Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e20383334.roa
File:                     38322e3131382e32372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          FHARgMVSXXMShwXyaNVOhOAkH4d3l2a7vcFZrXGmL6Y=
Subject key identifier:   6D:49:27:84:BB:A6:7B:BC:21:C8:75:6F:13:6D:CE:C1:A4:47:2B:68
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       4A008E1818CB87FBFF9D2942AF5836C9A208175A
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 06 Apr 2026 14:57:56 +0000
ROA not before:           Mon 06 Apr 2026 14:52:56 +0000
ROA not after:            Mon 05 Apr 2027 14:57:56 +0000
asID:                     834
IP address blocks:        82.118.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:00:8e:18:18:cb:87:fb:ff:9d:29:42:af:58:36:c9:a2:08:17:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  6 14:52:56 2026 GMT
            Not After : Apr  5 14:57:56 2027 GMT
        Subject: CN=6D492784BBA67BBC21C8756F136DCEC1A4472B68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:52:c5:76:e2:da:bf:a3:40:4a:c9:07:ce:4d:
                    23:9f:a0:fe:5d:98:45:ce:00:e8:32:0b:07:09:89:
                    cf:21:b7:66:c9:a0:d6:48:83:41:17:fe:6e:e4:e4:
                    45:36:ea:2e:3e:11:c6:f0:84:80:1b:9d:2f:54:74:
                    2d:d1:e8:31:44:40:12:ea:a9:89:5b:d1:72:8e:1e:
                    2e:6a:44:da:7d:de:15:08:76:81:fa:51:c1:60:99:
                    f8:28:c8:60:2c:35:49:48:94:cf:d2:c8:f5:4c:af:
                    68:1e:83:26:9e:f6:8e:77:e1:8b:d2:7d:0e:26:a0:
                    95:90:5e:24:7f:61:bd:63:aa:32:38:94:48:46:19:
                    86:8e:e9:05:f0:15:89:b7:3d:67:89:21:51:37:21:
                    02:2a:3b:a7:c3:d8:e3:93:00:6c:66:ef:b6:b7:91:
                    99:8d:5a:b4:14:68:ab:8d:e6:90:79:b8:df:e1:cd:
                    5d:c9:b1:ee:b8:83:aa:90:da:a9:b3:56:57:0c:79:
                    a1:2b:0b:c0:05:a1:20:81:e0:62:9e:45:f9:13:b1:
                    da:cd:8f:f0:2f:64:66:85:0a:63:e4:10:d6:87:62:
                    19:0a:0e:d9:a9:b4:e0:5e:b6:6a:b5:99:a1:08:44:
                    69:71:4e:4c:b0:f3:a0:71:83:1f:19:2a:98:b6:48:
                    c9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:49:27:84:BB:A6:7B:BC:21:C8:75:6F:13:6D:CE:C1:A4:47:2B:68
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e32372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:78:3b:73:f1:3f:c0:9b:53:35:9b:ac:f0:f7:c2:03:ce:5d:
         5a:2e:f9:7f:79:c3:be:82:b3:45:48:52:2b:d2:0d:4b:da:44:
         d6:ef:84:a8:91:33:4e:06:a3:47:96:a8:71:c4:88:64:42:fe:
         5f:07:72:74:83:9e:c0:fe:ef:d4:61:ae:ea:a5:30:0f:91:95:
         99:59:d2:fa:21:5f:90:6b:3c:6c:0c:ae:b7:fd:cf:a4:10:67:
         10:19:0b:10:9d:ed:64:d3:59:b7:ae:43:21:06:70:17:a6:cc:
         0b:26:34:b7:48:22:56:04:c8:b0:18:bd:09:9d:13:72:12:95:
         45:c0:61:0c:85:bb:c6:f3:ca:fd:7f:91:dc:09:10:ae:03:c4:
         7f:65:9c:1d:65:35:78:be:bc:aa:5b:79:c6:83:65:10:ab:e1:
         24:b3:4b:b3:7c:83:99:c7:3f:80:98:83:4c:4b:4a:02:76:43:
         2a:15:5f:af:3a:bc:67:9b:6f:e6:e3:0e:f7:5d:c2:fc:6c:05:
         09:2c:ef:94:9d:22:2f:e5:5d:10:d9:b7:32:c7:3d:14:0b:9a:
         3f:8a:1b:36:b9:f4:be:ca:d0:a7:01:ea:c7:bc:7d:54:96:10:
         5f:a8:1a:fd:75:c5:f5:4c:06:f2:7f:da:74:db:e6:1d:c9:89:
         bf:9f:1d:9c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSgCOGBjLh/v/nSlCr1g2yaIIF1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA0MDYxNDUyNTZaFw0yNzA0MDUxNDU3NTZaMDMxMTAvBgNV
BAMTKDZENDkyNzg0QkJBNjdCQkMyMUM4NzU2RjEzNkRDRUMxQTQ0NzJCNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChUsV24tq/o0BKyQfOTSOfoP5d
mEXOAOgyCwcJic8ht2bJoNZIg0EX/m7k5EU26i4+EcbwhIAbnS9UdC3R6DFEQBLq
qYlb0XKOHi5qRNp93hUIdoH6UcFgmfgoyGAsNUlIlM/SyPVMr2gegyae9o534YvS
fQ4moJWQXiR/Yb1jqjI4lEhGGYaO6QXwFYm3PWeJIVE3IQIqO6fD2OOTAGxm77a3
kZmNWrQUaKuN5pB5uN/hzV3Jse64g6qQ2qmzVlcMeaErC8AFoSCB4GKeRfkTsdrN
j/AvZGaFCmPkENaHYhkKDtmptOBetmq1maEIRGlxTkyw86Bxgx8ZKpi2SMlbAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUbUknhLume7whyHVvE23OwaRHK2gwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnYbMA0G
CSqGSIb3DQEBCwUAA4IBAQBYeDtz8T/Am1M1m6zw98IDzl1aLvl/ecO+grNFSFIr
0g1L2kTW74SokTNOBqNHlqhxxIhkQv5fB3J0g57A/u/UYa7qpTAPkZWZWdL6IV+Q
azxsDK63/c+kEGcQGQsQne1k01m3rkMhBnAXpswLJjS3SCJWBMiwGL0JnRNyEpVF
wGEMhbvG88r9f5HcCRCuA8R/ZZwdZTV4vryqW3nGg2UQq+Eks0uzfIOZxz+AmINM
S0oCdkMqFV+vOrxnm2/m4w73XcL8bAUJLO+UnSIv5V0Q2bcyxz0UC5o/ihs2ufS+
ytCnAerHvH1UlhBfqBr9dcX1TAbyf9p02+YdyYm/nx2c
-----END CERTIFICATE-----