Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32312e302f32342d3234203d3e2039333034.roa
File:                     38372e3235342e32312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          fhuLKVJWOGU8sXL3S0QoWozOsb/OD2qOzlxonYH/GYk=
Subject key identifier:   74:99:FB:9B:73:AF:3D:FE:78:8C:DF:43:D0:B5:3A:AE:0B:00:2E:12
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       541A9ABED62DA91F4EADA52EFC3A8003DE99B631
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32312e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 30 Mar 2026 05:08:32 +0000
ROA not before:           Mon 30 Mar 2026 05:03:32 +0000
ROA not after:            Mon 29 Mar 2027 05:08:32 +0000
asID:                     9304
IP address blocks:        87.254.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:1a:9a:be:d6:2d:a9:1f:4e:ad:a5:2e:fc:3a:80:03:de:99:b6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar 30 05:03:32 2026 GMT
            Not After : Mar 29 05:08:32 2027 GMT
        Subject: CN=7499FB9B73AF3DFE788CDF43D0B53AAE0B002E12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:ef:27:0b:59:c3:23:bc:d7:e6:eb:68:b9:
                    07:bd:ff:2d:bd:81:bd:9e:83:48:1b:7a:4c:31:c9:
                    eb:1e:1b:a5:7f:06:56:8f:78:2c:44:27:9a:1f:a3:
                    c4:f1:5c:95:f8:6a:4a:2c:54:23:f0:05:5d:a3:e1:
                    a6:72:15:0d:e0:5f:04:66:76:c0:9c:75:3b:3b:99:
                    95:dc:80:3a:a8:e1:01:21:7f:a6:ff:ad:89:d5:38:
                    67:30:33:ab:db:98:a4:35:5f:8d:21:e5:cd:d5:87:
                    32:81:8e:6a:32:ad:66:78:e4:8f:77:e0:5d:05:95:
                    0a:67:5d:39:5c:50:6c:1a:3d:0a:d6:9b:c7:b3:60:
                    f4:37:95:df:5a:35:98:4e:e3:34:6e:b4:88:c3:1b:
                    53:15:1d:c8:c5:7b:95:85:ee:e8:41:77:c7:a8:90:
                    69:43:94:5c:03:d6:c6:0b:19:92:74:c9:8a:84:bf:
                    e0:73:1b:f2:ea:5f:a8:22:bd:d3:a2:ae:64:1e:87:
                    73:e0:ee:ff:f6:bf:ce:48:b2:04:62:2a:88:a0:ac:
                    b2:6a:04:ad:fa:40:27:24:69:20:60:25:dd:4e:12:
                    a0:d8:cf:68:04:34:29:d2:39:00:bc:78:29:0c:42:
                    1f:09:10:70:13:d5:9f:08:05:cb:ce:92:f9:cc:07:
                    b4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:99:FB:9B:73:AF:3D:FE:78:8C:DF:43:D0:B5:3A:AE:0B:00:2E:12
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:37:ff:1e:66:d1:5f:3c:32:e5:9c:17:cf:7d:e9:7c:d4:41:
         2b:06:0c:4e:d9:4a:09:f3:b7:7f:6b:c7:00:4c:be:98:2d:4a:
         96:a3:bf:12:83:f0:c0:61:36:c8:67:35:f8:66:38:96:9e:50:
         6d:27:fa:e2:2f:4f:24:6c:c0:30:cb:c2:da:27:e6:46:cd:1a:
         ce:cf:92:c5:ff:37:0e:9b:04:b6:9c:d2:94:cf:11:aa:9d:7b:
         02:fc:19:f4:f6:85:87:47:7d:39:ea:5e:30:17:3f:fc:79:70:
         dc:6d:b5:ee:e2:a6:4d:ed:65:ed:dc:e9:aa:01:9d:f0:8d:ee:
         b8:81:49:39:ac:67:c4:7c:40:b0:4b:b5:4e:9a:0d:e2:47:01:
         61:ff:14:b5:3f:51:02:79:86:38:24:26:a4:d9:32:8d:5c:b4:
         ad:b9:67:ba:cf:7b:34:db:ca:15:9d:3a:5a:4b:b7:59:f8:d7:
         25:14:2f:0a:54:51:aa:39:eb:eb:27:42:bb:d7:40:53:43:b2:
         84:85:7b:4b:8c:7f:a0:62:06:37:a7:c6:11:2d:be:43:7c:45:
         50:e5:6b:f5:55:1c:33:dd:db:3b:31:36:b9:5b:c1:76:be:df:
         33:b2:5d:8a:56:75:bc:dd:c1:5b:c2:04:71:b3:e2:73:2c:2e:
         c2:a8:16:04
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVBqavtYtqR9OraUu/DqAA96ZtjEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMzAwNTAzMzJaFw0yNzAzMjkwNTA4MzJaMDMxMTAvBgNV
BAMTKDc0OTlGQjlCNzNBRjNERkU3ODhDREY0M0QwQjUzQUFFMEIwMDJFMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCboO8nC1nDI7zX5utouQe9/y29
gb2eg0gbekwxyeseG6V/BlaPeCxEJ5ofo8TxXJX4akosVCPwBV2j4aZyFQ3gXwRm
dsCcdTs7mZXcgDqo4QEhf6b/rYnVOGcwM6vbmKQ1X40h5c3VhzKBjmoyrWZ45I93
4F0FlQpnXTlcUGwaPQrWm8ezYPQ3ld9aNZhO4zRutIjDG1MVHcjFe5WF7uhBd8eo
kGlDlFwD1sYLGZJ0yYqEv+BzG/LqX6givdOirmQeh3Pg7v/2v85IsgRiKoigrLJq
BK36QCckaSBgJd1OEqDYz2gENCnSOQC8eCkMQh8JEHAT1Z8IBcvOkvnMB7QlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdJn7m3OvPf54jN9D0LU6rgsALhIwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX/hUw
DQYJKoZIhvcNAQELBQADggEBAG83/x5m0V88MuWcF8996XzUQSsGDE7ZSgnzt39r
xwBMvpgtSpajvxKD8MBhNshnNfhmOJaeUG0n+uIvTyRswDDLwton5kbNGs7PksX/
Nw6bBLac0pTPEaqdewL8GfT2hYdHfTnqXjAXP/x5cNxtte7ipk3tZe3c6aoBnfCN
7riBSTmsZ8R8QLBLtU6aDeJHAWH/FLU/UQJ5hjgkJqTZMo1ctK25Z7rPezTbyhWd
OlpLt1n41yUULwpUUao56+snQrvXQFNDsoSFe0uMf6BiBjenxhEtvkN8RVDla/VV
HDPd2zsxNrlbwXa+3zOyXYpWdbzdwVvCBHGz4nMsLsKoFgQ=
-----END CERTIFICATE-----