Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36302e302f32342d3234203d3e203239383032.roa
File:                     38352e3135382e36302e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          FXA9IpStdw54CKscb4dYS9C7N0SRV5czaYD8rkySGgs=
Subject key identifier:   5B:EA:CF:F7:82:18:36:51:9E:EF:43:6F:C8:30:61:97:5C:9E:3B:08
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       7409066DC41DC5ED4C9B51F6C32A89A3219CF74E
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36302e302f32342d3234203d3e203239383032.roa
Signing time:             Tue 03 Feb 2026 14:38:47 +0000
ROA not before:           Tue 03 Feb 2026 14:33:47 +0000
ROA not after:            Tue 02 Feb 2027 14:38:47 +0000
asID:                     29802
IP address blocks:        85.158.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:09:06:6d:c4:1d:c5:ed:4c:9b:51:f6:c3:2a:89:a3:21:9c:f7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Feb  3 14:33:47 2026 GMT
            Not After : Feb  2 14:38:47 2027 GMT
        Subject: CN=5BEACFF7821836519EEF436FC83061975C9E3B08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:54:f8:70:6d:9f:90:e7:e6:c8:59:86:54:d4:
                    9f:3d:f0:34:0e:2b:f9:69:4a:78:28:aa:6f:5a:42:
                    72:1f:02:ad:31:56:28:71:a7:b8:e2:ae:26:74:f9:
                    bc:22:f7:ea:1a:46:74:e2:e2:ed:f7:f6:de:9a:b4:
                    9b:b3:af:3b:29:e5:67:58:e3:d8:dd:19:3f:e2:5f:
                    2d:89:cb:d8:90:6a:6b:80:9e:f8:0c:dc:39:c6:7f:
                    21:64:ab:85:80:9d:22:59:ac:1d:77:6e:1b:ce:28:
                    43:5b:82:e5:4a:7d:27:d2:32:dd:ea:12:c6:47:89:
                    52:ee:0f:0f:12:c2:03:60:d4:1f:78:01:77:8c:ff:
                    af:2d:12:5a:88:35:3b:58:36:27:84:fd:b3:61:7a:
                    7c:87:66:78:c8:1c:ba:5a:f1:15:fb:3f:80:d5:2a:
                    f5:d7:28:6f:d7:75:ac:02:78:7b:b4:86:c5:31:9e:
                    2f:e0:2b:25:59:4f:f8:06:af:80:c4:64:5e:20:42:
                    98:af:50:6d:88:03:ed:25:7b:c0:60:0c:06:91:4b:
                    8e:f4:0b:a1:df:bc:fb:c1:75:74:f9:8e:a6:95:fc:
                    aa:a9:3d:c9:fb:3a:03:54:2e:01:b1:62:d0:21:eb:
                    50:c8:98:e5:0d:a4:8a:69:8e:ce:17:81:25:c9:86:
                    7d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:EA:CF:F7:82:18:36:51:9E:EF:43:6F:C8:30:61:97:5C:9E:3B:08
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36302e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:3b:e2:38:a9:26:8a:84:f1:1f:f1:b9:3e:65:00:08:ed:eb:
         80:0c:c3:c7:78:50:60:55:0a:18:aa:e0:95:c0:d9:a2:60:14:
         43:cc:14:37:0d:3e:31:f7:ed:f3:0b:9e:3d:5d:13:00:af:7d:
         ba:c1:20:7e:b3:a9:fd:92:c3:41:1c:1b:43:e9:39:7b:13:20:
         8c:12:fb:4e:6f:fe:81:4a:11:b9:50:1a:a2:23:57:0c:3e:88:
         c8:0f:f0:6e:13:4b:18:d8:c2:8c:90:f9:46:42:a3:31:8c:8e:
         57:98:24:4d:36:a3:0c:35:d4:f5:f3:25:d0:8a:39:43:f7:44:
         5a:55:29:ac:54:3c:67:d2:fd:d2:ef:ba:81:a2:ae:c3:f7:94:
         d5:d5:2f:9e:53:93:e1:39:dd:b9:fe:2a:d0:4d:0c:ac:9e:71:
         dd:19:07:39:2a:fd:d8:0a:b6:fe:d7:12:75:44:48:5b:47:12:
         df:a1:f2:f7:17:2c:46:b8:91:1c:be:4d:b5:b3:fd:d8:c7:4d:
         8c:88:e9:49:41:3b:fb:d6:1f:9e:7a:4a:f2:4a:a9:76:df:c2:
         8d:0b:83:4f:92:78:f7:64:4d:27:a3:b9:a2:e9:a9:a3:d3:83:
         d9:86:be:24:82:02:0d:b0:21:3e:30:7a:96:64:46:5b:29:ef:
         b8:1a:42:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdAkGbcQdxe1Mm1H2wyqJoyGc904wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNDdaFw0yNzAyMDIxNDM4NDdaMDMxMTAvBgNV
BAMTKDVCRUFDRkY3ODIxODM2NTE5RUVGNDM2RkM4MzA2MTk3NUM5RTNCMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZVPhwbZ+Q5+bIWYZU1J898DQO
K/lpSngoqm9aQnIfAq0xVihxp7jiriZ0+bwi9+oaRnTi4u339t6atJuzrzsp5WdY
49jdGT/iXy2Jy9iQamuAnvgM3DnGfyFkq4WAnSJZrB13bhvOKENbguVKfSfSMt3q
EsZHiVLuDw8SwgNg1B94AXeM/68tElqINTtYNieE/bNhenyHZnjIHLpa8RX7P4DV
KvXXKG/XdawCeHu0hsUxni/gKyVZT/gGr4DEZF4gQpivUG2IA+0le8BgDAaRS470
C6HfvPvBdXT5jqaV/KqpPcn7OgNULgGxYtAh61DImOUNpIppjs4XgSXJhn0TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW+rP94IYNlGe70NvyDBhl1yeOwgwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzEzNTM4MmUzNjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PDANBgkqhkiG9w0BAQsFAAOCAQEAADviOKkmioTxH/G5PmUACO3rgAzDx3hQYFUK
GKrglcDZomAUQ8wUNw0+Mfft8wuePV0TAK99usEgfrOp/ZLDQRwbQ+k5exMgjBL7
Tm/+gUoRuVAaoiNXDD6IyA/wbhNLGNjCjJD5RkKjMYyOV5gkTTajDDXU9fMl0Io5
Q/dEWlUprFQ8Z9L90u+6gaKuw/eU1dUvnlOT4Tnduf4q0E0MrJ5x3RkHOSr92Aq2
/tcSdURIW0cS36Hy9xcsRriRHL5NtbP92MdNjIjpSUE7+9YfnnpK8kqpdt/CjQuD
T5J492RNJ6O5oumpo9OD2Ya+JIICDbAhPjB6lmRGWynvuBpCoA==
-----END CERTIFICATE-----