Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
File:                     38372e3131382e36342e302f31382d3234203d3e203331313033.roa (raw, json)
Hash identifier:          BB9/kn0yHeOM1iTUmLBw5wkK/7+EX8B19ZEvpKOrAi0=
Subject key identifier:   24:0D:CA:30:00:EB:E5:00:D8:A8:5E:A2:93:BC:75:1B:6E:D2:77:D3
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       428938343846E64D3A32216DDFF79F0ACDC8698D
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa
Signing time:             Fri 03 Apr 2026 14:46:59 +0000
ROA not before:           Fri 03 Apr 2026 14:41:59 +0000
ROA not after:            Fri 02 Apr 2027 14:46:59 +0000
asID:                     31103
IP address blocks:        87.118.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:89:38:34:38:46:e6:4d:3a:32:21:6d:df:f7:9f:0a:cd:c8:69:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: Apr  3 14:41:59 2026 GMT
            Not After : Apr  2 14:46:59 2027 GMT
        Subject: CN=240DCA3000EBE500D8A85EA293BC751B6ED277D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ba:c8:c1:7c:e7:c7:99:ce:02:ed:af:bb:68:
                    ac:d4:c5:b3:8b:4e:4e:ff:37:74:49:1b:a4:78:f9:
                    97:79:39:20:9c:cc:6b:20:3a:b4:ee:98:49:fa:e1:
                    57:7d:63:b1:af:ea:ee:ea:07:6e:c5:a8:2c:0e:bb:
                    53:26:77:ee:25:ac:3d:95:e3:a6:92:e1:5e:b0:55:
                    09:9d:32:cc:db:f6:dd:3f:05:88:04:1f:e3:2b:bd:
                    95:2f:8e:fd:71:ce:a8:ef:86:8e:e9:ad:57:df:0f:
                    0c:81:6d:60:71:0c:90:3c:a7:a6:bb:f6:46:5c:1b:
                    13:69:f2:4f:cf:6b:02:2d:8e:91:78:d6:fd:a8:13:
                    1c:2b:33:22:dd:e3:e0:3f:c6:13:25:0b:96:2f:e2:
                    1d:b4:29:8f:9d:86:56:63:be:ca:09:70:4c:cd:08:
                    df:19:e2:73:54:e3:00:31:0e:6f:ec:09:bd:e6:d1:
                    d5:86:ae:ff:01:84:06:0a:cd:88:9b:89:c8:f2:c2:
                    cb:a5:7a:af:d1:41:91:34:11:3a:11:f7:79:76:6a:
                    0d:ef:f6:df:c7:73:b9:50:21:f3:b9:49:15:ee:66:
                    d5:89:0e:8d:f4:57:23:2e:87:4a:01:bc:21:1c:a9:
                    12:1b:ca:1f:40:2b:72:08:38:62:b1:b2:1c:97:3e:
                    e2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0D:CA:30:00:EB:E5:00:D8:A8:5E:A2:93:BC:75:1B:6E:D2:77:D3
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/38372e3131382e36342e302f31382d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.118.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6b:a2:42:82:f4:cf:c7:88:c3:1b:0e:9e:4b:c1:e4:12:d4:40:
         fd:13:4c:36:9e:31:96:43:92:c9:65:2b:32:5a:19:f4:f1:e5:
         8c:80:5b:cd:3c:ab:a8:71:79:57:9b:65:3e:0d:0b:23:10:9c:
         4f:a3:d9:f4:98:c9:fa:9f:19:1c:fb:fd:f8:e1:11:fc:bb:cb:
         73:24:05:9a:e2:d7:85:1d:61:5a:82:e5:02:26:b1:1e:d2:0b:
         e8:0e:58:cb:06:f4:e7:9a:22:05:1c:fa:3c:de:93:70:85:0c:
         99:26:02:2f:9f:13:35:69:45:ab:eb:33:d5:1d:c2:f1:27:58:
         fc:a9:91:d9:7c:42:df:ec:71:76:16:5e:45:1e:69:c0:b3:a3:
         e5:d4:bb:c0:ac:28:77:c0:d6:54:ae:68:02:d3:1d:3f:67:8d:
         6e:bc:17:fb:5e:35:48:77:84:90:ed:80:f4:57:94:30:00:4a:
         bd:4e:7d:d7:72:c1:55:33:ed:c3:90:9f:31:8a:db:4c:ef:02:
         a2:42:f6:51:3f:b7:af:f3:2f:c7:24:75:ee:08:85:c5:d1:7e:
         11:6a:66:2a:1d:3f:01:d3:2b:8f:60:34:f6:d6:07:13:e3:dc:
         30:9f:e9:2c:86:23:da:22:6a:fa:8d:80:45:cb:0a:1a:4d:58:
         d0:0a:3b:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQok4NDhG5k06MiFt3/efCs3IaY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNjA0MDMxNDQxNTlaFw0yNzA0MDIxNDQ2NTlaMDMxMTAvBgNV
BAMTKDI0MERDQTMwMDBFQkU1MDBEOEE4NUVBMjkzQkM3NTFCNkVEMjc3RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0usjBfOfHmc4C7a+7aKzUxbOL
Tk7/N3RJG6R4+Zd5OSCczGsgOrTumEn64Vd9Y7Gv6u7qB27FqCwOu1Mmd+4lrD2V
46aS4V6wVQmdMszb9t0/BYgEH+MrvZUvjv1xzqjvho7prVffDwyBbWBxDJA8p6a7
9kZcGxNp8k/PawItjpF41v2oExwrMyLd4+A/xhMlC5Yv4h20KY+dhlZjvsoJcEzN
CN8Z4nNU4wAxDm/sCb3m0dWGrv8BhAYKzYibicjywsuleq/RQZE0EToR93l2ag3v
9t/Hc7lQIfO5SRXuZtWJDo30VyMuh0oBvCEcqRIbyh9AK3IIOGKxshyXPuI/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJA3KMADr5QDYqF6ik7x1G27Sd9MwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzgzNzJlMzEzMTM4MmUzNjM0
MmUzMDJmMzEzODJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBld2
QDANBgkqhkiG9w0BAQsFAAOCAQEAa6JCgvTPx4jDGw6eS8HkEtRA/RNMNp4xlkOS
yWUrMloZ9PHljIBbzTyrqHF5V5tlPg0LIxCcT6PZ9JjJ+p8ZHPv9+OER/LvLcyQF
muLXhR1hWoLlAiaxHtIL6A5Yywb055oiBRz6PN6TcIUMmSYCL58TNWlFq+sz1R3C
8SdY/KmR2XxC3+xxdhZeRR5pwLOj5dS7wKwod8DWVK5oAtMdP2eNbrwX+141SHeE
kO2A9FeUMABKvU5913LBVTPtw5CfMYrbTO8CokL2UT+3r/MvxyR17giFxdF+EWpm
Kh0/AdMrj2A09tYHE+PcMJ/pLIYj2iJq+o2ARcsKGk1Y0Ao75Q==
-----END CERTIFICATE-----