Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3231372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Bc98LREmH+Q0h6/vrKf45K0tAlPMlZX8go055AuZBz8=
Subject key identifier:   38:E5:DF:10:EA:F1:AD:8A:AB:20:03:3B:EB:16:70:EA:2E:CE:AF:0B
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       6D8826AD3729BC382627F4744641EAD6D4468564
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa
Signing time:             Fri 01 May 2026 00:16:43 +0000
ROA not before:           Fri 01 May 2026 00:11:43 +0000
ROA not after:            Fri 30 Apr 2027 00:16:43 +0000
asID:                     834
IP address blocks:        85.237.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 09:49:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:88:26:ad:37:29:bc:38:26:27:f4:74:46:41:ea:d6:d4:46:85:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: May  1 00:11:43 2026 GMT
            Not After : Apr 30 00:16:43 2027 GMT
        Subject: CN=38E5DF10EAF1AD8AAB20033BEB1670EA2ECEAF0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b3:55:df:6c:47:d8:6f:45:0b:be:32:c0:b9:
                    53:90:27:4b:a1:79:c3:73:38:b1:be:03:a6:94:87:
                    25:39:57:24:69:f6:76:3b:4f:1a:69:71:bd:6b:30:
                    12:7a:79:19:89:75:eb:fa:71:7f:4c:dc:6e:42:33:
                    6d:73:66:8e:3f:93:b2:c1:d8:56:a5:12:bb:15:c3:
                    ba:92:2d:ba:4c:31:f2:b7:7b:80:fd:0a:a7:3f:d9:
                    5f:03:f6:3a:2f:71:66:5f:17:e1:d1:b4:2b:46:6c:
                    86:b5:0f:f6:78:93:67:d2:23:ab:2d:df:f3:7d:99:
                    af:53:d1:48:07:6f:53:d5:2c:f9:03:95:a3:05:25:
                    89:7f:a7:f4:51:e8:b4:24:3b:0d:32:f9:34:28:16:
                    18:1c:68:1b:41:45:ee:a5:92:99:d7:d9:cb:8b:f1:
                    07:08:af:68:d4:fe:60:9d:95:a5:be:f3:cb:ac:b2:
                    fa:31:09:d4:51:f6:c9:f0:a6:9e:d6:11:a9:76:d1:
                    0a:45:54:7f:68:56:07:d5:c1:90:e0:e0:95:40:70:
                    52:b4:df:3a:c0:6e:0f:43:de:f8:b6:52:eb:5e:e4:
                    75:26:64:5b:c7:5f:a7:67:0a:87:5d:6c:43:40:03:
                    3b:76:e1:a7:70:55:5e:2a:19:be:1b:d0:6f:14:aa:
                    d4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E5:DF:10:EA:F1:AD:8A:AB:20:03:3B:EB:16:70:EA:2E:CE:AF:0B
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b9:02:c8:4d:70:78:b4:cd:31:e5:a8:39:62:18:91:57:18:
         b2:59:62:4f:6e:6b:ec:81:27:81:ae:76:a4:d3:d1:91:1d:ed:
         a9:3c:9c:8a:2b:1f:46:19:19:e7:af:c2:b0:b5:ee:91:cf:56:
         20:b5:16:68:98:39:87:9d:ab:49:eb:26:47:78:7c:4f:8b:15:
         17:63:9b:05:24:1d:dd:77:56:c2:7f:34:24:a6:ca:a7:06:45:
         25:a9:f2:86:44:5d:9f:b2:d7:7f:81:29:3e:22:b8:db:fd:72:
         53:33:2a:be:76:27:1b:b8:d3:2a:aa:a1:23:30:a0:e9:32:52:
         ad:37:dc:7b:f0:97:15:d1:72:4e:85:57:a7:76:0c:22:e1:21:
         49:fa:e2:bc:03:60:ad:34:58:d8:ce:0a:76:70:d0:d7:6f:aa:
         43:a7:2e:02:c8:17:f7:d5:e6:c2:32:ee:e1:f1:7b:72:10:14:
         5e:5a:b6:50:b3:08:e5:d6:02:b5:78:36:c8:a7:94:43:92:22:
         e1:a3:a8:af:2a:f9:f1:54:1a:44:5d:97:67:03:f1:ae:9d:8d:
         8a:85:05:19:8e:3c:a3:48:76:56:1a:b0:c0:a9:fe:d8:b1:57:
         64:fb:9b:a9:b4:76:37:ec:78:b1:47:00:72:39:ce:87:78:3f:
         3f:af:24:50
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbYgmrTcpvDgmJ/R0RkHq1tRGhWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjA1MDEwMDExNDNaFw0yNzA0MzAwMDE2NDNaMDMxMTAvBgNV
BAMTKDM4RTVERjEwRUFGMUFEOEFBQjIwMDMzQkVCMTY3MEVBMkVDRUFGMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6s1XfbEfYb0ULvjLAuVOQJ0uh
ecNzOLG+A6aUhyU5VyRp9nY7Txppcb1rMBJ6eRmJdev6cX9M3G5CM21zZo4/k7LB
2FalErsVw7qSLbpMMfK3e4D9Cqc/2V8D9jovcWZfF+HRtCtGbIa1D/Z4k2fSI6st
3/N9ma9T0UgHb1PVLPkDlaMFJYl/p/RR6LQkOw0y+TQoFhgcaBtBRe6lkpnX2cuL
8QcIr2jU/mCdlaW+88ussvoxCdRR9snwpp7WEal20QpFVH9oVgfVwZDg4JVAcFK0
3zrAbg9D3vi2Uute5HUmZFvHX6dnCoddbENAAzt24adwVV4qGb4b0G8UqtRLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOOXfEOrxrYqrIAM76xZw6i7OrwswHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dkw
DQYJKoZIhvcNAQELBQADggEBAAC5AshNcHi0zTHlqDliGJFXGLJZYk9ua+yBJ4Gu
dqTT0ZEd7ak8nIorH0YZGeevwrC17pHPViC1FmiYOYedq0nrJkd4fE+LFRdjmwUk
Hd13VsJ/NCSmyqcGRSWp8oZEXZ+y13+BKT4iuNv9clMzKr52Jxu40yqqoSMwoOky
Uq033HvwlxXRck6FV6d2DCLhIUn64rwDYK00WNjOCnZw0NdvqkOnLgLIF/fV5sIy
7uHxe3IQFF5atlCzCOXWArV4NsinlEOSIuGjqK8q+fFUGkRdl2cD8a6djYqFBRmO
PKNIdlYasMCp/tixV2T7m6m0djfseLFHAHI5zod4Pz+vJFA=
-----END CERTIFICATE-----