Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/38362e3130362e37372e302f32342d3234203d3e203137353631.roa
File:                     38362e3130362e37372e302f32342d3234203d3e203137353631.roa (raw, json)
Hash identifier:          LLqjEp0OclrSlskg2I6XUCzelmtApYaUU2NWogCCo1E=
Subject key identifier:   06:57:E6:91:24:67:4D:D0:DC:2A:0A:C5:45:11:E4:8C:50:83:B1:EF
Certificate issuer:       /CN=a0a97e43cfdc15b02a3141f0ad097bcd079c2ed9
Certificate serial:       20F6ECF967986F39C54DDEEAC591A210D58D6B93
Authority key identifier: A0:A9:7E:43:CF:DC:15:B0:2A:31:41:F0:AD:09:7B:CD:07:9C:2E:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKl-Q8_cFbAqMUHwrQl7zQecLtk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/38362e3130362e37372e302f32342d3234203d3e203137353631.roa
Signing time:             Tue 16 Jun 2026 16:31:47 +0000
ROA not before:           Tue 16 Jun 2026 16:26:47 +0000
ROA not after:            Tue 15 Jun 2027 16:31:47 +0000
asID:                     17561
IP address blocks:        86.106.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/A0A97E43CFDC15B02A3141F0AD097BCD079C2ED9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/A0A97E43CFDC15B02A3141F0AD097BCD079C2ED9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKl-Q8_cFbAqMUHwrQl7zQecLtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f6:ec:f9:67:98:6f:39:c5:4d:de:ea:c5:91:a2:10:d5:8d:6b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a97e43cfdc15b02a3141f0ad097bcd079c2ed9
        Validity
            Not Before: Jun 16 16:26:47 2026 GMT
            Not After : Jun 15 16:31:47 2027 GMT
        Subject: CN=0657E69124674DD0DC2A0AC54511E48C5083B1EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:aa:3e:a4:89:03:af:a2:0d:30:c5:44:ae:76:
                    a2:5d:86:f0:5c:d2:b7:78:54:0c:58:ad:96:73:0f:
                    4b:35:bc:16:4b:b8:23:34:88:3c:36:93:d2:5c:43:
                    c8:04:dd:49:b2:5b:0b:4f:aa:91:19:79:80:a0:33:
                    56:6b:13:a7:eb:a6:aa:79:37:a3:5f:97:1e:0d:80:
                    92:0c:c2:16:6d:bf:d5:75:3e:7e:23:f8:af:ee:48:
                    e9:ec:3b:07:09:2f:c9:15:8e:2c:71:01:99:1d:f6:
                    58:36:97:46:9b:65:3a:66:23:d9:a8:0d:31:a7:9e:
                    53:f2:fe:4f:89:d6:b7:dc:85:51:cb:f3:94:6b:df:
                    24:d8:17:18:2b:23:ee:7e:ee:1a:f7:63:9c:62:ff:
                    62:ad:d3:31:af:64:dd:1c:79:82:fc:56:4a:22:0d:
                    40:47:76:5b:1f:da:66:40:46:88:01:87:09:96:84:
                    17:60:82:d4:d7:19:f2:26:4d:4f:e1:d5:8a:5e:5b:
                    89:f5:c0:81:d6:70:3b:a5:90:d1:c7:26:da:a4:15:
                    3b:c6:20:2e:fa:e9:fe:23:32:2b:79:8b:29:8c:27:
                    8a:93:a5:cd:fa:1d:38:f4:b5:f5:b2:7b:b4:4a:6c:
                    74:ac:84:79:c1:21:70:b8:d1:a7:5c:12:57:6d:1c:
                    6f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:57:E6:91:24:67:4D:D0:DC:2A:0A:C5:45:11:E4:8C:50:83:B1:EF
            X509v3 Authority Key Identifier:
