Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa
File:                     38352e3230392e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          W8TN7vG7X5TPCLG7LHz7kY2gEbLkDpfyfvpbLHpdbS8=
Subject key identifier:   6F:52:4C:65:74:DD:97:ED:8E:AB:4E:C6:0F:DD:62:75:AB:33:6F:35
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       46BEC4C1A1B16D0C7AAA14334DF361076E99600D
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 30 Oct 2025 15:18:31 +0000
ROA not before:           Thu 30 Oct 2025 15:13:31 +0000
ROA not after:            Thu 29 Oct 2026 15:18:31 +0000
asID:                     834
IP address blocks:        85.209.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 15:49:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:be:c4:c1:a1:b1:6d:0c:7a:aa:14:33:4d:f3:61:07:6e:99:60:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Oct 30 15:13:31 2025 GMT
            Not After : Oct 29 15:18:31 2026 GMT
        Subject: CN=6F524C6574DD97ED8EAB4EC60FDD6275AB336F35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:63:37:ac:37:b3:8f:db:d8:b5:80:fc:17:fa:
                    0a:c9:dd:fa:c8:a9:3f:1a:7c:3c:7c:82:76:46:7f:
                    6d:38:b6:9b:e2:d9:de:55:43:e1:ec:b0:64:03:10:
                    9e:0b:55:45:e6:4c:fa:17:8f:7b:8c:5a:99:1a:27:
                    3c:af:9f:17:98:8f:ea:2e:92:52:06:64:f5:7d:8d:
                    58:9f:f7:72:68:a9:4b:5f:c1:ac:32:e0:45:69:ac:
                    e7:44:66:c7:2d:0b:df:07:8c:9c:ef:59:04:3a:c6:
                    df:d1:f7:0f:e0:5c:1b:c8:57:2b:31:19:c7:be:cc:
                    db:08:d2:72:8b:59:82:5a:91:85:ae:e4:71:d5:be:
                    50:cb:89:21:8a:01:84:5d:ce:61:29:f9:d3:54:34:
                    dc:8a:14:ec:b0:1c:82:69:f9:81:48:16:43:b9:11:
                    26:13:a7:a6:f1:fb:70:43:16:e8:69:b3:81:3e:98:
                    a1:63:85:5e:03:d6:1e:ab:c2:e3:35:4b:3f:3d:60:
                    6d:76:f7:b6:5d:1c:b7:1e:c5:35:00:07:ee:bc:76:
                    43:fb:ed:2a:b0:02:62:70:ba:c1:d3:38:2e:17:50:
                    8a:b1:33:22:48:68:e7:cd:0e:9b:1e:e3:57:35:8d:
                    4b:1e:38:23:68:98:52:cc:05:b0:16:5f:c8:25:38:
                    14:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:52:4C:65:74:DD:97:ED:8E:AB:4E:C6:0F:DD:62:75:AB:33:6F:35
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:37:cf:f0:ec:50:d5:18:d4:a1:63:54:b4:1f:d8:08:15:9b:
         9f:db:b9:d1:73:4d:0e:e4:12:d1:c7:5f:7d:ef:20:e4:3e:ce:
         dd:11:e5:cc:28:4d:92:5b:1c:c2:db:c8:0c:d8:c9:9e:47:ed:
         1b:74:66:c4:d9:4c:a0:57:75:4f:5e:2f:57:ae:7e:27:40:43:
         ab:64:5b:ce:83:b1:19:5e:2b:f0:8b:1e:bb:dc:1a:4e:7f:99:
         17:97:8e:10:b3:3e:45:b1:45:e1:7c:e4:cd:db:fb:ec:d6:e2:
         0e:7d:ca:bb:aa:f0:3e:3e:33:35:d8:05:48:f0:22:e4:2a:1c:
         88:60:40:17:0e:78:84:47:83:2a:0a:90:d8:1c:e6:f2:0c:ae:
         77:3e:db:e0:be:35:a1:32:0c:99:c0:c2:54:a0:6b:3c:f0:7b:
         7e:08:c2:af:5a:81:68:d5:c2:d5:a5:17:60:5d:e6:c8:c3:3c:
         99:c0:11:38:2c:86:e8:38:e9:51:92:0a:04:f9:96:f3:f0:df:
         d6:cb:f3:59:7c:bc:85:d5:aa:f7:fd:c3:4d:6f:fc:1c:2e:4a:
         bf:89:11:55:98:c7:e6:cd:e8:f6:82:05:c9:ef:09:2a:75:4e:
         8d:50:5e:1a:1d:89:48:25:de:ff:13:dd:a7:ff:2a:3e:c9:6c:
         bb:1d:76:69
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURr7EwaGxbQx6qhQzTfNhB26ZYA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTEwMzAxNTEzMzFaFw0yNjEwMjkxNTE4MzFaMDMxMTAvBgNV
BAMTKDZGNTI0QzY1NzRERDk3RUQ4RUFCNEVDNjBGREQ2Mjc1QUIzMzZGMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYzesN7OP29i1gPwX+grJ3frI
qT8afDx8gnZGf204tpvi2d5VQ+HssGQDEJ4LVUXmTPoXj3uMWpkaJzyvnxeYj+ou
klIGZPV9jVif93JoqUtfwawy4EVprOdEZsctC98HjJzvWQQ6xt/R9w/gXBvIVysx
Gce+zNsI0nKLWYJakYWu5HHVvlDLiSGKAYRdzmEp+dNUNNyKFOywHIJp+YFIFkO5
ESYTp6bx+3BDFuhps4E+mKFjhV4D1h6rwuM1Sz89YG1297ZdHLcexTUAB+68dkP7
7SqwAmJwusHTOC4XUIqxMyJIaOfNDpse41c1jUseOCNomFLMBbAWX8glOBQdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUb1JMZXTdl+2Oq07GD91idaszbzUwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0d8w
DQYJKoZIhvcNAQELBQADggEBAKY3z/DsUNUY1KFjVLQf2AgVm5/budFzTQ7kEtHH
X33vIOQ+zt0R5cwoTZJbHMLbyAzYyZ5H7Rt0ZsTZTKBXdU9eL1eufidAQ6tkW86D
sRleK/CLHrvcGk5/mReXjhCzPkWxReF85M3b++zW4g59yruq8D4+MzXYBUjwIuQq
HIhgQBcOeIRHgyoKkNgc5vIMrnc+2+C+NaEyDJnAwlSgazzwe34Iwq9agWjVwtWl
F2Bd5sjDPJnAETgshug46VGSCgT5lvPw39bL81l8vIXVqvf9w01v/BwuSr+JEVWY
x+bN6PaCBcnvCSp1To1QXhodiUgl3v8T3af/Kj7JbLsddmk=
-----END CERTIFICATE-----