Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa
File:                     38352e33312e3233322e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          uOId3MoS3LxylCabPkVryVV7Hc2g2jNK1c43/VDqWek=
Subject key identifier:   57:A6:34:4E:68:97:57:04:59:9E:4B:09:AA:5F:9E:1E:EE:28:0D:32
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       28D19EBBE713C6E2E43EF866925592D333D582D8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:25 +0000
ROA not before:           Fri 22 May 2026 08:19:25 +0000
ROA not after:            Fri 21 May 2027 08:24:25 +0000
asID:                     47583
IP address blocks:        85.31.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d1:9e:bb:e7:13:c6:e2:e4:3e:f8:66:92:55:92:d3:33:d5:82:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:25 2026 GMT
            Not After : May 21 08:24:25 2027 GMT
        Subject: CN=57A6344E68975704599E4B09AA5F9E1EEE280D32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:31:8f:78:a0:a4:62:e7:b3:90:07:83:ef:d7:
                    5a:52:5c:66:94:60:2d:03:3e:0b:07:bd:a8:e6:eb:
                    d8:14:a2:61:05:e4:f7:fe:b9:f5:c7:1d:06:23:65:
                    1e:9d:5e:56:c2:88:a4:5f:12:f2:27:ea:4f:3b:e2:
                    9b:72:f1:84:26:f0:cc:bc:41:2a:89:8e:65:46:65:
                    90:67:aa:ed:fe:05:6c:4f:83:bc:26:15:85:2e:a1:
                    ce:bf:4b:f8:f8:0a:ea:e6:05:51:94:77:dc:81:03:
                    5c:c8:64:1c:fb:ef:21:e6:ec:20:c6:36:a3:b7:64:
                    d5:bf:7b:2d:a4:79:a6:9c:af:5b:f6:82:82:2b:5c:
                    0a:a7:3d:a5:18:53:ff:9d:05:7d:9f:30:b1:dc:51:
                    8c:d0:92:5f:2e:e7:dd:88:c7:59:fa:cc:fd:ce:0c:
                    75:2d:dd:5b:b1:21:77:a2:ce:21:dc:62:44:3c:f6:
                    d5:d9:aa:ac:2b:39:e0:c8:ea:c6:52:7b:a8:d7:12:
                    76:ec:43:2f:4e:21:d5:d0:d5:d1:38:65:45:46:0c:
                    8a:85:5c:c7:3d:74:81:43:fb:d3:82:2b:3c:47:74:
                    95:44:02:8b:80:77:7b:9b:c5:c4:fb:62:69:03:b8:
                    6e:93:0d:e0:e0:c7:12:a6:42:31:58:1b:d4:c1:47:
                    fb:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A6:34:4E:68:97:57:04:59:9E:4B:09:AA:5F:9E:1E:EE:28:0D:32
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233322e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:5e:ed:be:1a:63:ea:87:ba:79:8c:20:84:c1:d4:da:87:76:
         8b:e1:8c:76:d4:b7:8b:61:d2:2b:ef:bd:c6:ab:13:10:c9:b4:
         db:97:f8:e6:21:d8:57:ab:6d:12:b7:aa:1f:94:16:7c:e6:99:
         90:36:ab:b9:a4:05:61:c1:7a:c2:b7:f5:5a:95:be:c1:fb:7d:
         05:30:3a:2a:0d:f4:a0:38:f3:52:a7:e9:b7:b6:94:f3:4d:78:
         52:ab:70:2e:59:1a:6d:70:22:06:a7:d9:d4:b1:73:49:43:a1:
         8c:74:0c:e7:3b:ec:60:cb:61:e7:d3:6c:91:25:15:16:76:d0:
         2e:5b:0d:86:22:a9:71:b9:ac:40:bb:51:3b:90:2b:b2:48:70:
         ea:11:d1:05:03:50:c6:8b:cb:a8:2a:22:62:4e:eb:1f:a5:b9:
         10:8f:d4:3d:76:02:76:6d:bd:cb:bb:29:9d:3e:22:b7:d9:03:
         f6:16:81:f3:40:99:5f:8a:56:d5:fc:fd:a0:b7:06:20:11:cd:
         13:58:6c:39:2d:e4:6a:9e:3b:6f:12:ce:7d:0e:28:0d:9c:89:
         59:63:b4:99:74:0f:41:41:bc:f3:a2:23:5b:d6:b7:52:46:9e:
         10:1c:7a:52:97:7f:3e:b9:7f:01:b1:52:e5:bd:c6:1c:39:6a:
         11:11:de:a8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKNGeu+cTxuLkPvhmklWS0zPVgtgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjVaFw0yNzA1MjEwODI0MjVaMDMxMTAvBgNV
BAMTKDU3QTYzNDRFNjg5NzU3MDQ1OTlFNEIwOUFBNUY5RTFFRUUyODBEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPMY94oKRi57OQB4Pv11pSXGaU
YC0DPgsHvajm69gUomEF5Pf+ufXHHQYjZR6dXlbCiKRfEvIn6k874pty8YQm8My8
QSqJjmVGZZBnqu3+BWxPg7wmFYUuoc6/S/j4CurmBVGUd9yBA1zIZBz77yHm7CDG
NqO3ZNW/ey2keaacr1v2goIrXAqnPaUYU/+dBX2fMLHcUYzQkl8u592Ix1n6zP3O
DHUt3VuxIXeiziHcYkQ89tXZqqwrOeDI6sZSe6jXEnbsQy9OIdXQ1dE4ZUVGDIqF
XMc9dIFD+9OCKzxHdJVEAouAd3ubxcT7YmkDuG6TDeDgxxKmQjFYG9TBR/vhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV6Y0TmiXVwRZnksJql+eHu4oDTIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMzMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlUf
6DANBgkqhkiG9w0BAQsFAAOCAQEAGF7tvhpj6oe6eYwghMHU2od2i+GMdtS3i2HS
K++9xqsTEMm025f45iHYV6ttEreqH5QWfOaZkDaruaQFYcF6wrf1WpW+wft9BTA6
Kg30oDjzUqfpt7aU8014UqtwLlkabXAiBqfZ1LFzSUOhjHQM5zvsYMth59NskSUV
FnbQLlsNhiKpcbmsQLtRO5Arskhw6hHRBQNQxovLqCoiYk7rH6W5EI/UPXYCdm29
y7spnT4it9kD9haB80CZX4pW1fz9oLcGIBHNE1hsOS3kap47bxLOfQ4oDZyJWWO0
mXQPQUG886IjW9a3UkaeEBx6Upd/Prl/AbFS5b3GHDlqERHeqA==
-----END CERTIFICATE-----