Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa
File:                     38352e33312e3233362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          CTqXP+PIpb03wYTWhBSYgJLP6sdBlzEXiacNi3evDy4=
Subject key identifier:   12:BD:26:14:E3:78:97:46:0B:62:F9:9C:8A:A3:58:72:36:F5:C2:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0C6FC9B1E4F576DEDCEAAA27479C87A86AF5BF51
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:25 +0000
ROA not before:           Fri 22 May 2026 08:19:25 +0000
ROA not after:            Fri 21 May 2027 08:24:25 +0000
asID:                     47583
IP address blocks:        85.31.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:6f:c9:b1:e4:f5:76:de:dc:ea:aa:27:47:9c:87:a8:6a:f5:bf:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:25 2026 GMT
            Not After : May 21 08:24:25 2027 GMT
        Subject: CN=12BD2614E37897460B62F99C8AA3587236F5C28E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3e:06:dc:17:8f:30:e0:4d:45:3c:22:05:90:
                    51:ea:51:cc:c2:24:e1:b5:65:5e:e2:ab:1f:97:e6:
                    df:bd:3f:97:0b:cf:7f:03:7e:5e:25:06:a4:bb:4e:
                    b2:e8:55:d2:e8:50:1a:c0:bf:0f:3a:c4:aa:d8:86:
                    76:1b:db:0f:7c:3a:cd:3a:38:1d:1d:38:8a:51:c4:
                    68:8c:17:ef:e7:c8:ca:77:ea:5c:90:bc:50:e3:00:
                    50:6d:c8:59:9e:1f:4a:69:38:bc:1d:47:69:e6:80:
                    6a:18:fc:7d:96:05:a7:cd:1d:38:ce:d0:37:0b:fe:
                    9b:36:94:50:ee:8e:dd:9d:88:36:40:65:2d:e0:56:
                    cf:be:4a:0d:d4:fa:fc:84:45:63:0d:ce:ab:b5:33:
                    79:cd:f7:f2:a9:f8:e4:4c:87:12:4d:4f:34:02:71:
                    e8:0f:05:cf:70:a2:d2:a1:0a:d7:a7:e2:5e:17:a3:
                    07:15:e5:35:05:a4:b1:0f:df:93:9b:51:94:dc:30:
                    ff:35:c0:14:0b:44:e7:c3:3f:f1:66:40:92:3f:1b:
                    df:76:c1:63:2b:32:0d:19:96:15:cd:01:4d:93:38:
                    8c:b8:48:8d:b9:ba:d4:52:9b:72:57:98:45:26:c6:
                    9c:d6:26:fb:fb:79:88:6d:ca:91:05:e2:62:dc:e5:
                    24:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BD:26:14:E3:78:97:46:0B:62:F9:9C:8A:A3:58:72:36:F5:C2:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e33312e3233362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:54:4d:91:b7:e0:ef:39:e0:30:9e:fd:c7:6c:c3:a2:fe:b3:
         fc:e8:dd:ba:ca:7b:5a:3b:05:0c:09:92:7a:21:4b:a3:0f:06:
         c6:5e:cb:f4:53:63:a3:9a:3c:91:1b:8c:d0:cd:00:6a:81:51:
         93:4b:40:28:64:39:25:47:d9:0a:12:a4:f0:a1:7a:47:cb:02:
         86:99:b3:f4:01:ae:56:f2:3f:49:66:0c:c0:24:9f:69:4f:fe:
         e5:ff:3a:fa:a3:11:10:04:14:61:fa:00:a4:a0:e1:67:76:60:
         18:11:3b:4a:b8:0d:f8:62:93:cd:01:91:c4:2b:61:e3:c8:3c:
         61:7b:75:4a:63:f8:7b:68:c1:23:fd:de:7a:22:1a:bf:6e:33:
         7d:43:41:17:c7:40:8c:14:2d:52:ca:9e:8b:37:02:d6:0e:0a:
         5a:6e:5d:37:69:fd:dc:21:db:5f:85:6f:ac:5f:ce:02:0b:a8:
         64:62:77:4f:72:51:b1:e5:60:1f:ba:3a:f0:f0:16:2a:f9:d0:
         98:31:e2:85:5e:a2:12:ad:e0:84:28:7f:ea:71:e7:0a:d5:a1:
         bc:9b:1e:71:2b:80:28:9d:56:46:13:a4:35:91:2f:c1:17:66:
         5e:10:bc:b4:43:2f:cc:d6:ed:9a:1b:96:5d:64:74:b8:5d:ba:
         a0:ff:ba:9e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDG/JseT1dt7c6qonR5yHqGr1v1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjVaFw0yNzA1MjEwODI0MjVaMDMxMTAvBgNV
BAMTKDEyQkQyNjE0RTM3ODk3NDYwQjYyRjk5QzhBQTM1ODcyMzZGNUMyOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDPgbcF48w4E1FPCIFkFHqUczC
JOG1ZV7iqx+X5t+9P5cLz38Dfl4lBqS7TrLoVdLoUBrAvw86xKrYhnYb2w98Os06
OB0dOIpRxGiMF+/nyMp36lyQvFDjAFBtyFmeH0ppOLwdR2nmgGoY/H2WBafNHTjO
0DcL/ps2lFDujt2diDZAZS3gVs++Sg3U+vyERWMNzqu1M3nN9/Kp+ORMhxJNTzQC
cegPBc9wotKhCten4l4XowcV5TUFpLEP35ObUZTcMP81wBQLROfDP/FmQJI/G992
wWMrMg0ZlhXNAU2TOIy4SI25utRSm3JXmEUmxpzWJvv7eYhtypEF4mLc5SQPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEr0mFON4l0YLYvmciqNYcjb1wo4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzMzMTJlMzIzMzM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlUf
7DANBgkqhkiG9w0BAQsFAAOCAQEAOVRNkbfg7zngMJ79x2zDov6z/Ojdusp7WjsF
DAmSeiFLow8Gxl7L9FNjo5o8kRuM0M0AaoFRk0tAKGQ5JUfZChKk8KF6R8sChpmz
9AGuVvI/SWYMwCSfaU/+5f86+qMREAQUYfoApKDhZ3ZgGBE7SrgN+GKTzQGRxCth
48g8YXt1SmP4e2jBI/3eeiIav24zfUNBF8dAjBQtUsqeizcC1g4KWm5dN2n93CHb
X4VvrF/OAguoZGJ3T3JRseVgH7o68PAWKvnQmDHihV6iEq3ghCh/6nHnCtWhvJse
cSuAKJ1WRhOkNZEvwRdmXhC8tEMvzNbtmhuWXWR0uF26oP+6ng==
-----END CERTIFICATE-----