Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32302e302f32342d3234203d3e2039333034.roa
File:                     38372e3235342e32302e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          4X1RHbA+I5YPTr7RjepEQXD+DyuHivSCZH5v4rwZll4=
Subject key identifier:   BF:87:BD:6E:93:14:B0:0C:92:3A:7E:58:D7:73:E7:F9:C9:91:BE:BE
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       6541F48968DB539DAF3E65524249E57FD4A74536
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32302e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 30 Mar 2026 05:08:33 +0000
ROA not before:           Mon 30 Mar 2026 05:03:33 +0000
ROA not after:            Mon 29 Mar 2027 05:08:33 +0000
asID:                     9304
IP address blocks:        87.254.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:41:f4:89:68:db:53:9d:af:3e:65:52:42:49:e5:7f:d4:a7:45:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar 30 05:03:33 2026 GMT
            Not After : Mar 29 05:08:33 2027 GMT
        Subject: CN=BF87BD6E9314B00C923A7E58D773E7F9C991BEBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:21:2f:ac:79:17:98:e4:01:4a:ec:c9:ad:6e:
                    08:53:f7:1f:f4:b8:5a:44:63:41:cb:01:48:76:4d:
                    0b:71:bc:f4:4a:6a:81:95:83:2c:4d:ca:82:30:04:
                    60:a1:7c:aa:14:97:49:38:01:ce:07:c3:3f:5c:03:
                    31:8c:62:e4:44:01:e4:d1:91:bd:d1:76:bf:d2:81:
                    3e:7f:38:a4:f4:c2:aa:38:93:bf:fe:9c:1b:b8:38:
                    f8:93:42:a3:c8:a2:99:3d:d6:90:7d:9a:d2:59:32:
                    35:7c:68:42:6b:d6:3a:bf:27:df:c7:81:f4:3c:d5:
                    0e:6d:dd:6c:d3:1e:0f:0e:6c:c9:f6:41:18:ef:e0:
                    aa:21:f2:ec:e2:11:07:27:4a:3b:21:9e:da:6f:67:
                    a6:86:d1:60:49:e1:c5:17:e9:ca:cb:b1:f5:5b:f3:
                    f1:b7:34:1c:29:c8:a8:df:7b:62:b1:24:2c:1d:17:
                    4c:d7:a9:41:49:22:1c:fc:16:07:8e:b2:97:5d:63:
                    02:9f:bd:23:be:0d:76:12:43:84:ed:bb:ac:93:54:
                    0b:17:12:d8:cf:8b:61:c2:bc:a5:2d:98:a0:71:66:
                    a3:89:63:4b:17:63:8d:f5:a4:fa:a4:ab:ec:45:94:
                    12:45:e4:5a:41:f8:60:31:27:1f:14:b6:10:e5:1d:
                    11:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:87:BD:6E:93:14:B0:0C:92:3A:7E:58:D7:73:E7:F9:C9:91:BE:BE
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32302e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:b8:bf:73:37:b0:c7:8d:c9:b6:d1:4d:2d:9f:87:f9:1b:03:
         8a:6d:39:e6:78:ab:22:3b:cd:f9:c2:a9:5d:bc:c7:84:ae:2d:
         0b:da:4d:90:4b:72:51:94:98:f4:c6:44:54:0f:d7:bd:30:3f:
         b9:78:82:46:16:1e:12:61:15:b3:05:e0:15:c2:61:da:43:59:
         e7:ff:f4:05:16:67:36:b7:ab:47:72:41:9f:45:8e:90:00:c5:
         5b:84:1a:86:82:b3:a9:ba:6a:7f:37:42:21:d1:8d:82:44:56:
         a5:55:9e:07:26:29:6c:58:1f:51:a2:e3:76:2f:5a:b6:47:a3:
         5c:e5:60:6e:e2:a6:af:5d:3c:4e:19:c8:22:4b:4d:07:ea:c9:
         fb:42:43:4a:3a:3b:8e:45:cb:56:c8:45:4a:ee:7a:cd:80:44:
         c3:a3:c6:bb:d6:f7:cb:f6:5e:c4:71:05:39:c6:de:be:3b:0e:
         b2:fe:e5:3f:1d:f0:c4:a7:a3:2b:2c:39:85:8d:10:d1:14:21:
         e4:d3:94:f3:b0:29:9f:c2:12:62:64:bb:4f:59:ea:cf:86:16:
         5e:3e:fd:13:55:50:3c:cd:90:c5:1f:b1:98:ea:74:d5:78:0f:
         86:94:cb:b3:54:a1:5c:11:c1:f2:0e:8f:92:57:db:08:90:cb:
         2a:a7:f4:63
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZUH0iWjbU52vPmVSQknlf9SnRTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMzAwNTAzMzNaFw0yNzAzMjkwNTA4MzNaMDMxMTAvBgNV
BAMTKEJGODdCRDZFOTMxNEIwMEM5MjNBN0U1OEQ3NzNFN0Y5Qzk5MUJFQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsIS+seReY5AFK7MmtbghT9x/0
uFpEY0HLAUh2TQtxvPRKaoGVgyxNyoIwBGChfKoUl0k4Ac4Hwz9cAzGMYuREAeTR
kb3Rdr/SgT5/OKT0wqo4k7/+nBu4OPiTQqPIopk91pB9mtJZMjV8aEJr1jq/J9/H
gfQ81Q5t3WzTHg8ObMn2QRjv4Koh8uziEQcnSjshntpvZ6aG0WBJ4cUX6crLsfVb
8/G3NBwpyKjfe2KxJCwdF0zXqUFJIhz8FgeOspddYwKfvSO+DXYSQ4Ttu6yTVAsX
EtjPi2HCvKUtmKBxZqOJY0sXY431pPqkq+xFlBJF5FpB+GAxJx8UthDlHREfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUv4e9bpMUsAySOn5Y13Pn+cmRvr4wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX/hQw
DQYJKoZIhvcNAQELBQADggEBAIe4v3M3sMeNybbRTS2fh/kbA4ptOeZ4qyI7zfnC
qV28x4SuLQvaTZBLclGUmPTGRFQP170wP7l4gkYWHhJhFbMF4BXCYdpDWef/9AUW
Zza3q0dyQZ9FjpAAxVuEGoaCs6m6an83QiHRjYJEVqVVngcmKWxYH1Gi43YvWrZH
o1zlYG7ipq9dPE4ZyCJLTQfqyftCQ0o6O45Fy1bIRUrues2ARMOjxrvW98v2XsRx
BTnG3r47DrL+5T8d8MSnoyssOYWNENEUIeTTlPOwKZ/CEmJku09Z6s+GFl4+/RNV
UDzNkMUfsZjqdNV4D4aUy7NUoVwRwfIOj5JX2wiQyyqn9GM=
-----END CERTIFICATE-----