Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa
File:                     38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          sE8H1sL8so6876FcvK8T/98WJNiBRq6ZWtcL7Z5XkHc=
Subject key identifier:   0B:52:31:58:46:A8:87:B0:DE:B3:5D:FF:92:97:2F:7D:2E:16:F7:BE
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7C38B78E6529E6DFF55626E17BCD35F114DD08A9
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa
Signing time:             Wed 15 Jul 2026 14:49:12 +0000
ROA not before:           Wed 15 Jul 2026 14:44:12 +0000
ROA not after:            Wed 14 Jul 2027 14:49:12 +0000
asID:                     212384
IP address blocks:        85.209.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:38:b7:8e:65:29:e6:df:f5:56:26:e1:7b:cd:35:f1:14:dd:08:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul 15 14:44:12 2026 GMT
            Not After : Jul 14 14:49:12 2027 GMT
        Subject: CN=0B52315846A887B0DEB35DFF92972F7D2E16F7BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1c:e7:eb:17:65:06:54:36:e3:e5:43:59:92:
                    07:f8:bf:10:1a:52:cf:af:8c:85:d5:e8:6c:13:5a:
                    bd:5e:74:62:2d:93:ea:a3:57:13:98:28:24:c3:cf:
                    8e:c0:1f:05:af:e6:37:82:9b:c7:b0:37:4c:06:26:
                    ef:a8:78:07:87:47:b8:ea:f0:67:60:5c:63:f1:5b:
                    df:e8:4e:79:c0:08:ac:be:ec:52:f1:ed:ef:7c:75:
                    a9:05:70:e3:e0:3c:c4:47:55:08:c0:18:ac:62:60:
                    79:8a:18:47:81:51:d0:db:3e:bd:d3:41:5a:92:a1:
                    f1:23:a8:28:d4:cd:e4:4f:61:c6:f1:f4:c6:9c:ea:
                    16:42:7e:1d:c3:4c:bc:88:97:0d:b7:0c:86:57:55:
                    98:a0:ca:ab:15:c3:61:37:cf:94:be:09:76:b3:7b:
                    52:3b:28:e0:77:28:96:40:a3:c1:ad:d8:e5:7a:ef:
                    d1:da:e9:4a:a5:4b:e8:03:40:fc:40:97:fb:75:ba:
                    1d:40:1e:36:5c:91:9f:d5:84:87:0b:32:a8:78:e3:
                    bf:4e:9e:bf:d3:ea:8f:be:77:bc:2f:75:6f:5d:b3:
                    2a:94:d4:b4:c4:ab:7b:9c:46:57:54:15:f0:70:ec:
                    d1:e4:c6:09:53:ea:55:dc:39:44:17:f9:10:ff:8a:
                    8a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:52:31:58:46:A8:87:B0:DE:B3:5D:FF:92:97:2F:7D:2E:16:F7:BE
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:27:ef:7b:01:be:e9:34:c9:57:01:94:2c:a9:86:c9:dd:34:
         3a:5f:0b:38:2a:cc:80:48:ee:fc:93:d9:37:03:30:93:55:e2:
         66:9e:a5:d0:bb:d4:b5:e2:4b:09:42:04:e2:31:ec:b4:99:98:
         67:0d:f1:41:dd:93:27:a5:f5:72:6a:84:6f:f0:99:06:89:4a:
         62:76:c7:42:63:d7:7e:aa:23:0b:e7:1f:70:0c:ac:33:72:b1:
         ce:6d:9d:a8:37:24:7c:4a:f8:e9:a1:3c:ad:13:f5:53:93:50:
         3c:9d:be:d1:c0:14:f8:77:83:47:49:4d:a1:7a:81:94:e8:00:
         c2:94:74:90:33:88:6d:91:b5:a6:24:f3:24:dd:da:c4:0a:ef:
         2f:05:1c:bf:31:e9:00:ed:0c:05:28:9a:bb:df:5c:16:eb:ac:
         3a:9f:1a:bb:41:f1:d9:4b:5b:f5:f3:70:a8:68:01:af:71:a4:
         a2:14:ab:df:8f:53:c3:8b:c1:39:59:97:f7:26:c9:78:4f:79:
         12:73:f0:d5:b4:e9:02:c0:2f:ac:5b:72:78:f1:8d:c4:89:03:
         41:11:c0:5e:cb:ed:3c:90:2e:bd:9f:87:cb:e9:22:24:57:a7:
         63:ee:56:d3:c5:89:0e:ae:7e:78:07:aa:b1:92:a7:fd:fe:90:
         8e:39:2b:02
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUfDi3jmUp5t/1Vibhe8018RTdCKkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA3MTUxNDQ0MTJaFw0yNzA3MTQxNDQ5MTJaMDMxMTAvBgNV
BAMTKDBCNTIzMTU4NDZBODg3QjBERUIzNURGRjkyOTcyRjdEMkUxNkY3QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXHOfrF2UGVDbj5UNZkgf4vxAa
Us+vjIXV6GwTWr1edGItk+qjVxOYKCTDz47AHwWv5jeCm8ewN0wGJu+oeAeHR7jq
8GdgXGPxW9/oTnnACKy+7FLx7e98dakFcOPgPMRHVQjAGKxiYHmKGEeBUdDbPr3T
QVqSofEjqCjUzeRPYcbx9Mac6hZCfh3DTLyIlw23DIZXVZigyqsVw2E3z5S+CXaz
e1I7KOB3KJZAo8Gt2OV679Ha6UqlS+gDQPxAl/t1uh1AHjZckZ/VhIcLMqh4479O
nr/T6o++d7wvdW9dsyqU1LTEq3ucRldUFfBw7NHkxglT6lXcOUQX+RD/ioobAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUC1IxWEaoh7Des13/kpcvfS4W974wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzM4MzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0d0wDQYJKoZIhvcNAQELBQADggEBAKkn73sBvuk0yVcBlCyphsndNDpfCzgq
zIBI7vyT2TcDMJNV4maepdC71LXiSwlCBOIx7LSZmGcN8UHdkyel9XJqhG/wmQaJ
SmJ2x0Jj136qIwvnH3AMrDNysc5tnag3JHxK+OmhPK0T9VOTUDydvtHAFPh3g0dJ
TaF6gZToAMKUdJAziG2RtaYk8yTd2sQK7y8FHL8x6QDtDAUomrvfXBbrrDqfGrtB
8dlLW/XzcKhoAa9xpKIUq9+PU8OLwTlZl/cmyXhPeRJz8NW06QLAL6xbcnjxjcSJ
A0ERwF7L7TyQLr2fh8vpIiRXp2PuVtPFiQ6ufngHqrGSp/3+kI45KwI=
-----END CERTIFICATE-----
Generated at Fri Jul 17 08:55:29 2026 by rpki-client