                keyid:A0:A9:7E:43:CF:DC:15:B0:2A:31:41:F0:AD:09:7B:CD:07:9C:2E:D9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/A0A97E43CFDC15B02A3141F0AD097BCD079C2ED9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKl-Q8_cFbAqMUHwrQl7zQecLtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/1/38362e3130362e37372e302f32342d3234203d3e203137353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:71:b0:a7:f4:00:81:05:1f:56:f1:51:2f:b2:b1:9e:ca:97:
         89:e3:79:ce:03:e8:cd:5b:2d:d8:99:54:e2:02:1b:2c:bb:78:
         6e:9f:84:60:e0:5f:dd:61:db:a8:ca:1f:5c:42:23:43:90:80:
         b7:cf:1b:32:8b:55:3a:9c:d9:5f:15:da:ee:9c:4e:87:c1:9d:
         53:58:81:cb:bc:c4:7a:27:53:f2:d3:09:2f:55:7f:bd:1b:97:
         ae:5e:ee:8b:c1:73:d5:69:6c:88:eb:78:20:a9:c8:29:fe:d6:
         73:55:80:a3:32:d2:e2:85:7e:81:58:42:f1:b2:15:25:5a:4a:
         68:00:bf:01:f9:45:ca:12:16:ae:28:44:d8:70:c2:33:58:f5:
         90:de:ae:09:79:b0:26:11:48:cb:46:36:08:8d:38:cc:ba:30:
         43:f5:9d:f8:b2:9d:ca:80:82:e5:90:5b:aa:84:02:01:55:e7:
         0d:cf:3b:30:a2:30:6b:7e:c1:eb:e4:39:d2:45:ee:8b:b6:b2:
         1f:bc:c3:12:32:32:fd:04:6d:05:73:a1:ef:b1:d4:d0:dd:f5:
         24:ec:d5:b4:24:94:c6:ad:21:ea:e4:f7:66:52:9f:4a:99:10:
         d5:f7:0f:a3:c7:88:ce:01:d2:31:10:86:ab:e5:cc:48:7b:18:
         cd:f7:85:1a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIPbs+WeYbznFTd7qxZGiENWNa5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTBhOTdlNDNjZmRjMTViMDJhMzE0MWYwYWQwOTdiY2Qw
NzljMmVkOTAeFw0yNjA2MTYxNjI2NDdaFw0yNzA2MTUxNjMxNDdaMDMxMTAvBgNV
BAMTKDA2NTdFNjkxMjQ2NzRERDBEQzJBMEFDNTQ1MTFFNDhDNTA4M0IxRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqj6kiQOvog0wxUSudqJdhvBc
0rd4VAxYrZZzD0s1vBZLuCM0iDw2k9JcQ8gE3UmyWwtPqpEZeYCgM1ZrE6frpqp5
N6Nflx4NgJIMwhZtv9V1Pn4j+K/uSOnsOwcJL8kVjixxAZkd9lg2l0abZTpmI9mo
DTGnnlPy/k+J1rfchVHL85Rr3yTYFxgrI+5+7hr3Y5xi/2Kt0zGvZN0ceYL8Vkoi
DUBHdlsf2mZARogBhwmWhBdggtTXGfImTU/h1YpeW4n1wIHWcDulkNHHJtqkFTvG
IC766f4jMit5iymMJ4qTpc36HTj0tfWye7RKbHSshHnBIXC40adcEldtHG+fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBlfmkSRnTdDcKgrFRRHkjFCDse8wHwYDVR0j
BBgwFoAUoKl+Q8/cFbAqMUHwrQl7zQecLtkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYtNzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1
NmI2LzEvQTBBOTdFNDNDRkRDMTVCMDJBMzE0MUYwQUQwOTdCQ0QwNzlDMkVEOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL29LbC1ROF9jRmJBcU1VSHdyUWw3elFl
Y0x0ay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYt
NzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1NmI2LzEvMzgzNjJlMzEzMDM2MmUzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM1MzYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFZq
TTANBgkqhkiG9w0BAQsFAAOCAQEAfHGwp/QAgQUfVvFRL7KxnsqXieN5zgPozVst
2JlU4gIbLLt4bp+EYOBf3WHbqMofXEIjQ5CAt88bMotVOpzZXxXa7pxOh8GdU1iB
y7zEeidT8tMJL1V/vRuXrl7ui8Fz1WlsiOt4IKnIKf7Wc1WAozLS4oV+gVhC8bIV
JVpKaAC/AflFyhIWrihE2HDCM1j1kN6uCXmwJhFIy0Y2CI04zLowQ/Wd+LKdyoCC
5ZBbqoQCAVXnDc87MKIwa37B6+Q50kXui7ayH7zDEjIy/QRtBXOh77HU0N31JOzV
tCSUxq0h6uT3ZlKfSpkQ1fcPo8eIzgHSMRCGq+XMSHsYzfeFGg==
-----END CERTIFICATE-----