85:1c:68:c8:f6:16:e6:e6:87:ac:92:85:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 18 03:41:48 2026 GMT
            Not After : Mar 17 03:46:48 2027 GMT
        Subject: CN=F8471385B3FC2D298D908486AF771A4730F4DF6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e4:6f:dc:7b:e6:a8:50:8e:e9:4f:a8:c9:f5:
                    fd:88:99:e0:50:dd:6a:c1:11:f4:80:b3:5e:2e:e6:
                    a2:4f:fd:4a:a0:26:f8:47:12:39:e3:2c:ac:31:cc:
                    58:bc:54:e7:18:e3:d0:42:d8:97:a2:e2:4e:5d:8e:
                    b6:f7:b9:07:1c:ce:bf:1f:b9:f9:d9:d7:0c:8e:42:
                    09:95:44:17:c7:1d:f6:cc:5e:d4:25:d5:fc:f9:a9:
                    ba:4d:3a:db:37:4a:85:ee:30:0c:18:91:21:76:72:
                    d7:65:ca:80:40:e8:64:09:4c:84:15:a1:4e:a3:13:
                    d7:89:23:bf:2c:b8:90:31:bb:6e:e9:24:56:6e:c7:
                    b3:95:ab:ea:1c:bf:99:27:1e:3b:3a:8b:b1:d7:af:
                    8f:34:7d:5c:89:8d:d7:74:fe:da:08:e5:c2:be:6f:
                    4c:cb:f6:7d:ba:d9:63:18:00:97:0f:f2:b3:ed:d7:
                    cc:3b:79:7f:84:e9:77:42:dd:7a:a1:09:77:b9:a0:
                    e0:eb:6c:0f:d7:31:78:b3:be:a0:a0:2a:b3:2c:ae:
                    90:f9:e0:29:3b:a2:ac:be:8f:a6:ac:71:da:27:6a:
                    60:c0:17:4d:04:2b:51:31:75:9a:fe:33:e2:2a:cc:
                    59:1e:bd:8b:15:2d:10:25:5a:04:4d:27:8d:09:6a:
                    1c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:47:13:85:B3:FC:2D:29:8D:90:84:86:AF:77:1A:47:30:F4:DF:6B
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS38107.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:0c:5f:35:cb:04:f6:25:7c:91:74:ea:ab:53:4d:f4:0c:d7:
         04:a7:de:75:be:8b:9e:41:c5:b0:e2:63:3f:35:77:86:77:95:
         4a:8d:88:08:35:9b:0c:3e:cc:03:c9:65:73:e9:da:b4:95:d1:
         5a:df:13:46:50:41:61:f6:78:0a:62:e8:b8:bf:ac:49:76:54:
         43:a3:55:65:36:21:da:67:86:fd:80:2f:7c:34:37:39:f2:0b:
         22:16:fb:84:c3:9d:cb:2e:61:86:7d:d6:22:f6:39:71:be:49:
         39:f5:9e:35:f1:cd:20:26:52:8c:41:5c:e3:40:30:b6:28:c8:
         6c:6b:a7:d8:ff:ad:3f:05:3e:3a:02:c7:d9:0f:1d:01:d5:20:
         52:d2:da:45:29:a2:ba:54:18:e9:30:e2:9a:ac:86:51:fa:19:
         8e:f2:13:41:7f:88:8f:7f:41:fc:27:7b:b9:e2:53:b9:f7:16:
         f2:a2:91:18:c3:14:4d:66:b5:ec:e0:d1:9a:6e:1e:8f:86:fb:
         48:11:55:7b:75:ed:fd:f1:e0:03:0d:f1:86:a7:7f:41:97:fe:
         74:2a:e9:c2:8b:80:48:5f:67:22:c7:2b:7c:4a:0a:82:70:fb:
         06:dc:71:d2:ea:49:ed:e8:71:d3:fb:dc:80:a6:24:69:fa:cb:
         d1:7e:1b:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULqtcnhxwWYUcaMj2Fubmh6yShdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTgwMzQxNDhaFw0yNzAzMTcwMzQ2NDhaMDMxMTAvBgNV
BAMTKEY4NDcxMzg1QjNGQzJEMjk4RDkwODQ4NkFGNzcxQTQ3MzBGNERGNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ5G/ce+aoUI7pT6jJ9f2ImeBQ
3WrBEfSAs14u5qJP/UqgJvhHEjnjLKwxzFi8VOcY49BC2Jei4k5djrb3uQcczr8f
ufnZ1wyOQgmVRBfHHfbMXtQl1fz5qbpNOts3SoXuMAwYkSF2ctdlyoBA6GQJTIQV
oU6jE9eJI78suJAxu27pJFZux7OVq+ocv5knHjs6i7HXr480fVyJjdd0/toI5cK+
b0zL9n262WMYAJcP8rPt18w7eX+E6XdC3XqhCXe5oODrbA/XMXizvqCgKrMsrpD5
4Ck7oqy+j6ascdonamDAF00EK1ExdZr+M+IqzFkevYsVLRAlWgRNJ40JahylAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+EcThbP8LSmNkISGr3caRzD032swHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzgxMDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCwkw
DQYJKoZIhvcNAQELBQADggEBADgMXzXLBPYlfJF06qtTTfQM1wSn3nW+i55BxbDi
Yz81d4Z3lUqNiAg1mww+zAPJZXPp2rSV0VrfE0ZQQWH2eApi6Li/rEl2VEOjVWU2
Idpnhv2AL3w0NznyCyIW+4TDncsuYYZ91iL2OXG+STn1njXxzSAmUoxBXONAMLYo
yGxrp9j/rT8FPjoCx9kPHQHVIFLS2kUporpUGOkw4pqshlH6GY7yE0F/iI9/Qfwn
e7niU7n3FvKikRjDFE1mtezg0ZpuHo+G+0gRVXt17f3x4AMN8Yanf0GX/nQq6cKL
gEhfZyLHK3xKCoJw+wbccdLqSe3ocdP73ICmJGn6y9F+G5E=
-----END CERTIFICATE-----