Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa
File:                     38362e33382e332e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          kfugqwL5a8rKpk8fwdFIn7pS0iv55PmKrmdtLvO9AmM=
Subject key identifier:   A8:10:D2:82:54:95:22:37:2B:D2:4A:4B:8A:3A:64:18:47:02:93:48
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       73A21C9101DA0E050B003F7AE68E8F22FFC35DC8
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 10 Apr 2026 10:11:01 +0000
ROA not before:           Fri 10 Apr 2026 10:06:01 +0000
ROA not after:            Fri 09 Apr 2027 10:11:01 +0000
asID:                     15419
IP address blocks:        86.38.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 01:06:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:a2:1c:91:01:da:0e:05:0b:00:3f:7a:e6:8e:8f:22:ff:c3:5d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Apr 10 10:06:01 2026 GMT
            Not After : Apr  9 10:11:01 2027 GMT
        Subject: CN=A810D282549522372BD24A4B8A3A641847029348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3e:6e:5a:71:73:03:92:cf:eb:88:39:d6:a8:
                    a2:08:1c:dc:fa:7f:70:1d:b6:93:15:46:3c:2f:02:
                    6b:4f:62:33:36:e9:00:b4:85:f7:77:77:98:9d:8e:
                    0a:b9:98:d0:e8:af:60:e4:54:5e:ba:81:0a:52:6a:
                    28:44:42:7f:8c:1c:10:bb:49:72:ab:de:85:dc:88:
                    9e:4a:10:5a:1d:49:9b:3d:43:ca:e8:a0:40:67:ec:
                    7f:66:f9:2a:26:eb:2a:f8:0a:2f:22:a1:61:c9:8d:
                    3c:b7:aa:dd:68:85:3b:00:15:f3:c3:7e:e0:20:3e:
                    38:ba:5c:20:94:d8:1d:9e:18:d4:47:32:3a:16:f0:
                    14:0e:d3:a7:d0:fe:7e:f0:c4:91:42:30:e4:c5:95:
                    82:b1:24:1f:f0:3f:07:b3:ff:63:ac:4c:73:e2:fd:
                    d1:1f:23:8a:9f:37:bb:75:27:ba:cd:43:21:26:2a:
                    9a:0a:40:7e:77:f5:44:1a:85:06:63:c4:b4:7a:e2:
                    38:7d:13:76:12:1e:ad:25:f3:b4:61:3b:1a:60:0c:
                    a1:29:2e:aa:b1:bd:ee:fd:cb:62:45:57:78:97:d1:
                    55:af:a2:f9:15:8b:0f:1b:f0:8b:35:f6:d8:89:b3:
                    f4:56:ab:d3:5f:96:44:7c:f7:83:b3:a0:0f:d9:84:
                    2d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:10:D2:82:54:95:22:37:2B:D2:4A:4B:8A:3A:64:18:47:02:93:48
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e332e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:49:12:40:ff:20:bf:dc:8b:9e:74:58:96:a8:0f:e8:c5:86:
         34:81:70:22:6e:84:0a:1f:aa:ad:37:64:cf:02:8c:49:45:b9:
         53:09:47:11:3d:0f:14:1a:3d:f3:b7:c4:05:19:9e:31:bd:d0:
         25:f8:e5:ab:83:99:2e:90:31:d1:d8:fd:e4:39:5b:7c:68:c4:
         0c:77:c7:82:99:37:02:96:8a:c8:06:1e:b6:6b:8c:01:5e:10:
         0b:01:a4:3a:2f:13:69:52:7e:de:46:26:15:12:bd:d2:ae:85:
         59:ee:ac:92:c4:40:d9:8d:a8:2a:03:77:96:fc:e7:78:96:c2:
         59:99:ae:0a:7e:e7:4e:b5:59:13:d9:6a:62:f6:28:a7:b6:e7:
         d4:17:b0:7d:d7:32:a9:65:a8:6c:88:56:17:b7:e0:67:07:c5:
         b0:08:89:aa:24:69:87:89:81:83:b6:14:d4:6f:93:78:ef:28:
         66:a2:47:dd:91:6e:70:ef:2e:e9:e7:b8:ed:02:47:27:75:15:
         c3:df:50:93:af:2e:71:9e:e2:41:a2:18:54:cc:4c:47:ce:cf:
         59:db:30:a1:11:94:6c:bf:e2:c8:cb:44:1a:37:69:d4:46:b7:
         3a:3f:a4:d4:a5:29:ba:b8:69:e9:00:a5:f4:56:37:04:9f:b8:
         de:37:ae:2d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUc6IckQHaDgULAD965o6PIv/DXcgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDFaFw0yNzA0MDkxMDExMDFaMDMxMTAvBgNV
BAMTKEE4MTBEMjgyNTQ5NTIyMzcyQkQyNEE0QjhBM0E2NDE4NDcwMjkzNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPm5acXMDks/riDnWqKIIHNz6
f3AdtpMVRjwvAmtPYjM26QC0hfd3d5idjgq5mNDor2DkVF66gQpSaihEQn+MHBC7
SXKr3oXciJ5KEFodSZs9Q8rooEBn7H9m+Som6yr4Ci8ioWHJjTy3qt1ohTsAFfPD
fuAgPji6XCCU2B2eGNRHMjoW8BQO06fQ/n7wxJFCMOTFlYKxJB/wPwez/2OsTHPi
/dEfI4qfN7t1J7rNQyEmKpoKQH539UQahQZjxLR64jh9E3YSHq0l87RhOxpgDKEp
Lqqxve79y2JFV3iX0VWvovkViw8b8Is19tiJs/RWq9NflkR894OzoA/ZhC2DAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqBDSglSVIjcr0kpLijpkGEcCk0gwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzNjJlMzMzODJlMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzQzMTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAViYDMA0G
CSqGSIb3DQEBCwUAA4IBAQB8SRJA/yC/3IuedFiWqA/oxYY0gXAiboQKH6qtN2TP
AoxJRblTCUcRPQ8UGj3zt8QFGZ4xvdAl+OWrg5kukDHR2P3kOVt8aMQMd8eCmTcC
lorIBh62a4wBXhALAaQ6LxNpUn7eRiYVEr3SroVZ7qySxEDZjagqA3eW/Od4lsJZ
ma4KfudOtVkT2Wpi9iintufUF7B91zKpZahsiFYXt+BnB8WwCImqJGmHiYGDthTU
b5N47yhmokfdkW5w7y7p57jtAkcndRXD31CTry5xnuJBohhUzExHzs9Z2zChEZRs
v+LIy0QaN2nURrc6P6TUpSm6uGnpAKX0VjcEn7jeN64t
-----END CERTIFICATE-----