Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa
File:                     38352e3230392e3232392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          8cp1xw1kRvL2U78wFdtnIHmek+jH0g7VJkPisvhFRGU=
Subject key identifier:   90:47:8D:BD:B2:29:1E:50:43:01:A0:7A:9F:E9:B4:18:77:A4:78:D3
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       08A92CFC9507694F68220CC6434C7784A0D2CFEA
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 03 Nov 2025 00:09:07 +0000
ROA not before:           Mon 03 Nov 2025 00:04:07 +0000
ROA not after:            Mon 02 Nov 2026 00:09:07 +0000
asID:                     834
IP address blocks:        85.209.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a9:2c:fc:95:07:69:4f:68:22:0c:c6:43:4c:77:84:a0:d2:cf:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Nov  3 00:04:07 2025 GMT
            Not After : Nov  2 00:09:07 2026 GMT
        Subject: CN=90478DBDB2291E504301A07A9FE9B41877A478D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:94:74:59:24:dc:05:ec:f5:a9:44:35:d5:57:
                    c8:58:ed:8b:7b:a8:c0:52:ca:18:02:2c:47:c3:30:
                    54:bd:37:4b:c5:84:96:d8:91:00:29:76:37:9e:35:
                    13:74:61:1b:96:4e:2c:a2:d6:92:b2:e7:49:a3:6a:
                    91:81:3a:4d:3e:c2:ee:b0:18:cc:cb:ed:4f:35:37:
                    cf:28:f2:54:cd:85:5a:5b:dc:33:38:5e:53:ff:a0:
                    4a:f2:82:fa:11:68:e0:79:47:33:c6:68:06:b8:60:
                    59:44:70:a1:7c:fc:bb:ed:aa:31:58:4e:23:a5:db:
                    29:f1:6b:9b:83:76:e9:86:52:26:5b:95:3d:9c:ac:
                    18:e5:24:8e:ff:99:b4:ed:50:ff:5d:a3:66:63:cd:
                    88:e7:72:3c:d1:5b:ae:e2:ab:a0:05:61:f2:b7:07:
                    a0:1f:8f:1a:56:f8:d2:9f:7f:1b:2e:07:eb:8d:ac:
                    1c:49:cd:f3:ea:ef:7c:0a:7d:63:1d:82:45:b8:79:
                    d8:b4:60:a1:b0:fd:52:c1:03:14:1e:bb:e4:b3:84:
                    03:8f:45:8f:56:81:a3:70:ad:55:9f:29:a1:e9:e8:
                    84:e1:92:74:ff:b2:60:82:a4:e6:4c:7c:6a:9b:cf:
                    4c:6a:31:25:41:4b:10:f1:37:62:be:34:8d:4c:92:
                    b5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:47:8D:BD:B2:29:1E:50:43:01:A0:7A:9F:E9:B4:18:77:A4:78:D3
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:65:8a:25:af:4f:fc:53:99:fb:a6:d0:1a:83:05:a6:fa:37:
         ed:eb:bf:a0:0c:4d:c1:56:e7:21:3d:cf:ae:48:b8:08:6d:5f:
         e2:ff:4b:21:e1:07:50:1a:13:a4:b6:17:3b:05:39:a2:e5:41:
         1f:b1:4f:77:30:a1:db:52:eb:a9:06:d1:1b:30:64:c3:0c:e4:
         86:02:02:d1:cf:97:d8:33:2d:42:e6:e6:f3:95:ff:13:56:da:
         78:ef:17:ba:92:60:44:2a:d4:da:20:5f:d2:1d:ef:35:36:67:
         09:2f:91:51:e4:8c:44:e1:e4:ca:e9:c4:46:6f:e0:cb:ca:71:
         fa:89:5f:64:2a:d6:d6:22:9b:a1:92:89:2c:c8:ce:62:64:fd:
         f5:84:7e:43:ef:56:1c:70:0a:2c:b7:71:31:80:b6:0f:e3:61:
         1d:78:d5:76:ac:65:82:2c:32:b2:63:cd:c6:b5:71:f0:84:4d:
         f3:95:1b:8b:95:f4:e4:a6:03:45:ee:af:3f:2e:dd:13:8f:9e:
         03:b7:9b:05:8e:36:1b:3c:35:8b:f4:46:9f:72:04:33:af:9a:
         75:e9:43:72:b9:41:c2:3e:8d:91:e7:5b:79:b3:f2:d0:ef:0f:
         b8:66:f0:ba:70:2f:37:ce:01:d7:c3:2b:c8:72:5e:28:2c:68:
         5e:62:92:b0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCKks/JUHaU9oIgzGQ0x3hKDSz+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTExMDMwMDA0MDdaFw0yNjExMDIwMDA5MDdaMDMxMTAvBgNV
BAMTKDkwNDc4REJEQjIyOTFFNTA0MzAxQTA3QTlGRTlCNDE4NzdBNDc4RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnlHRZJNwF7PWpRDXVV8hY7Yt7
qMBSyhgCLEfDMFS9N0vFhJbYkQApdjeeNRN0YRuWTiyi1pKy50mjapGBOk0+wu6w
GMzL7U81N88o8lTNhVpb3DM4XlP/oErygvoRaOB5RzPGaAa4YFlEcKF8/LvtqjFY
TiOl2ynxa5uDdumGUiZblT2crBjlJI7/mbTtUP9do2ZjzYjncjzRW67iq6AFYfK3
B6AfjxpW+NKffxsuB+uNrBxJzfPq73wKfWMdgkW4edi0YKGw/VLBAxQeu+SzhAOP
RY9WgaNwrVWfKaHp6IThknT/smCCpOZMfGqbz0xqMSVBSxDxN2K+NI1MkrVFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkEeNvbIpHlBDAaB6n+m0GHekeNMwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0eUw
DQYJKoZIhvcNAQELBQADggEBAL1liiWvT/xTmfum0BqDBab6N+3rv6AMTcFW5yE9
z65IuAhtX+L/SyHhB1AaE6S2FzsFOaLlQR+xT3cwodtS66kG0RswZMMM5IYCAtHP
l9gzLULm5vOV/xNW2njvF7qSYEQq1NogX9Id7zU2ZwkvkVHkjETh5MrpxEZv4MvK
cfqJX2Qq1tYim6GSiSzIzmJk/fWEfkPvVhxwCiy3cTGAtg/jYR141XasZYIsMrJj
zca1cfCETfOVG4uV9OSmA0Xurz8u3ROPngO3mwWONhs8NYv0Rp9yBDOvmnXpQ3K5
QcI+jZHnW3mz8tDvD7hm8LpwLzfOAdfDK8hyXigsaF5ikrA=
-----END CERTIFICATE-----