Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
File:                     3138352e3231372e3136392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          X6gXBO7k1Vpb62mWyk9JlRfQ9FAzCqPy0aNBMy69t0U=
Subject key identifier:   56:9E:9B:86:F1:07:F8:C8:D9:93:0C:5A:FF:34:84:35:7D:BE:B7:F9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       38B8B9E250C9D01D9AA65F201A519AD7F5D8CDB2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 25 May 2026 09:24:32 +0000
ROA not before:           Mon 25 May 2026 09:19:32 +0000
ROA not after:            Mon 24 May 2027 09:24:32 +0000
asID:                     834
IP address blocks:        185.217.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b8:b9:e2:50:c9:d0:1d:9a:a6:5f:20:1a:51:9a:d7:f5:d8:cd:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 25 09:19:32 2026 GMT
            Not After : May 24 09:24:32 2027 GMT
        Subject: CN=569E9B86F107F8C8D9930C5AFF3484357DBEB7F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:39:6a:71:eb:60:3c:e8:11:2d:e9:ba:10:b8:
                    92:ea:ad:a8:fd:3c:29:3b:0f:de:68:9a:16:8d:1b:
                    68:d6:42:18:7e:de:51:f4:06:5c:d0:fa:9d:d7:a9:
                    c1:2e:e0:ba:b4:0e:7b:45:8f:1a:32:b7:92:a1:5a:
                    ad:43:3a:89:3b:95:35:5d:be:49:8e:79:38:8d:1a:
                    79:ba:f9:9f:5e:b4:19:8e:6e:06:42:38:81:f3:e7:
                    74:83:d4:80:2e:af:c9:ab:69:0f:6d:6f:3b:49:5b:
                    d4:a8:f5:b6:89:93:ee:79:99:c2:9a:bd:c9:c9:09:
                    04:39:e8:c3:eb:72:96:21:52:46:73:f2:36:50:a9:
                    68:71:53:b9:52:67:b5:53:b7:6d:7d:f9:10:22:07:
                    64:2d:db:cc:c3:a8:ad:eb:58:b4:7d:a0:77:07:f1:
                    47:0d:88:6e:c1:07:39:2b:3f:e7:86:cd:da:01:fc:
                    b1:8f:23:56:41:63:f3:38:da:bf:4d:75:52:66:9b:
                    15:01:84:6d:f8:3a:3b:68:6c:ef:b9:0a:67:4d:82:
                    bb:02:18:81:dc:f2:b5:a3:5c:e6:d3:a6:ea:4f:01:
                    4c:3e:ac:10:a3:18:5f:ea:4c:b0:2d:3f:a2:c0:6e:
                    0d:e7:02:bb:da:7e:9e:cc:ca:21:89:de:8e:ca:87:
                    57:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:9E:9B:86:F1:07:F8:C8:D9:93:0C:5A:FF:34:84:35:7D:BE:B7:F9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231372e3136392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:12:ae:57:73:3e:d3:73:36:fd:06:a6:df:1d:d7:c0:5c:ed:
         2c:ec:e4:24:d8:e3:a4:9c:5e:78:0e:f7:42:8a:ad:41:28:93:
         35:de:c5:7f:2c:7d:17:44:07:10:7b:31:58:44:3b:6a:c7:80:
         40:8c:3d:a7:47:8a:28:33:20:83:f6:9c:fb:8e:60:8f:e2:c2:
         5d:9c:98:0f:e7:21:ce:53:a8:f9:0c:e0:ff:5c:f0:d2:f4:c5:
         cb:42:99:a6:61:1e:ad:c0:21:6c:84:ba:64:20:38:c3:78:8c:
         99:1e:0b:b2:fd:51:b7:63:6f:dd:9b:87:e7:7c:14:63:8e:52:
         c7:bf:e4:d3:d0:4d:e9:86:c3:11:e7:7a:78:ba:24:19:d0:3a:
         eb:14:34:e0:95:19:a9:09:0d:ac:6b:14:c7:08:a2:35:64:19:
         88:00:73:87:26:19:36:b8:b3:ce:56:cc:ff:68:2a:49:0a:ae:
         39:1d:a6:53:55:0f:37:d7:4e:5e:64:3d:70:14:2c:81:9f:67:
         2e:8e:89:ae:00:2e:28:e1:3a:2d:66:43:b8:33:5e:03:7f:e1:
         27:67:bc:f1:6f:70:13:43:f1:71:9b:f3:6d:b0:9c:e2:bd:0f:
         2f:7c:3d:82:e8:75:ad:09:aa:69:11:d6:fa:09:4f:2e:98:d5:
         ca:2c:78:5e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOLi54lDJ0B2apl8gGlGa1/XYzbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjUwOTE5MzJaFw0yNzA1MjQwOTI0MzJaMDMxMTAvBgNV
BAMTKDU2OUU5Qjg2RjEwN0Y4QzhEOTkzMEM1QUZGMzQ4NDM1N0RCRUI3RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMOWpx62A86BEt6boQuJLqraj9
PCk7D95omhaNG2jWQhh+3lH0BlzQ+p3XqcEu4Lq0DntFjxoyt5KhWq1DOok7lTVd
vkmOeTiNGnm6+Z9etBmObgZCOIHz53SD1IAur8mraQ9tbztJW9So9baJk+55mcKa
vcnJCQQ56MPrcpYhUkZz8jZQqWhxU7lSZ7VTt219+RAiB2Qt28zDqK3rWLR9oHcH
8UcNiG7BBzkrP+eGzdoB/LGPI1ZBY/M42r9NdVJmmxUBhG34OjtobO+5CmdNgrsC
GIHc8rWjXObTpupPAUw+rBCjGF/qTLAtP6LAbg3nArvafp7MyiGJ3o7Kh1dhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVp6bhvEH+MjZkwxa/zSENX2+t/kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzcyZTMx
MzYzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnZ
qTANBgkqhkiG9w0BAQsFAAOCAQEAoRKuV3M+03M2/Qam3x3XwFztLOzkJNjjpJxe
eA73QoqtQSiTNd7Ffyx9F0QHEHsxWEQ7aseAQIw9p0eKKDMgg/ac+45gj+LCXZyY
D+chzlOo+Qzg/1zw0vTFy0KZpmEercAhbIS6ZCA4w3iMmR4Lsv1Rt2Nv3ZuH53wU
Y45Sx7/k09BN6YbDEed6eLokGdA66xQ04JUZqQkNrGsUxwiiNWQZiABzhyYZNriz
zlbM/2gqSQquOR2mU1UPN9dOXmQ9cBQsgZ9nLo6JrgAuKOE6LWZDuDNeA3/hJ2e8
8W9wE0PxcZvzbbCc4r0PL3w9guh1rQmqaRHW+glPLpjVyix4Xg==
-----END CERTIFICATE-----