Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa
File:                     38342e33392e3135302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          3MICRaHPFgkrqpdgp6BabIzADI+lHPBleI498WlgUZc=
Subject key identifier:   0C:33:1B:AA:FB:73:E2:07:74:D3:6F:53:67:CD:BD:1E:AF:9B:E0:57
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3BDA1F93BABF4C8680C0828DE3A0AE908E9B7AD0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 01 Jun 2026 14:24:45 +0000
ROA not before:           Mon 01 Jun 2026 14:19:45 +0000
ROA not after:            Mon 31 May 2027 14:24:45 +0000
asID:                     51167
IP address blocks:        84.39.150.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:da:1f:93:ba:bf:4c:86:80:c0:82:8d:e3:a0:ae:90:8e:9b:7a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  1 14:19:45 2026 GMT
            Not After : May 31 14:24:45 2027 GMT
        Subject: CN=0C331BAAFB73E20774D36F5367CDBD1EAF9BE057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a1:74:47:01:f8:75:d2:06:c4:57:63:36:35:
                    dc:f4:37:ea:73:e1:c4:ff:a2:22:bc:38:46:b1:54:
                    e0:15:50:83:63:26:73:28:fa:2a:e8:76:2e:b7:e9:
                    51:46:48:c7:4f:8f:45:75:7f:13:3a:f3:8c:04:0d:
                    45:96:65:ae:9f:66:d6:55:9a:cc:61:69:6a:09:6c:
                    0d:08:de:65:33:4a:fa:67:88:44:a9:a7:31:96:9a:
                    7f:70:44:ae:ce:2f:3c:00:16:a6:57:ab:f8:66:2a:
                    68:fa:17:88:a7:10:8a:22:ed:f0:7e:16:eb:03:42:
                    6d:9e:44:60:20:22:0c:8e:0d:0f:64:f5:dd:01:95:
                    17:53:0d:24:9f:08:d2:bc:dc:4f:df:65:64:d3:43:
                    ad:12:e7:d7:a1:5a:5e:19:62:cb:4d:be:3b:f0:71:
                    d1:31:89:a6:9e:93:d5:2f:5c:70:e4:92:9b:ea:21:
                    c7:d1:38:03:a0:9b:54:a5:c5:da:c3:8e:3c:fb:e4:
                    2a:14:92:5e:09:3c:43:9f:35:c0:4e:78:5e:99:1c:
                    eb:f6:a6:d7:8e:a0:39:08:5f:16:80:cd:71:ad:cc:
                    f6:0b:dd:bf:07:6b:16:2d:98:83:4a:e2:3c:96:f4:
                    62:49:97:47:33:80:ca:22:3a:02:de:f1:6a:ee:ce:
                    0b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:33:1B:AA:FB:73:E2:07:74:D3:6F:53:67:CD:BD:1E:AF:9B:E0:57
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ae:34:6b:81:b4:47:74:c0:46:b5:e4:2e:8d:d7:f8:67:ee:
         52:b3:e2:74:c8:e5:1d:b2:16:c8:db:e3:c9:ec:12:60:00:98:
         6c:69:1e:14:f1:26:98:8d:95:99:89:c8:35:ab:90:5b:95:23:
         b9:ed:79:84:8e:7a:90:0a:8e:52:b0:c1:80:37:ee:29:ff:e4:
         cf:06:d2:3c:30:c9:ea:4c:b0:80:fd:cb:74:2f:be:dd:a7:3d:
         5e:ce:b8:1f:f1:17:3c:23:d7:10:c9:10:03:56:46:c8:e6:ca:
         05:de:84:b4:e5:e6:a3:62:3c:59:ab:35:e2:01:b1:47:7d:6a:
         18:f7:fb:33:4c:0c:91:06:f2:63:46:ae:f1:da:c1:f8:ce:1c:
         be:79:ce:1e:e1:c1:d7:77:0d:a9:1d:95:53:04:55:da:16:4c:
         be:41:e0:14:c2:03:7b:5d:1d:0d:04:a9:f4:21:cd:e8:63:d2:
         fe:14:45:e7:00:3a:be:3f:4d:fd:8a:a0:54:6e:ce:93:37:80:
         72:f0:8d:59:07:67:5a:e2:6c:e6:10:f7:5c:c1:f4:03:93:d2:
         65:17:d7:51:3b:30:69:04:e2:5b:a6:71:40:5c:b2:93:12:f1:
         93:aa:11:05:9c:2e:71:84:1c:42:4b:dd:7c:1c:10:20:89:c3:
         3f:38:1c:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUO9ofk7q/TIaAwIKN46CukI6betAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDExNDE5NDVaFw0yNzA1MzExNDI0NDVaMDMxMTAvBgNV
BAMTKDBDMzMxQkFBRkI3M0UyMDc3NEQzNkY1MzY3Q0RCRDFFQUY5QkUwNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCloXRHAfh10gbEV2M2Ndz0N+pz
4cT/oiK8OEaxVOAVUINjJnMo+irodi636VFGSMdPj0V1fxM684wEDUWWZa6fZtZV
msxhaWoJbA0I3mUzSvpniESppzGWmn9wRK7OLzwAFqZXq/hmKmj6F4inEIoi7fB+
FusDQm2eRGAgIgyODQ9k9d0BlRdTDSSfCNK83E/fZWTTQ60S59ehWl4ZYstNvjvw
cdExiaaek9UvXHDkkpvqIcfROAOgm1SlxdrDjjz75CoUkl4JPEOfNcBOeF6ZHOv2
pteOoDkIXxaAzXGtzPYL3b8HaxYtmINK4jyW9GJJl0czgMoiOgLe8WruzgtRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDDMbqvtz4gd0029TZ829Hq+b4FcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNTMw
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFQn
ljANBgkqhkiG9w0BAQsFAAOCAQEAb640a4G0R3TARrXkLo3X+GfuUrPidMjlHbIW
yNvjyewSYACYbGkeFPEmmI2VmYnINauQW5Ujue15hI56kAqOUrDBgDfuKf/kzwbS
PDDJ6kywgP3LdC++3ac9Xs64H/EXPCPXEMkQA1ZGyObKBd6EtOXmo2I8Was14gGx
R31qGPf7M0wMkQbyY0au8drB+M4cvnnOHuHB13cNqR2VUwRV2hZMvkHgFMIDe10d
DQSp9CHN6GPS/hRF5wA6vj9N/YqgVG7OkzeAcvCNWQdnWuJs5hD3XMH0A5PSZRfX
UTswaQTiW6ZxQFyykxLxk6oRBZwucYQcQkvdfBwQIInDPzgc+A==
-----END CERTIFICATE-----