Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3170.roa
File:                     AS3170.roa (raw, json)
Hash identifier:          tI5aN6ZSJZq3cA+Z8wenYqF4cjwv9eBUIeP92HTvlt4=
Subject key identifier:   2A:CF:8C:44:F3:05:1A:97:38:5B:BC:91:2F:0F:F8:C1:C1:2C:05:F4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7328AC82719D3AE4F54C8ACE13FE72F1275215F1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3170.roa
Signing time:             Wed 29 Oct 2025 17:37:36 +0000
ROA not before:           Wed 29 Oct 2025 17:32:36 +0000
ROA not after:            Wed 28 Oct 2026 17:37:36 +0000
asID:                     3170
IP address blocks:        82.38.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:28:ac:82:71:9d:3a:e4:f5:4c:8a:ce:13:fe:72:f1:27:52:15:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 29 17:32:36 2025 GMT
            Not After : Oct 28 17:37:36 2026 GMT
        Subject: CN=2ACF8C44F3051A97385BBC912F0FF8C1C12C05F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:79:92:59:c6:0c:1f:5c:81:26:5a:68:8d:9f:
                    58:4d:fa:59:60:13:af:13:82:5b:51:e5:0a:af:36:
                    ea:9f:61:49:47:92:3f:21:b2:be:97:dd:63:cf:99:
                    21:d4:42:b7:db:1c:da:93:77:6c:6d:f9:b5:ed:38:
                    6e:a2:ac:26:ce:b8:41:b7:55:88:67:e2:6e:65:e8:
                    12:6e:c0:d9:ef:f6:c2:62:e5:71:22:4f:21:b1:a0:
                    c1:d0:52:f7:df:c3:d7:df:23:a5:0c:19:55:f3:b9:
                    e6:73:f5:3f:07:b8:33:fa:64:a0:fa:3c:76:85:25:
                    f7:a1:f8:fe:66:ce:6f:33:91:9b:ea:ba:87:e4:79:
                    de:68:b9:74:ee:c3:82:55:85:0b:f7:c1:63:df:57:
                    48:f4:bb:e1:82:6b:d4:73:3b:66:9a:7c:8b:41:07:
                    ae:e5:1b:0e:b2:f3:b6:8b:f1:63:9e:c3:a9:65:bb:
                    a4:a8:e5:d9:e6:9b:6f:4d:f7:d4:fc:a7:42:6d:47:
                    a3:67:d9:7a:a4:f1:8c:46:52:60:58:d7:70:5b:3a:
                    c6:4c:8d:b7:88:22:26:c7:ae:a1:c2:dd:bf:04:8f:
                    2c:01:43:26:84:b1:b6:17:50:82:00:f0:79:70:9e:
                    9f:21:ea:50:f6:a3:5b:85:e1:d2:e7:7a:6d:be:08:
                    d3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CF:8C:44:F3:05:1A:97:38:5B:BC:91:2F:0F:F8:C1:C1:2C:05:F4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f7:09:f6:d4:27:7e:8b:44:29:ec:bb:31:11:de:ec:a1:51:
         0d:0e:b1:26:67:6d:2f:79:a4:30:0b:3b:33:0a:37:c7:7e:ce:
         ee:b4:59:e2:a1:8e:cb:14:0f:10:06:10:8a:2e:a1:4e:34:d9:
         76:3c:9b:11:21:59:b4:c8:6c:83:5d:88:88:f2:8f:73:98:b5:
         4e:6f:e9:51:d4:42:82:89:97:46:6a:28:4f:29:f5:8e:c8:0a:
         30:f7:5f:07:83:7c:17:0b:a7:f0:80:00:af:da:e3:98:4e:ae:
         2f:68:ae:36:bc:8f:12:c7:64:29:4a:c4:36:48:1f:bd:56:b3:
         c2:dc:2b:8c:7c:d0:1f:5b:66:3b:09:97:84:80:b2:ac:41:15:
         4e:0c:13:f8:c3:f3:2e:0a:d1:1b:dc:ba:d2:89:dd:c4:9e:43:
         e8:f2:1b:ec:10:94:c0:fd:55:5f:4b:3f:98:77:95:2c:00:d5:
         88:b1:75:72:64:54:82:a8:99:43:45:43:d0:2a:c7:7f:38:09:
         fb:68:3f:7b:33:5a:aa:86:7e:c9:46:c2:2f:47:ba:92:c8:a2:
         b8:d2:2c:10:eb:8f:21:5a:cc:12:e2:73:01:fe:fa:12:52:83:
         40:b6:ad:fd:d3:ad:d5:28:35:8b:48:98:98:ed:90:aa:f5:42:
         0d:1b:ab:47
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUcyisgnGdOuT1TIrOE/5y8SdSFfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjkxNzMyMzZaFw0yNjEwMjgxNzM3MzZaMDMxMTAvBgNV
BAMTKDJBQ0Y4QzQ0RjMwNTFBOTczODVCQkM5MTJGMEZGOEMxQzEyQzA1RjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdeZJZxgwfXIEmWmiNn1hN+llg
E68TgltR5QqvNuqfYUlHkj8hsr6X3WPPmSHUQrfbHNqTd2xt+bXtOG6irCbOuEG3
VYhn4m5l6BJuwNnv9sJi5XEiTyGxoMHQUvffw9ffI6UMGVXzueZz9T8HuDP6ZKD6
PHaFJfeh+P5mzm8zkZvquofked5ouXTuw4JVhQv3wWPfV0j0u+GCa9RzO2aafItB
B67lGw6y87aL8WOew6llu6So5dnmm29N99T8p0JtR6Nn2Xqk8YxGUmBY13BbOsZM
jbeIIibHrqHC3b8EjywBQyaEsbYXUIIA8Hlwnp8h6lD2o1uF4dLnem2+CNPHAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUKs+MRPMFGpc4W7yRLw/4wcEsBfQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzE3MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFImADAN
BgkqhkiG9w0BAQsFAAOCAQEAhfcJ9tQnfotEKey7MRHe7KFRDQ6xJmdtL3mkMAs7
Mwo3x37O7rRZ4qGOyxQPEAYQii6hTjTZdjybESFZtMhsg12IiPKPc5i1Tm/pUdRC
gomXRmooTyn1jsgKMPdfB4N8Fwun8IAAr9rjmE6uL2iuNryPEsdkKUrENkgfvVaz
wtwrjHzQH1tmOwmXhICyrEEVTgwT+MPzLgrRG9y60ondxJ5D6PIb7BCUwP1VX0s/
mHeVLADViLF1cmRUgqiZQ0VD0CrHfzgJ+2g/ezNaqoZ+yUbCL0e6ksiiuNIsEOuP
IVrMEuJzAf76ElKDQLat/dOt1Sg1i0iYmO2QqvVCDRurRw==
-----END CERTIFICATE-----