Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e35392e302f32342d3234203d3e20383334.roa
File:                     38352e3135382e35392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Gmf2mpHalDz4xpHcy6+M7o274AL4uIsE+BJ5Y5AeL5o=
Subject key identifier:   88:D0:9B:01:5C:46:4D:8D:CF:7B:DB:F5:D4:BF:55:73:81:DF:7B:32
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       4630905AD06E524DBE435A8115747588669B572F
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e35392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Feb 2026 12:04:08 +0000
ROA not before:           Mon 23 Feb 2026 11:59:08 +0000
ROA not after:            Mon 22 Feb 2027 12:04:08 +0000
asID:                     834
IP address blocks:        85.158.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:30:90:5a:d0:6e:52:4d:be:43:5a:81:15:74:75:88:66:9b:57:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Feb 23 11:59:08 2026 GMT
            Not After : Feb 22 12:04:08 2027 GMT
        Subject: CN=88D09B015C464D8DCF7BDBF5D4BF557381DF7B32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:57:8a:c3:bd:b0:9c:5c:ce:87:9d:b6:0a:84:
                    78:f4:5c:d3:03:c7:36:26:c3:a1:0e:69:30:2f:8c:
                    ab:11:b4:a6:d5:d5:94:68:9c:62:02:d4:b3:6b:e9:
                    89:6e:4d:5d:0f:b9:e1:0e:40:d3:63:8b:34:54:c7:
                    4b:12:3b:55:bb:c4:5c:95:ca:ad:ab:0c:59:03:eb:
                    b1:e8:73:11:a3:a0:6a:f2:a0:2c:84:04:c9:f9:40:
                    86:c6:b6:4c:17:c7:47:34:3e:64:1b:e3:50:d6:a4:
                    fa:a9:fa:90:35:36:ac:23:0b:ed:78:e0:c1:7d:3b:
                    f1:22:31:c3:52:74:6b:83:83:8d:d1:d8:d5:f8:6b:
                    6a:5f:75:97:ae:36:85:dc:6e:9b:94:ae:f9:1d:1b:
                    ce:24:87:7c:fd:de:b6:c5:98:29:36:98:ce:38:6b:
                    82:71:53:6a:89:ed:82:9d:30:6e:e0:b6:72:a4:07:
                    27:04:1b:7e:e1:aa:52:ea:e6:29:94:02:64:fa:e2:
                    07:6a:42:0c:87:2e:d9:99:8b:39:0d:ee:7b:6b:52:
                    6e:32:4f:0c:11:72:cf:47:c8:7e:ab:e9:e4:15:04:
                    ec:14:96:b5:16:2e:7b:30:a6:38:97:c5:7e:74:6a:
                    e7:66:8d:47:dc:a8:96:22:ff:d6:25:81:b9:f5:30:
                    87:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D0:9B:01:5C:46:4D:8D:CF:7B:DB:F5:D4:BF:55:73:81:DF:7B:32
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e35392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:27:80:d0:3f:ba:be:72:d5:04:f3:e2:09:8d:af:cb:40:86:
         e7:94:f5:c2:88:c0:b0:50:ac:f6:10:7e:55:73:03:23:b6:13:
         c5:bf:be:0a:f9:97:3b:6a:04:fe:b5:7d:9d:c9:e1:ca:86:5f:
         a9:80:64:ba:35:93:fa:c2:33:44:5e:b9:69:35:11:32:4c:7f:
         27:fe:2f:ce:71:e8:ac:2d:96:76:e3:8e:86:94:0a:94:12:4e:
         f4:65:3f:08:80:19:13:25:cb:a9:05:b6:1c:0e:d7:23:6c:66:
         99:90:99:f6:24:61:e7:74:32:1a:be:43:d2:2a:a0:76:d7:07:
         1f:37:b7:c9:51:bb:11:84:91:18:a8:8a:f7:5c:4d:b9:bf:b6:
         40:9d:e3:35:6b:7e:87:6c:99:8c:a2:c6:bc:99:5d:7c:91:d3:
         e4:a5:db:c0:88:93:89:74:57:46:7c:f4:58:b0:de:5d:1e:ca:
         e7:88:6e:f6:86:24:46:e8:41:83:b1:e8:0c:d6:03:1c:3e:f1:
         ea:6f:20:23:c4:33:f0:5b:65:9e:f0:71:14:cb:a5:d4:7c:5c:
         2d:6a:3f:4d:59:29:8f:a0:e0:2d:52:93:c9:20:2b:05:a5:08:
         96:d0:ef:d2:4a:a5:b7:9a:14:35:50:d0:a6:5e:37:9d:0e:57:
         37:fe:99:83
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURjCQWtBuUk2+Q1qBFXR1iGabVy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMjMxMTU5MDhaFw0yNzAyMjIxMjA0MDhaMDMxMTAvBgNV
BAMTKDg4RDA5QjAxNUM0NjREOERDRjdCREJGNUQ0QkY1NTczODFERjdCMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKV4rDvbCcXM6HnbYKhHj0XNMD
xzYmw6EOaTAvjKsRtKbV1ZRonGIC1LNr6YluTV0PueEOQNNjizRUx0sSO1W7xFyV
yq2rDFkD67HocxGjoGryoCyEBMn5QIbGtkwXx0c0PmQb41DWpPqp+pA1NqwjC+14
4MF9O/EiMcNSdGuDg43R2NX4a2pfdZeuNoXcbpuUrvkdG84kh3z93rbFmCk2mM44
a4JxU2qJ7YKdMG7gtnKkBycEG37hqlLq5imUAmT64gdqQgyHLtmZizkN7ntrUm4y
TwwRcs9HyH6r6eQVBOwUlrUWLnswpjiXxX50audmjUfcqJYi/9Ylgbn1MIeFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiNCbAVxGTY3Pe9v11L9Vc4HfezIwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzEzNTM4MmUzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ47MA0G
CSqGSIb3DQEBCwUAA4IBAQBkJ4DQP7q+ctUE8+IJja/LQIbnlPXCiMCwUKz2EH5V
cwMjthPFv74K+Zc7agT+tX2dyeHKhl+pgGS6NZP6wjNEXrlpNREyTH8n/i/Oceis
LZZ2446GlAqUEk70ZT8IgBkTJcupBbYcDtcjbGaZkJn2JGHndDIavkPSKqB21wcf
N7fJUbsRhJEYqIr3XE25v7ZAneM1a36HbJmMosa8mV18kdPkpdvAiJOJdFdGfPRY
sN5dHsrniG72hiRG6EGDsegM1gMcPvHqbyAjxDPwW2We8HEUy6XUfFwtaj9NWSmP
oOAtUpPJICsFpQiW0O/SSqW3mhQ1UNCmXjedDlc3/pmD
-----END CERTIFICATE-----