Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230382e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3230382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          lkm7zrT4wXXqMAUtw9ghi2e/4UQsftwUsW+tEd0i0ss=
Subject key identifier:   19:7B:E3:8B:9B:78:09:DE:C3:AE:8F:F5:79:45:6A:C3:5E:E6:5E:97
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       2E468B5E1CBC57BDE220AA65BB87422008BC8B5C
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230382e302f32342d3234203d3e20383334.roa
Signing time:             Thu 14 May 2026 00:04:28 +0000
ROA not before:           Wed 13 May 2026 23:59:28 +0000
ROA not after:            Thu 13 May 2027 00:04:28 +0000
asID:                     834
IP address blocks:        85.237.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 15 May 2026 19:49:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:46:8b:5e:1c:bc:57:bd:e2:20:aa:65:bb:87:42:20:08:bc:8b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: May 13 23:59:28 2026 GMT
            Not After : May 13 00:04:28 2027 GMT
        Subject: CN=197BE38B9B7809DEC3AE8FF579456AC35EE65E97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:3a:de:2e:9a:4a:13:bc:55:d5:3a:1b:88:
                    a4:0d:a3:9b:3e:93:7d:83:11:ad:52:72:7e:3e:d5:
                    f7:75:b4:91:9c:d9:78:53:98:d5:2f:58:e8:f2:fb:
                    a7:6e:ac:0a:bf:da:86:fe:4d:d9:24:84:e2:4b:23:
                    ca:5a:65:45:0c:82:a5:d5:70:d5:99:fc:8d:5b:1a:
                    07:c4:64:0e:32:35:2f:af:5f:fb:33:79:6f:23:78:
                    94:d9:43:af:3a:50:a5:48:90:93:33:97:7f:70:60:
                    08:3e:5c:17:65:d1:62:05:e9:d7:9a:d9:2b:d8:74:
                    f1:d4:b0:2d:4f:f0:b7:2c:9b:9d:b0:2c:70:a0:cd:
                    dc:04:39:b7:c0:f6:1f:49:a9:ef:2a:e1:b0:bb:04:
                    e7:29:a8:53:13:9a:fc:f7:c5:d2:3a:22:ce:51:b4:
                    cb:3c:d5:2c:e8:91:9e:89:95:4a:9b:ba:51:5d:8e:
                    2c:c9:d0:35:94:c9:62:e1:35:d0:ee:9f:67:80:c5:
                    d0:2c:18:3e:3a:76:1e:35:c9:43:98:60:e5:1d:c4:
                    3c:5c:2f:81:86:21:17:b2:ba:69:d4:99:85:d0:ec:
                    ff:95:fd:fd:6e:ad:10:81:a4:bc:cd:09:12:c1:42:
                    ca:e7:24:ed:14:23:54:48:e6:a4:e1:0b:8f:b7:0a:
                    aa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:7B:E3:8B:9B:78:09:DE:C3:AE:8F:F5:79:45:6A:C3:5E:E6:5E:97
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:93:61:5e:20:7f:41:f8:a3:60:4d:e2:40:8f:84:f0:52:70:
         bd:3d:63:45:dd:9d:c6:11:68:bd:f0:2d:1c:c1:e4:fd:f5:58:
         8c:1c:86:9a:e2:15:e6:bf:8a:69:31:f8:c5:fa:56:25:0c:75:
         0e:04:ea:ee:fd:90:7f:b3:54:4f:ee:8f:a4:8e:13:b2:4c:29:
         50:6c:b4:8d:64:05:bd:74:f1:ee:f6:48:34:93:aa:ab:b4:ef:
         3d:5f:07:93:06:28:4c:af:5b:62:dc:de:b4:a2:93:c3:6e:1b:
         82:69:2c:b8:51:80:f9:47:ed:b9:f1:98:12:71:28:0b:63:f2:
         ee:89:9b:a0:30:b9:35:a3:2d:89:01:43:71:64:e6:ec:92:c0:
         21:d8:72:08:86:c7:7f:64:09:ec:6c:4f:8b:3e:6d:ba:35:8e:
         ee:f9:5d:82:72:87:11:4d:85:62:fa:64:8f:65:2b:d9:6f:89:
         3c:e3:bb:f1:75:dc:15:76:cf:6e:a5:14:19:cf:e7:f2:e3:03:
         bf:d0:d9:a1:16:34:15:08:9d:54:fa:2b:a0:d5:3b:ee:38:44:
         33:8f:04:f7:71:f6:ad:47:6d:2f:db:2d:29:aa:57:2f:2d:8a:
         ec:69:a9:28:32:02:21:82:16:87:5b:11:8d:77:67:8c:9d:e1:
         d2:25:7e:d8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULkaLXhy8V73iIKplu4dCIAi8i1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjA1MTMyMzU5MjhaFw0yNzA1MTMwMDA0MjhaMDMxMTAvBgNV
BAMTKDE5N0JFMzhCOUI3ODA5REVDM0FFOEZGNTc5NDU2QUMzNUVFNjVFOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14jreLppKE7xV1TobiKQNo5s+
k32DEa1Scn4+1fd1tJGc2XhTmNUvWOjy+6durAq/2ob+TdkkhOJLI8paZUUMgqXV
cNWZ/I1bGgfEZA4yNS+vX/szeW8jeJTZQ686UKVIkJMzl39wYAg+XBdl0WIF6dea
2SvYdPHUsC1P8Lcsm52wLHCgzdwEObfA9h9Jqe8q4bC7BOcpqFMTmvz3xdI6Is5R
tMs81SzokZ6JlUqbulFdjizJ0DWUyWLhNdDun2eAxdAsGD46dh41yUOYYOUdxDxc
L4GGIReyumnUmYXQ7P+V/f1urRCBpLzNCRLBQsrnJO0UI1RI5qThC4+3CqqnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGXvji5t4Cd7Dro/1eUVqw17mXpcwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dAw
DQYJKoZIhvcNAQELBQADggEBAAiTYV4gf0H4o2BN4kCPhPBScL09Y0XdncYRaL3w
LRzB5P31WIwchpriFea/imkx+MX6ViUMdQ4E6u79kH+zVE/uj6SOE7JMKVBstI1k
Bb108e72SDSTqqu07z1fB5MGKEyvW2Lc3rSik8NuG4JpLLhRgPlH7bnxmBJxKAtj
8u6Jm6AwuTWjLYkBQ3Fk5uySwCHYcgiGx39kCexsT4s+bbo1ju75XYJyhxFNhWL6
ZI9lK9lviTzju/F13BV2z26lFBnP5/LjA7/Q2aEWNBUInVT6K6DVO+44RDOPBPdx
9q1HbS/bLSmqVy8tiuxpqSgyAiGCFodbEY13Z4yd4dIlftg=
-----END CERTIFICATE-----