Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36332e302f32342d3234203d3e203239383032.roa
File:                     38352e3135382e36332e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          p+szrgvcNao02Q2cs1FHFugqaCm2f8fJrt3OJc2fOok=
Subject key identifier:   7E:5A:03:60:79:23:68:6D:0E:F3:79:0E:09:5B:DD:B0:2E:91:5E:AC
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       08EF40E0626FAC65AEB0CA92209356EE66D084A1
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36332e302f32342d3234203d3e203239383032.roa
Signing time:             Tue 03 Feb 2026 14:38:49 +0000
ROA not before:           Tue 03 Feb 2026 14:33:49 +0000
ROA not after:            Tue 02 Feb 2027 14:38:49 +0000
asID:                     29802
IP address blocks:        85.158.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ef:40:e0:62:6f:ac:65:ae:b0:ca:92:20:93:56:ee:66:d0:84:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Feb  3 14:33:49 2026 GMT
            Not After : Feb  2 14:38:49 2027 GMT
        Subject: CN=7E5A03607923686D0EF3790E095BDDB02E915EAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a6:a1:e9:66:d1:71:cd:98:ff:ad:ae:b3:e2:
                    32:94:97:f7:42:d1:68:65:78:55:d0:cf:cc:a2:f1:
                    0a:aa:f0:cb:78:a0:33:e7:37:43:45:0a:de:eb:56:
                    b0:fd:cf:83:65:15:75:90:1c:a2:e2:d4:ac:fd:b6:
                    39:88:bc:5c:e4:82:85:e5:ad:ff:ba:4c:c1:b9:e8:
                    b8:59:6a:4f:2d:a4:f3:ee:9a:fc:c3:4d:05:8f:50:
                    c4:d5:a7:7f:9d:47:ea:28:8f:d5:f7:50:2a:24:57:
                    76:50:f7:bc:7f:7c:21:d4:72:8a:b8:6b:b8:c3:34:
                    8d:7c:b1:e7:bf:7d:e5:a0:b9:d2:4d:fc:66:8c:d2:
                    24:b9:c8:8c:e6:27:1c:3e:7a:59:61:42:f3:ca:d0:
                    00:a9:78:6a:5b:42:99:1d:2e:e8:92:1c:af:8e:1f:
                    51:5e:e3:00:8b:f2:e8:e9:bf:e7:a8:23:d7:d8:f4:
                    62:fd:90:bf:9d:23:7e:20:9c:5e:c4:ec:bc:52:52:
                    0a:8a:97:b3:e0:9c:57:d3:04:95:15:1d:c6:6f:29:
                    89:4c:51:c5:53:e4:d1:60:a6:99:78:bb:2b:a3:3c:
                    56:24:ba:13:d9:06:1d:36:fb:21:91:43:fa:83:24:
                    ab:f8:dc:94:90:dd:46:9e:bf:4b:9c:b5:24:d3:0e:
                    85:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5A:03:60:79:23:68:6D:0E:F3:79:0E:09:5B:DD:B0:2E:91:5E:AC
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36332e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:24:91:61:16:9e:9e:9b:d4:f1:c9:8e:d0:4e:09:22:7c:93:
         ec:93:06:e1:78:84:4f:12:70:db:07:51:6f:7f:35:4e:ef:86:
         7c:1a:5d:d9:4f:ce:75:99:72:6c:aa:fd:83:d9:5e:dc:5a:3f:
         a0:75:2b:39:1e:41:55:b8:4e:c3:c4:47:3e:bd:15:71:bc:5d:
         57:7f:69:dd:dd:02:01:73:dc:aa:d5:66:09:05:13:33:f9:48:
         9f:f2:da:10:96:f0:31:4c:b3:83:ab:b6:1a:ba:a2:97:51:3c:
         aa:8b:c9:8a:55:e4:96:6a:9f:50:c3:94:a5:f3:e4:8f:45:b4:
         06:9d:a0:df:17:49:c3:9f:4a:c0:19:ac:d0:38:0f:50:48:45:
         49:d1:b1:f8:32:dc:c7:00:a9:49:57:8c:b0:c1:47:2a:55:c4:
         e3:4f:a0:40:b7:0d:94:b7:7b:29:21:50:b8:bf:a8:da:ee:cb:
         bd:13:50:0c:56:47:42:d7:a7:8f:c0:41:5b:ad:a9:6c:45:75:
         12:68:fd:04:60:23:d8:c8:05:e0:92:f4:8a:92:0d:8d:2b:8a:
         df:a1:b1:aa:bc:33:90:10:0c:ff:fd:4c:cb:44:b3:18:2e:59:
         1d:08:b7:49:9f:27:71:54:db:b8:e8:2e:55:fb:15:06:1b:c5:
         2f:15:0d:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCO9A4GJvrGWusMqSIJNW7mbQhKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNDlaFw0yNzAyMDIxNDM4NDlaMDMxMTAvBgNV
BAMTKDdFNUEwMzYwNzkyMzY4NkQwRUYzNzkwRTA5NUJEREIwMkU5MTVFQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2pqHpZtFxzZj/ra6z4jKUl/dC
0WhleFXQz8yi8Qqq8Mt4oDPnN0NFCt7rVrD9z4NlFXWQHKLi1Kz9tjmIvFzkgoXl
rf+6TMG56LhZak8tpPPumvzDTQWPUMTVp3+dR+ooj9X3UCokV3ZQ97x/fCHUcoq4
a7jDNI18see/feWgudJN/GaM0iS5yIzmJxw+ellhQvPK0ACpeGpbQpkdLuiSHK+O
H1Fe4wCL8ujpv+eoI9fY9GL9kL+dI34gnF7E7LxSUgqKl7PgnFfTBJUVHcZvKYlM
UcVT5NFgppl4uyujPFYkuhPZBh02+yGRQ/qDJKv43JSQ3Uaev0uctSTTDoXhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfloDYHkjaG0O83kOCVvdsC6RXqwwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzEzNTM4MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PzANBgkqhkiG9w0BAQsFAAOCAQEAAySRYRaenpvU8cmO0E4JInyT7JMG4XiETxJw
2wdRb381Tu+GfBpd2U/OdZlybKr9g9le3Fo/oHUrOR5BVbhOw8RHPr0VcbxdV39p
3d0CAXPcqtVmCQUTM/lIn/LaEJbwMUyzg6u2Grqil1E8qovJilXklmqfUMOUpfPk
j0W0Bp2g3xdJw59KwBms0DgPUEhFSdGx+DLcxwCpSVeMsMFHKlXE40+gQLcNlLd7
KSFQuL+o2u7LvRNQDFZHQtenj8BBW62pbEV1Emj9BGAj2MgF4JL0ipINjSuK36Gx
qrwzkBAM//1My0SzGC5ZHQi3SZ8ncVTbuOguVfsVBhvFLxUNqg==
-----END CERTIFICATE-----