Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa
File:                     34362e3138322e32322e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          DOvKVeAcOxkNybkMS9ylFdnOy9WAJnB82IVDJTGNOcA=
Subject key identifier:   75:2A:F8:6E:94:F2:CC:0B:34:8A:64:A4:25:91:E7:E3:39:00:29:6D
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       576C119CD510C4D7D30EB73D16D26AD711CEBDFC
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa
Signing time:             Sat 07 Feb 2026 16:55:37 +0000
ROA not before:           Sat 07 Feb 2026 16:50:37 +0000
ROA not after:            Sat 06 Feb 2027 16:55:37 +0000
asID:                     42831
IP address blocks:        46.182.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:6c:11:9c:d5:10:c4:d7:d3:0e:b7:3d:16:d2:6a:d7:11:ce:bd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Feb  7 16:50:37 2026 GMT
            Not After : Feb  6 16:55:37 2027 GMT
        Subject: CN=752AF86E94F2CC0B348A64A42591E7E33900296D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:99:c2:2c:c2:0b:44:5e:d4:f1:8c:5e:c5:
                    4d:ee:f0:71:7c:07:f2:a9:0a:65:1d:d4:15:88:c9:
                    c7:bb:2f:b9:2e:e3:c4:87:66:21:35:07:35:5d:22:
                    60:ad:7a:04:b0:88:37:d7:0f:7e:8e:d1:61:48:9a:
                    fd:ce:b6:a0:c3:e2:cf:4e:d3:c5:37:70:bc:fb:38:
                    53:00:9f:f5:37:e2:da:58:03:4c:70:de:a7:4a:81:
                    b8:b8:10:9a:73:5f:91:d3:50:f2:57:0a:73:c4:8b:
                    e8:1c:1d:09:8b:b5:1c:ca:2a:35:b7:14:3c:65:a8:
                    eb:17:c2:42:23:e7:e4:8f:50:d3:45:a5:5c:34:28:
                    4b:21:09:1d:9a:fb:ff:87:0a:c9:d7:45:d1:2e:2f:
                    9a:43:1d:af:21:a2:39:d0:ad:94:e6:fb:b4:59:60:
                    51:48:81:2a:27:c0:33:49:98:4e:63:72:00:89:71:
                    b6:22:79:7d:97:2c:ef:08:6b:8b:a0:b6:a8:4c:d4:
                    bf:0d:41:88:a1:72:b1:00:42:2f:61:20:09:6c:b0:
                    d7:97:9c:99:a2:27:14:7e:e7:b6:61:60:a2:97:8b:
                    23:4e:a3:80:8f:33:e9:a2:19:4f:bd:06:56:4c:8e:
                    1b:2a:c1:42:83:8b:bb:bd:de:95:14:cd:8c:0e:f2:
                    e7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:2A:F8:6E:94:F2:CC:0B:34:8A:64:A4:25:91:E7:E3:39:00:29:6D
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:73:6c:aa:13:f0:cf:9a:a7:27:11:0b:e9:98:32:f6:18:b6:
         3c:48:40:3f:51:00:05:73:ea:43:03:b4:8e:45:f9:3d:3f:6b:
         de:c7:aa:ba:a6:9e:ce:ca:07:b7:b1:f9:32:26:72:bf:7d:b0:
         84:80:c0:18:cd:65:4d:dc:17:83:de:0b:18:6e:12:9a:a4:ac:
         81:30:c1:98:d1:0d:d0:0e:39:d5:09:9d:b0:af:c3:22:49:cb:
         fa:62:76:a8:87:3d:53:5b:03:2a:c2:50:4e:e3:3d:f2:5b:a4:
         bf:44:10:f6:91:02:76:90:67:dd:2e:d4:84:bb:a7:0f:9f:cc:
         10:ec:a3:1b:f0:4b:5d:1c:9d:3f:9c:55:f0:e2:72:55:f2:34:
         be:74:16:ad:48:64:46:41:b7:91:73:32:0f:b8:ac:f4:37:66:
         ef:e7:0e:f9:cf:97:ab:3e:29:c1:60:9d:27:53:72:e4:89:4a:
         9a:c4:8d:a3:87:60:97:df:4c:39:09:41:69:17:d5:bf:5a:f5:
         30:8d:66:a8:f3:fb:4f:15:dd:f4:b3:57:2e:f1:76:5f:62:23:
         c5:d4:41:e2:77:af:c2:0e:67:82:96:36:b9:1e:a5:6d:5f:c5:
         c7:ce:6a:52:c8:03:b8:93:5b:b9:70:57:d8:f1:6b:ed:25:0d:
         a8:e3:3a:5c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUV2wRnNUQxNfTDrc9FtJq1xHOvfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNjAyMDcxNjUwMzdaFw0yNzAyMDYxNjU1MzdaMDMxMTAvBgNV
BAMTKDc1MkFGODZFOTRGMkNDMEIzNDhBNjRBNDI1OTFFN0UzMzkwMDI5NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5iJnCLMILRF7U8YxexU3u8HF8
B/KpCmUd1BWIyce7L7ku48SHZiE1BzVdImCtegSwiDfXD36O0WFImv3OtqDD4s9O
08U3cLz7OFMAn/U34tpYA0xw3qdKgbi4EJpzX5HTUPJXCnPEi+gcHQmLtRzKKjW3
FDxlqOsXwkIj5+SPUNNFpVw0KEshCR2a+/+HCsnXRdEuL5pDHa8hojnQrZTm+7RZ
YFFIgSonwDNJmE5jcgCJcbYieX2XLO8Ia4ugtqhM1L8NQYihcrEAQi9hIAlssNeX
nJmiJxR+57ZhYKKXiyNOo4CPM+miGU+9BlZMjhsqwUKDi7u93pUUzYwO8ucPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdSr4bpTyzAs0imSkJZHn4zkAKW0wHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC62
FjANBgkqhkiG9w0BAQsFAAOCAQEAp3NsqhPwz5qnJxEL6Zgy9hi2PEhAP1EABXPq
QwO0jkX5PT9r3sequqaezsoHt7H5MiZyv32whIDAGM1lTdwXg94LGG4SmqSsgTDB
mNEN0A451QmdsK/DIknL+mJ2qIc9U1sDKsJQTuM98lukv0QQ9pECdpBn3S7UhLun
D5/MEOyjG/BLXRydP5xV8OJyVfI0vnQWrUhkRkG3kXMyD7is9Ddm7+cO+c+Xqz4p
wWCdJ1Ny5IlKmsSNo4dgl99MOQlBaRfVv1r1MI1mqPP7TxXd9LNXLvF2X2IjxdRB
4nevwg5ngpY2uR6lbV/Fx85qUsgDuJNbuXBX2PFr7SUNqOM6XA==
-----END CERTIFICATE-----