Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32332e302f32342d3234203d3e20323036323833.roa
File:                     38302e37352e32332e302f32342d3234203d3e20323036323833.roa (raw, json)
Hash identifier:          bksexBNgjSzVBAi1eGt9EUWJwtXEO1TmNAxjqPDLP3s=
Subject key identifier:   5E:56:F0:C0:AD:94:87:78:AE:8A:61:2B:22:2E:64:EF:2F:39:63:32
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       618BC7C399808A5546950A111C3D9B6FE13F0AA4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32332e302f32342d3234203d3e20323036323833.roa
Signing time:             Tue 03 Feb 2026 10:23:14 +0000
ROA not before:           Tue 03 Feb 2026 10:18:14 +0000
ROA not after:            Tue 02 Feb 2027 10:23:14 +0000
asID:                     206283
IP address blocks:        80.75.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8b:c7:c3:99:80:8a:55:46:95:0a:11:1c:3d:9b:6f:e1:3f:0a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb  3 10:18:14 2026 GMT
            Not After : Feb  2 10:23:14 2027 GMT
        Subject: CN=5E56F0C0AD948778AE8A612B222E64EF2F396332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:65:7e:ce:bd:16:3d:99:02:b6:54:79:d7:be:
                    75:8b:69:62:6a:55:56:27:ba:46:d1:24:b3:aa:5b:
                    57:da:63:75:3d:d3:03:31:84:93:b4:03:43:fe:59:
                    92:b4:b1:45:2b:ad:08:8b:43:f0:b1:2e:8f:be:02:
                    6c:20:b3:c6:74:4e:dc:fb:72:35:66:7b:ef:de:57:
                    34:b4:a8:b3:e6:d5:fd:28:2e:5a:cc:d1:1f:5d:c9:
                    d8:fd:39:4e:71:8b:dd:7e:4e:b7:d6:27:80:d2:07:
                    2e:b8:c7:ca:f9:36:c3:22:b9:48:4b:d0:de:ae:87:
                    af:c9:84:65:6d:0d:1f:be:f5:73:68:c4:62:d8:6c:
                    67:7c:89:17:94:94:29:14:25:08:58:c5:78:c9:a0:
                    7e:ba:af:35:82:5f:a6:5e:6f:8f:3a:47:b9:1d:99:
                    e8:d4:2a:be:40:f2:4f:0c:d5:13:ad:96:b3:92:88:
                    3c:f9:32:59:42:53:da:5b:99:e2:fa:93:8f:f3:40:
                    bc:49:1a:23:05:91:35:63:bc:3a:9e:90:72:f9:6f:
                    01:9f:78:bb:9f:16:2b:bc:76:d5:36:6e:52:f9:83:
                    aa:4a:99:59:fd:42:bc:f8:d3:41:99:5e:18:67:ad:
                    86:55:13:70:0f:4c:13:b0:3b:d2:1e:6e:9f:80:ea:
                    8f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:56:F0:C0:AD:94:87:78:AE:8A:61:2B:22:2E:64:EF:2F:39:63:32
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e37352e32332e302f32342d3234203d3e20323036323833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:98:2c:fb:81:59:63:37:2e:df:16:5c:ed:d5:e3:02:31:03:
         76:1b:ad:bd:48:62:06:d7:08:dc:4c:b7:fe:1f:48:55:0d:00:
         c7:a6:94:66:b9:d3:12:1b:3d:be:6d:ba:4b:04:3d:e9:d5:59:
         79:d3:16:3f:e7:6d:5d:83:6e:b0:95:e2:a3:be:06:9b:c8:3c:
         22:22:6d:37:0a:b3:ba:71:7a:a3:4b:00:d5:77:28:fa:16:e5:
         4e:0d:eb:3f:93:a6:a0:79:12:eb:0e:95:a5:ea:32:76:e9:b3:
         51:14:c5:65:26:18:bc:52:ed:72:c1:4b:ba:0d:9c:27:af:cc:
         96:21:7d:f0:52:12:7c:c9:a8:c0:5e:ce:a5:fd:70:90:90:a3:
         fd:28:3b:f2:e4:e8:47:29:0a:98:13:12:78:18:af:39:f2:b6:
         23:a1:05:53:6a:42:a6:63:1e:f1:80:20:b5:f7:40:04:33:78:
         36:92:b9:eb:b6:04:74:7d:58:87:21:78:65:28:88:75:bf:c5:
         27:18:fb:fd:ce:b4:e5:65:d9:d3:3d:e8:55:4d:19:86:2a:d9:
         4f:64:3c:d8:f6:39:30:16:fa:2f:ac:98:60:16:35:49:fe:86:
         e0:27:aa:cb:ee:65:c6:5b:06:35:0e:da:1d:fa:34:25:be:a7:
         98:f9:50:2b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYYvHw5mAilVGlQoRHD2bb+E/CqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMDMxMDE4MTRaFw0yNzAyMDIxMDIzMTRaMDMxMTAvBgNV
BAMTKDVFNTZGMEMwQUQ5NDg3NzhBRThBNjEyQjIyMkU2NEVGMkYzOTYzMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaZX7OvRY9mQK2VHnXvnWLaWJq
VVYnukbRJLOqW1faY3U90wMxhJO0A0P+WZK0sUUrrQiLQ/CxLo++Amwgs8Z0Ttz7
cjVme+/eVzS0qLPm1f0oLlrM0R9dydj9OU5xi91+TrfWJ4DSBy64x8r5NsMiuUhL
0N6uh6/JhGVtDR++9XNoxGLYbGd8iReUlCkUJQhYxXjJoH66rzWCX6Zeb486R7kd
mejUKr5A8k8M1ROtlrOSiDz5MllCU9pbmeL6k4/zQLxJGiMFkTVjvDqekHL5bwGf
eLufFiu8dtU2blL5g6pKmVn9Qrz400GZXhhnrYZVE3APTBOwO9Iebp+A6o9tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXlbwwK2Uh3iuimErIi5k7y85YzIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzczNTJlMzIzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjMyMzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
FzANBgkqhkiG9w0BAQsFAAOCAQEAIZgs+4FZYzcu3xZc7dXjAjEDdhutvUhiBtcI
3Ey3/h9IVQ0Ax6aUZrnTEhs9vm26SwQ96dVZedMWP+dtXYNusJXio74Gm8g8IiJt
NwqzunF6o0sA1Xco+hblTg3rP5OmoHkS6w6VpeoydumzURTFZSYYvFLtcsFLug2c
J6/MliF98FISfMmowF7Opf1wkJCj/Sg78uToRykKmBMSeBivOfK2I6EFU2pCpmMe
8YAgtfdABDN4NpK567YEdH1YhyF4ZSiIdb/FJxj7/c605WXZ0z3oVU0ZhirZT2Q8
2PY5MBb6L6yYYBY1Sf6G4Ceqy+5lxlsGNQ7aHfo0Jb6nmPlQKw==
-----END CERTIFICATE-----