Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e2039333034.roa
File:                     38322e3131382e32372e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          r825IdntEKr8Ts6ZuQr5MBHlpWV+aiSw4iW/fHBfZZM=
Subject key identifier:   C9:38:FB:52:A1:2A:D5:AD:F8:E0:7F:E4:2B:7B:A1:25:90:34:39:B3
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       62C1868674877C159CA7FE968E012793166EFEC2
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 14 May 2026 05:45:57 +0000
ROA not before:           Thu 14 May 2026 05:40:57 +0000
ROA not after:            Thu 13 May 2027 05:45:57 +0000
asID:                     9304
IP address blocks:        82.118.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c1:86:86:74:87:7c:15:9c:a7:fe:96:8e:01:27:93:16:6e:fe:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: May 14 05:40:57 2026 GMT
            Not After : May 13 05:45:57 2027 GMT
        Subject: CN=C938FB52A12AD5ADF8E07FE42B7BA125903439B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:93:e5:92:47:a1:21:2e:24:28:e8:89:ae:0c:
                    d2:8f:31:5d:c7:8c:6a:d9:07:2c:7d:6f:e1:95:eb:
                    32:b4:1a:a1:2d:48:3d:5a:89:92:7c:e4:48:82:5c:
                    4f:77:d1:e0:59:cb:d9:5a:56:91:4a:fc:50:fa:03:
                    0b:ac:c0:36:d0:8f:5b:af:57:84:bf:a5:9f:af:fd:
                    84:59:dd:65:ff:e1:64:75:6b:4d:7f:fc:d1:d3:a3:
                    74:fe:60:00:9c:93:09:40:99:4a:cd:4b:c9:5f:3b:
                    92:68:6e:c7:3c:45:f4:36:3d:6c:87:d9:6f:08:14:
                    87:d4:d9:50:67:38:b8:fc:0e:6a:e8:51:06:fa:9f:
                    61:24:73:4b:4e:ed:c8:04:92:f6:b0:1e:fe:ef:80:
                    c4:0c:63:ad:9b:65:f3:8d:37:5f:14:51:62:f1:61:
                    81:43:a5:4c:3c:7c:98:86:2e:ee:52:99:96:ef:2e:
                    2d:9c:03:72:84:cc:54:bc:fe:aa:8b:6e:da:24:2a:
                    81:bf:db:8c:84:04:70:14:f9:bd:53:c8:9e:64:d1:
                    f5:78:3c:00:3f:33:78:6a:62:b0:7e:46:58:87:81:
                    73:75:e4:fb:38:28:b8:77:74:17:4d:2b:55:68:f5:
                    4a:0e:60:cf:00:46:7b:4e:52:e0:6a:a2:a4:de:4a:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:38:FB:52:A1:2A:D5:AD:F8:E0:7F:E4:2B:7B:A1:25:90:34:39:B3
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:d8:ed:2d:18:c4:ff:f5:b6:50:c4:29:ce:4f:a8:4e:7a:b8:
         80:e7:c8:43:8f:f3:d2:8c:a5:d6:e6:51:48:9c:fa:2d:b2:97:
         73:8a:ff:30:6e:91:93:15:a6:60:f1:34:f0:e5:d2:f6:64:cc:
         1c:2a:10:cf:d1:bf:7a:18:21:fb:0e:7b:61:cf:48:55:26:3b:
         15:fe:e3:ab:9d:6c:b5:ff:d6:ef:70:90:40:0b:1d:a5:c2:10:
         58:46:f3:0f:fd:bb:38:51:c5:ac:8d:b9:e6:34:9e:2f:cc:14:
         93:7c:e5:24:0f:bd:40:0a:1b:76:25:2c:b0:af:72:11:95:ce:
         da:28:96:38:f8:57:16:ee:5d:28:7b:c7:17:d8:6a:29:0f:d4:
         ae:1c:9c:4b:03:54:c6:d1:71:36:56:0b:41:38:cb:74:39:33:
         1e:94:a6:79:08:3a:f9:83:6f:27:cb:8b:e8:ef:be:c6:a0:f9:
         aa:e1:35:54:78:1b:d2:28:b8:3f:60:a3:0d:dd:19:eb:bf:17:
         21:cf:27:1d:4a:8a:e9:d7:14:3a:c5:75:2f:dc:51:e5:d1:c4:
         49:e0:8d:aa:44:a4:fa:09:9e:0f:43:78:6e:c3:2f:c9:bd:5d:
         0c:4a:52:2a:40:2b:09:94:df:60:57:60:37:19:3a:35:2b:3c:
         7f:f7:06:e2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYsGGhnSHfBWcp/6WjgEnkxZu/sIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA1MTQwNTQwNTdaFw0yNzA1MTMwNTQ1NTdaMDMxMTAvBgNV
BAMTKEM5MzhGQjUyQTEyQUQ1QURGOEUwN0ZFNDJCN0JBMTI1OTAzNDM5QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfk+WSR6EhLiQo6ImuDNKPMV3H
jGrZByx9b+GV6zK0GqEtSD1aiZJ85EiCXE930eBZy9laVpFK/FD6AwuswDbQj1uv
V4S/pZ+v/YRZ3WX/4WR1a01//NHTo3T+YACckwlAmUrNS8lfO5Jobsc8RfQ2PWyH
2W8IFIfU2VBnOLj8DmroUQb6n2Ekc0tO7cgEkvawHv7vgMQMY62bZfONN18UUWLx
YYFDpUw8fJiGLu5SmZbvLi2cA3KEzFS8/qqLbtokKoG/24yEBHAU+b1TyJ5k0fV4
PAA/M3hqYrB+RliHgXN15Ps4KLh3dBdNK1Vo9UoOYM8ARntOUuBqoqTeSpiNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUyTj7UqEq1a344H/kK3uhJZA0ObMwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSdhsw
DQYJKoZIhvcNAQELBQADggEBAIzY7S0YxP/1tlDEKc5PqE56uIDnyEOP89KMpdbm
UUic+i2yl3OK/zBukZMVpmDxNPDl0vZkzBwqEM/Rv3oYIfsOe2HPSFUmOxX+46ud
bLX/1u9wkEALHaXCEFhG8w/9uzhRxayNueY0ni/MFJN85SQPvUAKG3YlLLCvchGV
ztooljj4VxbuXSh7xxfYaikP1K4cnEsDVMbRcTZWC0E4y3Q5Mx6UpnkIOvmDbyfL
i+jvvsag+arhNVR4G9IouD9gow3dGeu/FyHPJx1KiunXFDrFdS/cUeXRxEngjapE
pPoJng9DeG7DL8m9XQxKUipAKwmU32BXYDcZOjUrPH/3BuI=
-----END CERTIFICATE-----