Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa
File:                     38302e37352e32302e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          uf0R7Mb/WoFUkQM8WIGdMSljS1V7/WrGZrWWd81zNXk=
Subject key identifier:   71:85:B1:CE:E7:2F:4C:E0:AF:5F:AC:72:2C:29:2D:04:F3:F1:7B:13
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       25A573FB9561B430F6BD30878A525F09DD748A56
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 03 Feb 2026 10:23:13 +0000
ROA not before:           Tue 03 Feb 2026 10:18:13 +0000
ROA not after:            Tue 02 Feb 2027 10:23:13 +0000
asID:                     206283
IP address blocks:        80.75.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:a5:73:fb:95:61:b4:30:f6:bd:30:87:8a:52:5f:09:dd:74:8a:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb  3 10:18:13 2026 GMT
            Not After : Feb  2 10:23:13 2027 GMT
        Subject: CN=7185B1CEE72F4CE0AF5FAC722C292D04F3F17B13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5b:bb:98:87:cd:67:69:a0:f1:7e:89:5e:13:
                    54:74:ca:e1:f7:78:f0:88:46:76:aa:6f:59:79:a8:
                    2d:90:3b:61:2e:92:cc:d5:fc:a4:d4:1c:0b:aa:8c:
                    34:4c:87:5b:2b:5e:b5:54:bb:0e:98:cf:2a:9e:83:
                    93:d8:ce:00:da:27:fc:e0:ae:9d:9c:73:5f:d0:a3:
                    d9:b4:58:b9:94:de:91:c4:74:27:f4:8e:c1:31:b2:
                    dd:a9:94:62:bf:27:08:0d:6e:30:6c:03:5a:b2:e6:
                    b8:2a:1b:a3:18:42:21:bd:af:eb:2a:da:5e:4c:69:
                    34:ec:38:9f:67:68:78:26:10:96:60:5a:44:c3:a6:
                    42:e4:d7:b7:b8:c7:67:d0:41:d4:69:a6:75:dd:32:
                    65:df:57:f5:27:ff:f0:f1:10:4e:73:69:25:71:a5:
                    4a:72:22:11:81:68:d4:11:be:82:81:34:47:c8:3c:
                    bb:74:d2:a8:d1:e8:2f:87:42:3d:ef:86:2f:fc:62:
                    88:64:c5:3b:47:6d:6f:51:2d:76:cd:94:97:e5:82:
                    ba:1d:69:6a:cf:06:9a:d5:02:50:9e:74:c3:d4:31:
                    ed:e8:92:4d:0a:d2:3c:4f:67:2e:48:0d:b9:3a:4d:
                    1b:46:81:a8:88:e0:66:4a:1a:b5:b7:6f:a7:1f:94:
                    61:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:85:B1:CE:E7:2F:4C:E0:AF:5F:AC:72:2C:29:2D:04:F3:F1:7B:13
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32302e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:63:67:0d:d3:58:91:05:aa:9b:1d:e9:6e:19:d0:ee:e6:54:
         0d:78:e7:db:a5:71:9c:5b:53:48:12:94:f1:36:6b:04:3a:2f:
         8a:5b:f1:27:19:9f:24:50:83:9a:06:35:97:0a:d1:d3:3a:ef:
         08:9c:cb:8e:c9:d3:a0:97:65:2b:17:fb:43:0f:aa:d6:83:54:
         e7:e3:02:92:14:43:82:10:b0:87:63:d8:30:6b:23:84:a9:66:
         76:66:6c:46:fb:36:ce:5e:0c:ea:38:41:f4:1b:31:fa:18:10:
         78:c5:9d:56:7b:a2:47:5f:df:ac:37:45:0d:5c:00:62:9a:d3:
         7f:13:65:5b:6d:fe:56:81:0d:4e:fd:ab:0b:3b:fc:db:93:73:
         8e:6a:ff:87:3a:09:c5:bd:52:3f:ec:b5:f5:3f:86:e8:e0:db:
         04:6b:a4:46:e9:33:59:65:47:87:61:15:d7:e3:be:2a:6c:21:
         fd:dc:46:05:36:4f:14:c1:ce:23:73:0f:0d:ce:45:f8:47:1d:
         51:48:8a:c2:26:29:be:22:cf:52:b0:2f:53:60:80:b6:9d:c3:
         de:86:21:43:fb:3e:ec:e0:b1:e5:62:38:dc:a8:ab:0a:ad:0c:
         d6:84:22:72:4e:52:b3:2b:66:86:51:eb:11:03:56:44:c5:18:
         c5:c6:7e:84
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJaVz+5VhtDD2vTCHilJfCd10ilYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMDMxMDE4MTNaFw0yNzAyMDIxMDIzMTNaMDMxMTAvBgNV
BAMTKDcxODVCMUNFRTcyRjRDRTBBRjVGQUM3MjJDMjkyRDA0RjNGMTdCMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnW7uYh81naaDxfoleE1R0yuH3
ePCIRnaqb1l5qC2QO2EukszV/KTUHAuqjDRMh1srXrVUuw6Yzyqeg5PYzgDaJ/zg
rp2cc1/Qo9m0WLmU3pHEdCf0jsExst2plGK/JwgNbjBsA1qy5rgqG6MYQiG9r+sq
2l5MaTTsOJ9naHgmEJZgWkTDpkLk17e4x2fQQdRppnXdMmXfV/Un//DxEE5zaSVx
pUpyIhGBaNQRvoKBNEfIPLt00qjR6C+HQj3vhi/8YohkxTtHbW9RLXbNlJflgrod
aWrPBprVAlCedMPUMe3okk0K0jxPZy5IDbk6TRtGgaiI4GZKGrW3b6cflGHzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcYWxzucvTOCvX6xyLCktBPPxexMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzIzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
FDANBgkqhkiG9w0BAQsFAAOCAQEAGmNnDdNYkQWqmx3pbhnQ7uZUDXjn26VxnFtT
SBKU8TZrBDovilvxJxmfJFCDmgY1lwrR0zrvCJzLjsnToJdlKxf7Qw+q1oNU5+MC
khRDghCwh2PYMGsjhKlmdmZsRvs2zl4M6jhB9Bsx+hgQeMWdVnuiR1/frDdFDVwA
YprTfxNlW23+VoENTv2rCzv825Nzjmr/hzoJxb1SP+y19T+G6ODbBGukRukzWWVH
h2EV1+O+Kmwh/dxGBTZPFMHOI3MPDc5F+EcdUUiKwiYpviLPUrAvU2CAtp3D3oYh
Q/s+7OCx5WI43KirCq0M1oQick5SsytmhlHrEQNWRMUYxcZ+hA==
-----END CERTIFICATE-----