Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32362e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e32362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          T1cCAJDRZwjzW9i5/Fg/+smVPcIPJkyoS++WeKvbW0g=
Subject key identifier:   45:7D:1D:69:45:E2:1F:FA:22:26:DF:96:38:B3:DE:91:1B:A7:F6:40
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       321322ACB1870045F52A39AA022B0D5504B3919B
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32362e302f32342d3234203d3e20383334.roa
Signing time:             Thu 16 Apr 2026 09:32:42 +0000
ROA not before:           Thu 16 Apr 2026 09:27:42 +0000
ROA not after:            Thu 15 Apr 2027 09:32:42 +0000
asID:                     834
IP address blocks:        87.254.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:13:22:ac:b1:87:00:45:f5:2a:39:aa:02:2b:0d:55:04:b3:91:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Apr 16 09:27:42 2026 GMT
            Not After : Apr 15 09:32:42 2027 GMT
        Subject: CN=457D1D6945E21FFA2226DF9638B3DE911BA7F640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:d0:b1:0c:56:20:8b:ea:f7:11:21:e7:8b:
                    37:03:38:c0:1b:bf:9a:5d:aa:29:ea:17:8e:2c:a5:
                    de:38:3b:da:5f:b8:cb:8c:7f:81:97:bb:6e:2a:c9:
                    3d:66:35:16:d6:e7:30:43:d8:84:83:f1:5b:5f:3b:
                    39:4a:f0:39:c3:ad:20:76:61:96:65:8f:a4:8f:1d:
                    b7:aa:44:ea:3f:46:8a:ec:7b:42:d0:6e:7c:9a:da:
                    ab:ee:ca:33:37:0b:d1:b9:70:a3:b3:cc:d9:75:67:
                    d0:9d:13:70:5b:7b:26:cf:60:01:0a:2e:a1:a1:8f:
                    31:d7:51:5d:9a:7e:80:48:a9:53:9f:72:ce:8d:15:
                    e4:af:78:98:46:5e:7f:15:2d:7e:4e:47:12:12:91:
                    07:dd:2a:0d:eb:58:90:1d:30:bb:79:37:1c:68:93:
                    6e:f8:14:96:12:c5:34:90:83:24:12:48:37:9d:10:
                    68:88:fd:fd:0f:4b:8a:31:7e:56:20:40:7c:ba:8a:
                    22:3e:2d:42:c6:f3:d3:1c:ac:4e:8d:37:8c:a3:cf:
                    28:f0:ab:4d:d3:15:74:e1:69:fa:11:10:6b:3e:c9:
                    ff:3e:bc:13:b6:cd:0f:8f:d1:7e:28:cf:47:79:99:
                    0e:4e:eb:84:a6:40:b2:43:8f:69:d8:2b:58:37:aa:
                    4e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7D:1D:69:45:E2:1F:FA:22:26:DF:96:38:B3:DE:91:1B:A7:F6:40
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:b0:69:4d:22:b9:da:c6:6d:d0:e4:32:b2:60:2d:0e:07:e9:
         19:7b:72:5a:e0:5b:1b:44:b6:2a:d6:88:0b:7b:b9:2b:49:13:
         9c:88:4b:56:04:df:99:1b:bb:e5:87:d2:b9:a2:2b:78:9d:53:
         93:ef:9c:a4:9e:38:4a:d5:8e:aa:17:ac:e2:18:98:79:0f:65:
         4c:7a:1d:3a:04:68:c4:78:38:00:42:32:7c:4e:ba:84:33:f3:
         68:af:05:30:cf:b3:c4:2c:1b:03:09:52:84:fa:1b:aa:e9:6f:
         09:91:08:29:14:6a:0f:4d:1f:5a:fb:08:94:34:2e:74:75:16:
         23:b7:80:86:2b:7a:ce:ca:a7:2f:7c:7b:40:5f:6e:69:09:0c:
         7c:32:65:7f:ad:71:d9:49:5d:3e:f1:b7:e7:51:b5:6d:cf:5c:
         6a:b5:d8:f3:74:65:34:8d:78:9c:c6:f2:3b:59:fb:1c:5f:6c:
         e2:38:0b:b4:c7:ae:46:3f:49:b8:a6:c9:1d:cf:a9:4f:85:6d:
         a4:af:e1:08:0a:2b:39:1d:b4:ab:6a:d8:39:b1:ef:12:25:f2:
         73:eb:50:9d:a1:36:ff:3c:d0:77:ec:cf:8f:e0:f4:25:06:ec:
         d9:ac:5e:1b:ed:f5:51:08:aa:2d:59:0f:0f:47:08:dc:e0:4f:
         79:68:87:89
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMhMirLGHAEX1KjmqAisNVQSzkZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MTYwOTI3NDJaFw0yNzA0MTUwOTMyNDJaMDMxMTAvBgNV
BAMTKDQ1N0QxRDY5NDVFMjFGRkEyMjI2REY5NjM4QjNERTkxMUJBN0Y2NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5WtCxDFYgi+r3ESHnizcDOMAb
v5pdqinqF44spd44O9pfuMuMf4GXu24qyT1mNRbW5zBD2ISD8VtfOzlK8DnDrSB2
YZZlj6SPHbeqROo/Rorse0LQbnya2qvuyjM3C9G5cKOzzNl1Z9CdE3BbeybPYAEK
LqGhjzHXUV2afoBIqVOfcs6NFeSveJhGXn8VLX5ORxISkQfdKg3rWJAdMLt5Nxxo
k274FJYSxTSQgyQSSDedEGiI/f0PS4oxflYgQHy6iiI+LULG89McrE6NN4yjzyjw
q03TFXThafoREGs+yf8+vBO2zQ+P0X4oz0d5mQ5O64SmQLJDj2nYK1g3qk5NAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQURX0daUXiH/oiJt+WOLPekRun9kAwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4aMA0G
CSqGSIb3DQEBCwUAA4IBAQBmsGlNIrnaxm3Q5DKyYC0OB+kZe3Ja4FsbRLYq1ogL
e7krSROciEtWBN+ZG7vlh9K5oit4nVOT75yknjhK1Y6qF6ziGJh5D2VMeh06BGjE
eDgAQjJ8TrqEM/NorwUwz7PELBsDCVKE+huq6W8JkQgpFGoPTR9a+wiUNC50dRYj
t4CGK3rOyqcvfHtAX25pCQx8MmV/rXHZSV0+8bfnUbVtz1xqtdjzdGU0jXicxvI7
WfscX2ziOAu0x65GP0m4pskdz6lPhW2kr+EICis5HbSratg5se8SJfJz61CdoTb/
PNB37M+P4PQlBuzZrF4b7fVRCKotWQ8PRwjc4E95aIeJ
-----END CERTIFICATE-----