Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa
File:                     3138352e3230352e3232322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          1Rc+WYmfUMnAUER74UvmdmOlUKe3KN5hxHi5oVPmDys=
Subject key identifier:   57:81:9B:C2:99:98:2C:FF:16:6F:67:7D:E2:BA:C2:A9:BA:70:FC:04
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       370704F4DA7F2EE408567FF69D12E13C1751A00C
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa
Signing time:             Fri 27 Feb 2026 13:43:50 +0000
ROA not before:           Fri 27 Feb 2026 13:38:50 +0000
ROA not after:            Fri 26 Feb 2027 13:43:50 +0000
asID:                     834
IP address blocks:        185.205.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:42:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:07:04:f4:da:7f:2e:e4:08:56:7f:f6:9d:12:e1:3c:17:51:a0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Feb 27 13:38:50 2026 GMT
            Not After : Feb 26 13:43:50 2027 GMT
        Subject: CN=57819BC299982CFF166F677DE2BAC2A9BA70FC04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e6:8b:c0:58:69:21:1a:77:80:82:31:f5:91:
                    4d:be:62:64:f3:34:34:b3:e8:ca:2e:af:9d:30:e3:
                    e5:36:9d:e2:cd:38:13:19:bf:8f:07:79:c5:87:a8:
                    98:6d:50:0f:e5:dc:bb:11:d8:39:62:0b:83:37:1a:
                    d4:8c:9c:b8:0f:de:76:1e:3e:6f:6e:75:c8:49:eb:
                    74:01:82:0f:8d:11:be:8a:2f:94:b9:51:da:e9:c1:
                    c1:31:5d:e3:50:e6:1d:3b:51:3c:d9:d6:b8:bd:57:
                    4a:a4:8d:9e:ce:39:6b:ba:6b:39:2a:26:2f:3c:c8:
                    a1:f9:3d:9c:9a:b4:02:db:30:bc:0c:06:2a:e2:62:
                    e3:b7:40:70:4e:33:e2:3f:a2:74:be:d8:bd:92:f6:
                    ce:d9:b0:d1:38:ec:93:f2:0f:ec:6f:4b:81:ed:fa:
                    a4:5c:b0:6f:53:0c:69:50:2a:1b:ab:f7:83:df:d1:
                    f1:d6:ea:6a:f2:08:3d:68:e8:5b:31:62:b6:07:a0:
                    ad:a6:64:e4:d8:04:16:2b:6f:43:f0:d1:7a:fc:55:
                    80:3c:1c:e2:2c:68:cf:5b:3c:2f:74:2a:e4:c8:b3:
                    94:dd:9e:4e:4a:bd:52:fa:19:88:f5:8a:91:4b:b5:
                    30:b7:42:b0:9c:1f:37:bc:a8:43:1d:31:b5:07:48:
                    52:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:81:9B:C2:99:98:2C:FF:16:6F:67:7D:E2:BA:C2:A9:BA:70:FC:04
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e3230352e3232322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:61:53:65:1f:44:4b:cd:87:8d:fe:d2:bb:cc:f5:e3:cc:02:
         8e:78:5d:fb:5b:ff:32:d5:f3:8d:70:34:b1:1d:5b:3d:14:04:
         fa:5f:3c:7f:e8:5e:11:a6:fc:af:af:bd:f9:fe:87:11:22:86:
         38:3f:e3:b8:33:ea:56:0e:99:b3:84:4d:3e:6b:d0:44:08:96:
         38:4c:2d:1f:38:c0:56:97:fa:aa:db:14:a5:cc:d8:61:1d:39:
         e4:e1:87:bc:30:c4:8a:43:59:6d:20:94:14:d5:a0:d8:0b:4d:
         1b:31:81:fe:35:35:a1:25:ab:6e:04:b3:99:10:40:0d:6e:fd:
         7c:11:7b:6e:47:f2:c0:d1:8b:0a:55:c3:c7:b4:9a:80:eb:bd:
         ec:b9:af:79:b7:ca:04:42:31:32:cf:de:6f:2c:a2:17:0c:79:
         d9:96:4e:80:af:3a:5c:b9:62:de:32:16:76:91:fd:f9:36:46:
         3d:8e:86:f5:45:e5:79:b5:2c:a4:22:77:99:4b:b9:9d:6a:2c:
         e6:83:24:a4:64:c7:bb:53:1a:27:15:7a:70:74:1e:2c:bd:66:
         a2:63:96:26:5d:17:89:28:3e:31:7c:fc:b7:3e:56:c9:04:33:
         05:bd:1f:c7:64:08:89:53:9d:cc:88:13:91:df:c3:79:dc:af:
         bf:13:e1:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNwcE9Np/LuQIVn/2nRLhPBdRoAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjAyMjcxMzM4NTBaFw0yNzAyMjYxMzQzNTBaMDMxMTAvBgNV
BAMTKDU3ODE5QkMyOTk5ODJDRkYxNjZGNjc3REUyQkFDMkE5QkE3MEZDMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC95ovAWGkhGneAgjH1kU2+YmTz
NDSz6Mour50w4+U2neLNOBMZv48HecWHqJhtUA/l3LsR2DliC4M3GtSMnLgP3nYe
Pm9udchJ63QBgg+NEb6KL5S5UdrpwcExXeNQ5h07UTzZ1ri9V0qkjZ7OOWu6azkq
Ji88yKH5PZyatALbMLwMBiriYuO3QHBOM+I/onS+2L2S9s7ZsNE47JPyD+xvS4Ht
+qRcsG9TDGlQKhur94Pf0fHW6mryCD1o6FsxYrYHoK2mZOTYBBYrb0Pw0Xr8VYA8
HOIsaM9bPC90KuTIs5Tdnk5KvVL6GYj1ipFLtTC3QrCcHze8qEMdMbUHSFLFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV4GbwpmYLP8Wb2d94rrCqbpw/AQwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzMjMwMzUyZTMy
MzIzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnN
3jANBgkqhkiG9w0BAQsFAAOCAQEAKWFTZR9ES82Hjf7Su8z148wCjnhd+1v/MtXz
jXA0sR1bPRQE+l88f+heEab8r6+9+f6HESKGOD/juDPqVg6Zs4RNPmvQRAiWOEwt
HzjAVpf6qtsUpczYYR055OGHvDDEikNZbSCUFNWg2AtNGzGB/jU1oSWrbgSzmRBA
DW79fBF7bkfywNGLClXDx7SagOu97LmvebfKBEIxMs/ebyyiFwx52ZZOgK86XLli
3jIWdpH9+TZGPY6G9UXlebUspCJ3mUu5nWos5oMkpGTHu1MaJxV6cHQeLL1momOW
Jl0XiSg+MXz8tz5WyQQzBb0fx2QIiVOdzIgTkd/DedyvvxPhpQ==
-----END CERTIFICATE-----