Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa
File:                     38352e3131372e3233302e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          WxHcRq5WCH3YmKS5+Il6T1ro4Oc3AucTAyVboxN6cYg=
Subject key identifier:   0D:0E:EC:BD:59:06:26:19:49:EF:22:16:35:FA:A0:26:4B:1B:62:4C
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       466B788D161AF410CA90D07339EBE8CAA49D5D28
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 11 Feb 2026 12:55:38 +0000
ROA not before:           Wed 11 Feb 2026 12:50:38 +0000
ROA not after:            Wed 10 Feb 2027 12:55:38 +0000
asID:                     5065
IP address blocks:        85.117.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 11:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6b:78:8d:16:1a:f4:10:ca:90:d0:73:39:eb:e8:ca:a4:9d:5d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Feb 11 12:50:38 2026 GMT
            Not After : Feb 10 12:55:38 2027 GMT
        Subject: CN=0D0EECBD5906261949EF221635FAA0264B1B624C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ee:11:cf:1a:4f:40:f1:d9:53:58:2b:df:8d:
                    c4:15:80:d0:89:8c:b4:5a:59:51:70:b8:93:ef:8d:
                    ec:25:80:2f:57:b3:fa:ee:d6:4b:25:2a:a5:5f:55:
                    79:84:0f:e4:75:d8:6d:b5:5d:6f:e3:49:52:58:45:
                    a1:56:0f:af:22:22:3f:51:66:85:c0:23:51:8b:00:
                    8c:c3:e7:74:8a:4a:a0:48:01:93:cf:23:0b:67:cc:
                    e3:d9:5b:80:c9:d3:e7:f9:1d:9b:11:de:95:ca:db:
                    88:40:62:ab:64:62:12:f1:13:69:66:b5:6c:21:d8:
                    6c:cd:1d:de:03:3b:5a:af:26:4e:7f:ac:ec:1b:b6:
                    42:6b:bd:6a:cc:53:b9:d6:d3:bd:45:a1:2b:c7:01:
                    09:77:83:81:19:e1:96:ca:08:c0:2a:c5:e4:b5:fa:
                    19:5b:d1:98:1a:65:b2:a5:0c:09:5d:cb:35:f8:c9:
                    35:5e:6a:e7:1f:34:54:16:67:f2:45:48:d5:c6:49:
                    27:f9:e7:c1:d1:d4:10:50:2f:6a:11:d0:cd:06:3d:
                    d1:32:a8:34:f4:68:cb:54:84:12:57:e2:a5:47:2a:
                    9b:fa:6e:8f:53:cf:80:73:18:d1:42:20:c4:cb:d3:
                    d9:e4:80:ff:d0:42:2e:71:64:e0:3f:0e:ed:80:c4:
                    4d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:0E:EC:BD:59:06:26:19:49:EF:22:16:35:FA:A0:26:4B:1B:62:4C
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:7e:4e:17:2c:ef:21:00:28:7f:26:1f:5d:10:52:70:20:ff:
         6f:f3:96:2c:da:e9:94:fe:fd:5a:85:db:cc:4c:2b:8d:9a:27:
         bd:3a:85:f8:40:8a:e2:ab:9d:79:1f:e1:a3:86:3f:e3:8f:91:
         c6:61:57:ed:14:77:e8:72:d4:81:7c:85:32:bf:c0:a3:7a:3e:
         26:5f:04:4c:8f:ec:87:fa:89:5a:c2:74:5b:ce:e5:c5:ec:67:
         bf:40:a8:6d:d5:d5:17:c7:7d:38:08:a0:b1:17:fa:be:c2:13:
         4b:82:a0:c1:dd:b8:75:bf:0e:a5:34:13:58:71:c7:53:13:a5:
         d8:bc:f6:92:29:41:8c:ea:b9:67:81:36:9a:cd:55:01:7d:7b:
         86:7b:73:34:e0:b2:77:e0:c3:7d:00:45:be:cb:fb:01:19:64:
         c3:e3:8c:82:19:bf:8b:2b:d2:6e:c1:78:78:a8:61:12:29:80:
         7d:ac:4c:91:09:13:4b:3e:af:0a:6d:db:bb:a5:a9:80:63:3f:
         39:e1:c2:f5:5c:c3:55:49:dd:33:fc:91:dc:99:be:01:2c:58:
         9f:42:07:82:df:32:1e:55:b6:70:ba:1f:cc:14:21:02:29:6b:
         62:dc:ad:2f:24:52:79:da:e0:8a:1a:77:7e:fe:99:f8:92:65:
         c8:bc:e0:09
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURmt4jRYa9BDKkNBzOevoyqSdXSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAyMTExMjUwMzhaFw0yNzAyMTAxMjU1MzhaMDMxMTAvBgNV
BAMTKDBEMEVFQ0JENTkwNjI2MTk0OUVGMjIxNjM1RkFBMDI2NEIxQjYyNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY7hHPGk9A8dlTWCvfjcQVgNCJ
jLRaWVFwuJPvjewlgC9Xs/ru1kslKqVfVXmED+R12G21XW/jSVJYRaFWD68iIj9R
ZoXAI1GLAIzD53SKSqBIAZPPIwtnzOPZW4DJ0+f5HZsR3pXK24hAYqtkYhLxE2lm
tWwh2GzNHd4DO1qvJk5/rOwbtkJrvWrMU7nW071FoSvHAQl3g4EZ4ZbKCMAqxeS1
+hlb0ZgaZbKlDAldyzX4yTVeaucfNFQWZ/JFSNXGSSf558HR1BBQL2oR0M0GPdEy
qDT0aMtUhBJX4qVHKpv6bo9Tz4BzGNFCIMTL09nkgP/QQi5xZOA/Du2AxE2VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDQ7svVkGJhlJ7yIWNfqgJksbYkwwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzgzNTJlMzEzMTM3MmUzMjMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFV1
5jANBgkqhkiG9w0BAQsFAAOCAQEAh35OFyzvIQAofyYfXRBScCD/b/OWLNrplP79
WoXbzEwrjZonvTqF+ECK4qudeR/ho4Y/44+RxmFX7RR36HLUgXyFMr/Ao3o+Jl8E
TI/sh/qJWsJ0W87lxexnv0CobdXVF8d9OAigsRf6vsITS4Kgwd24db8OpTQTWHHH
UxOl2Lz2kilBjOq5Z4E2ms1VAX17hntzNOCyd+DDfQBFvsv7ARlkw+OMghm/iyvS
bsF4eKhhEimAfaxMkQkTSz6vCm3bu6WpgGM/OeHC9VzDVUndM/yR3Jm+ASxYn0IH
gt8yHlW2cLofzBQhAilrYtytLyRSedrgihp3fv6Z+JJlyLzgCQ==
-----END CERTIFICATE-----