Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
File:                     38322e3131382e32342e302f32342d3234203d3e203537323338.roa (raw, json)
Hash identifier:          bmsf/k40eGdN++deEP9l4aJt3nVGJ9evXaZOAbsRiUU=
Subject key identifier:   27:AB:BB:56:27:7E:25:E0:3C:F7:31:8D:CC:A1:2D:11:D0:7D:C8:06
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       563987395DEB5C54D64F5E82E52D060B8F9233BF
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa
Signing time:             Thu 05 Feb 2026 11:55:37 +0000
ROA not before:           Thu 05 Feb 2026 11:50:37 +0000
ROA not after:            Thu 04 Feb 2027 11:55:37 +0000
asID:                     57238
IP address blocks:        82.118.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:30:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:39:87:39:5d:eb:5c:54:d6:4f:5e:82:e5:2d:06:0b:8f:92:33:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:37 2026 GMT
            Not After : Feb  4 11:55:37 2027 GMT
        Subject: CN=27ABBB56277E25E03CF7318DCCA12D11D07DC806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b2:ca:e5:9c:bb:c2:de:a8:eb:64:60:cc:ff:
                    39:b7:e1:0a:8e:f6:11:4c:d9:71:31:ec:95:50:b2:
                    04:fe:53:ee:1f:fc:d2:1d:fe:04:d1:3c:2c:e8:02:
                    3e:63:8e:17:bd:4c:0f:41:70:fc:2b:b7:97:84:31:
                    36:1d:cc:cb:31:72:e5:48:6f:65:ef:bd:cd:52:09:
                    9e:31:67:63:7a:28:8e:be:1f:19:b0:a1:99:2d:75:
                    d6:53:a4:68:00:62:16:78:99:9c:51:2d:36:ac:03:
                    5e:44:a1:a5:42:3d:05:42:6f:dc:84:1c:e2:3c:c5:
                    03:48:f3:1b:80:df:1c:ec:f4:69:fc:45:c9:24:90:
                    12:34:04:a8:db:1f:80:07:da:b2:7a:53:3b:24:95:
                    66:dc:da:1f:e7:d1:1a:94:57:57:4c:5e:87:a8:90:
                    5f:98:04:0f:1a:1f:9e:9d:3d:9f:a1:7c:16:d1:be:
                    65:70:3a:76:84:9d:c4:77:21:c4:fc:d2:ab:38:84:
                    06:53:3d:39:a7:b7:93:78:2f:99:d2:b0:32:2b:c6:
                    f0:52:7a:b5:40:48:54:6d:49:e2:d0:30:ee:fc:32:
                    85:58:a9:2f:21:0f:35:6c:03:77:0d:d8:0b:0e:8c:
                    09:ca:c8:fb:01:64:56:b9:46:93:77:4a:5d:e7:b2:
                    3c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AB:BB:56:27:7E:25:E0:3C:F7:31:8D:CC:A1:2D:11:D0:7D:C8:06
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32342e302f32342d3234203d3e203537323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2e:9a:9b:01:c5:18:37:4c:be:be:b7:72:f7:f9:8c:69:87:
         bd:8d:f6:7f:5c:66:06:63:f8:74:95:fa:c4:31:98:76:a4:92:
         aa:7e:d5:b9:99:e0:2a:4f:63:f2:f5:0a:22:73:b1:17:b3:8c:
         10:29:70:f7:30:9f:da:6d:67:52:aa:80:3a:b0:3c:da:16:25:
         a4:92:9f:58:a9:81:3c:7e:9c:d6:9c:96:c6:53:d6:20:21:0f:
         12:be:d5:38:16:e5:ac:f6:a9:c3:56:b5:05:cc:0e:fc:32:02:
         4d:ad:48:b6:e2:8e:78:df:52:dc:28:55:95:f0:21:37:28:a5:
         e3:fd:00:4d:5e:1f:ce:e5:7b:9b:8d:67:02:d5:0c:38:09:02:
         37:92:2d:0c:d8:52:b5:55:fb:12:08:4f:e7:38:cc:b8:38:26:
         b9:0b:81:da:29:98:8d:73:ac:b3:85:17:92:a6:10:8f:d7:ec:
         56:5b:ce:be:d3:ea:4f:2a:32:6c:d0:46:a4:55:f4:98:69:dd:
         a5:ae:4d:57:55:a1:eb:51:d2:6f:71:08:2d:1a:db:7c:3d:83:
         3e:6a:1a:44:39:89:29:97:b1:bb:93:8f:d6:80:57:28:64:8d:
         b9:55:c4:64:98:85:c0:9a:13:ec:45:e4:c3:f5:39:13:3c:2e:
         8d:27:46:b6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVjmHOV3rXFTWT16C5S0GC4+SM78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzdaFw0yNzAyMDQxMTU1MzdaMDMxMTAvBgNV
BAMTKDI3QUJCQjU2Mjc3RTI1RTAzQ0Y3MzE4RENDQTEyRDExRDA3REM4MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWssrlnLvC3qjrZGDM/zm34QqO
9hFM2XEx7JVQsgT+U+4f/NId/gTRPCzoAj5jjhe9TA9BcPwrt5eEMTYdzMsxcuVI
b2Xvvc1SCZ4xZ2N6KI6+HxmwoZktddZTpGgAYhZ4mZxRLTasA15EoaVCPQVCb9yE
HOI8xQNI8xuA3xzs9Gn8RckkkBI0BKjbH4AH2rJ6UzsklWbc2h/n0RqUV1dMXoeo
kF+YBA8aH56dPZ+hfBbRvmVwOnaEncR3IcT80qs4hAZTPTmnt5N4L5nSsDIrxvBS
erVASFRtSeLQMO78MoVYqS8hDzVsA3cN2AsOjAnKyPsBZFa5RpN3Sl3nsjyDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJ6u7Vid+JeA89zGNzKEtEdB9yAYwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
GDANBgkqhkiG9w0BAQsFAAOCAQEAoy6amwHFGDdMvr63cvf5jGmHvY32f1xmBmP4
dJX6xDGYdqSSqn7VuZngKk9j8vUKInOxF7OMEClw9zCf2m1nUqqAOrA82hYlpJKf
WKmBPH6c1pyWxlPWICEPEr7VOBblrPapw1a1BcwO/DICTa1ItuKOeN9S3ChVlfAh
Nyil4/0ATV4fzuV7m41nAtUMOAkCN5ItDNhStVX7EghP5zjMuDgmuQuB2imYjXOs
s4UXkqYQj9fsVlvOvtPqTyoybNBGpFX0mGndpa5NV1Wh61HSb3EILRrbfD2DPmoa
RDmJKZexu5OP1oBXKGSNuVXEZJiFwJoT7EXkw/U5EzwujSdGtg==
-----END CERTIFICATE-----