Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AUroM3Ze9/bgNK4SmI1yZ3cWpG0YNFOdb8fywq9WEFo=
Subject key identifier:   02:36:A4:97:9C:AE:0A:A2:B7:EE:58:B6:5B:D6:5B:E5:5D:38:53:75
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       669F280755EEF2BCADA923373CF5AD1B6EE5C5C2
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa
Signing time:             Sun 07 Jun 2026 17:05:28 +0000
ROA not before:           Sun 07 Jun 2026 17:00:28 +0000
ROA not after:            Sun 06 Jun 2027 17:05:28 +0000
asID:                     834
IP address blocks:        87.254.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:9f:28:07:55:ee:f2:bc:ad:a9:23:37:3c:f5:ad:1b:6e:e5:c5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Jun  7 17:00:28 2026 GMT
            Not After : Jun  6 17:05:28 2027 GMT
        Subject: CN=0236A4979CAE0AA2B7EE58B65BD65BE55D385375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:dd:0f:78:52:c0:5c:3e:54:9e:f3:49:6e:97:
                    c1:ab:1a:f2:38:8a:fc:54:49:bb:33:5c:2b:49:db:
                    81:a1:ff:c3:16:ce:1f:72:2d:d1:d3:c2:58:7e:67:
                    6a:2e:c9:7f:00:4e:b0:b3:23:97:d2:0a:ed:1c:50:
                    18:fa:47:1a:9b:a5:08:5d:19:52:06:39:96:fa:a6:
                    79:c0:8d:9b:21:c7:ac:3e:f5:14:f2:83:db:9c:86:
                    49:2b:4e:8e:0e:78:37:33:3b:49:86:63:fe:f6:94:
                    1f:e0:af:82:a3:45:23:2e:3a:a1:47:39:fd:63:cc:
                    93:b3:76:ad:df:68:2f:12:b0:93:b7:c1:d6:64:d1:
                    58:a5:0b:d8:44:d4:a6:db:aa:bd:88:e3:5a:f0:62:
                    3c:72:45:38:95:d7:be:35:e9:b6:e2:ea:74:31:5d:
                    88:8d:86:a2:73:50:59:c9:49:d2:c1:a7:96:88:4b:
                    5d:06:5c:6c:11:f5:de:6e:0a:03:2e:92:01:12:d0:
                    a2:0e:78:1e:79:71:03:61:44:cf:7a:1b:3a:1d:c9:
                    c0:81:64:7f:09:e1:02:0d:a0:20:e5:ca:ea:38:cb:
                    f5:64:55:21:10:3f:ed:22:ec:f2:c3:ad:86:b9:e2:
                    b8:cd:3a:34:5c:1f:88:a4:7f:bb:c9:9b:5d:37:49:
                    66:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:36:A4:97:9C:AE:0A:A2:B7:EE:58:B6:5B:D6:5B:E5:5D:38:53:75
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a3:9d:b8:9c:5d:71:5e:16:ad:1d:80:91:cc:3d:c0:07:43:
         a8:58:16:44:c4:89:d7:1b:90:9e:f3:a0:25:cd:47:4d:a5:e5:
         ad:3a:58:61:74:a8:db:1b:c6:01:0c:86:27:70:84:32:99:e8:
         0d:d6:d4:1b:a5:f6:58:ad:ec:39:fc:b8:07:7e:39:c3:76:02:
         57:37:b8:d6:c9:2f:f5:80:c5:78:37:a1:39:40:9d:74:ae:1f:
         90:0d:0d:80:bf:bd:a8:c9:d2:e0:00:7f:57:4f:75:77:98:b6:
         ff:00:0d:13:ff:09:d8:1d:ee:57:b9:bb:d0:eb:de:60:8a:60:
         19:85:48:fe:ea:79:51:96:7d:78:03:c7:bb:26:74:f9:93:85:
         21:46:04:6e:f2:a1:e3:2a:1d:6c:2a:5c:fa:b1:f5:2e:b6:fa:
         02:ba:17:b3:26:d8:f9:24:c0:54:bf:2c:f5:0a:d0:29:15:a4:
         c7:24:fc:27:4b:f6:42:2f:f9:e3:71:c4:b3:a3:6e:ab:4d:c9:
         be:9c:70:95:c0:13:a7:71:96:8d:60:1d:a2:55:80:09:c9:2d:
         12:ba:33:70:29:d3:59:c9:b2:a6:cf:62:92:39:03:75:18:a7:
         27:4b:3f:87:85:0e:d6:75:cd:5c:3e:4d:f9:f8:d1:5c:67:03:
         70:44:3b:35
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUZp8oB1Xu8rytqSM3PPWtG27lxcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA2MDcxNzAwMjhaFw0yNzA2MDYxNzA1MjhaMDMxMTAvBgNV
BAMTKDAyMzZBNDk3OUNBRTBBQTJCN0VFNThCNjVCRDY1QkU1NUQzODUzNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz3Q94UsBcPlSe80lul8GrGvI4
ivxUSbszXCtJ24Gh/8MWzh9yLdHTwlh+Z2ouyX8ATrCzI5fSCu0cUBj6RxqbpQhd
GVIGOZb6pnnAjZshx6w+9RTyg9uchkkrTo4OeDczO0mGY/72lB/gr4KjRSMuOqFH
Of1jzJOzdq3faC8SsJO3wdZk0VilC9hE1Kbbqr2I41rwYjxyRTiV17416bbi6nQx
XYiNhqJzUFnJSdLBp5aIS10GXGwR9d5uCgMukgES0KIOeB55cQNhRM96GzodycCB
ZH8J4QINoCDlyuo4y/VkVSEQP+0i7PLDrYa54rjNOjRcH4ikf7vJm103SWa/AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUAjakl5yuCqK37li2W9Zb5V04U3UwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+BzANBgkq
hkiG9w0BAQsFAAOCAQEAo6OduJxdcV4WrR2Akcw9wAdDqFgWRMSJ1xuQnvOgJc1H
TaXlrTpYYXSo2xvGAQyGJ3CEMpnoDdbUG6X2WK3sOfy4B345w3YCVze41skv9YDF
eDehOUCddK4fkA0NgL+9qMnS4AB/V091d5i2/wANE/8J2B3uV7m70OveYIpgGYVI
/up5UZZ9eAPHuyZ0+ZOFIUYEbvKh4yodbCpc+rH1Lrb6AroXsybY+STAVL8s9QrQ
KRWkxyT8J0v2Qi/543HEs6Nuq03JvpxwlcATp3GWjWAdolWACcktErozcCnTWcmy
ps9ikjkDdRinJ0s/h4UO1nXNXD5N+fjRXGcDcEQ7NQ==
-----END CERTIFICATE-----