Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa
File:                     38322e3139372e36342e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          Eq43Y8Fs4psFfoEJdiqz4+DO8RPX6Y6ypDWJBpxD8Ok=
Subject key identifier:   BC:89:C2:FD:58:4E:D3:C9:1E:D0:BD:01:E2:87:88:D8:40:BF:9F:E5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       16AC8ADC5FD5315E57FF20A4D747702F9D215318
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa
Signing time:             Tue 20 Jan 2026 12:23:10 +0000
ROA not before:           Tue 20 Jan 2026 12:18:10 +0000
ROA not after:            Tue 19 Jan 2027 12:23:10 +0000
asID:                     40021
IP address blocks:        82.197.64.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:ac:8a:dc:5f:d5:31:5e:57:ff:20:a4:d7:47:70:2f:9d:21:53:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 20 12:18:10 2026 GMT
            Not After : Jan 19 12:23:10 2027 GMT
        Subject: CN=BC89C2FD584ED3C91ED0BD01E28788D840BF9FE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:08:7b:80:b6:2a:d1:70:2b:15:e8:c0:58:97:
                    f3:4d:e0:10:2e:07:bb:e2:79:a8:1d:dd:db:54:77:
                    b1:0e:85:d6:f4:1d:dd:32:2d:16:7d:f4:b4:fb:3a:
                    de:75:16:e9:04:2a:b5:70:10:6f:e6:be:ce:a3:a0:
                    72:22:91:91:a5:b5:49:46:ea:31:9c:86:62:48:55:
                    43:5c:b6:ce:59:ea:b1:62:3d:e0:d2:4e:31:ba:44:
                    d5:0e:34:b8:c3:d2:7d:77:76:fb:1d:8b:c6:bd:b2:
                    07:0b:be:fc:34:9c:01:63:84:8c:a0:4b:b5:12:33:
                    23:ac:22:36:fd:10:cd:03:8e:3b:50:f0:fc:62:dd:
                    7a:c5:53:15:f5:49:c2:54:8d:95:8f:2d:b6:9b:d5:
                    bc:77:0a:2e:67:6d:10:7e:55:04:8b:07:39:4b:88:
                    1e:66:45:dd:29:01:7b:7f:08:4e:fa:62:c9:92:f2:
                    82:88:c1:ce:df:33:6e:00:52:17:6d:4b:57:79:8f:
                    ab:1f:e6:d4:ce:10:46:f8:e3:e4:41:c8:ed:28:cc:
                    d7:1e:6b:83:ef:84:32:a7:c8:ba:bb:85:6a:f7:77:
                    21:0f:60:ab:49:e4:fe:ae:7b:26:60:0c:e6:b1:d6:
                    d1:7e:5e:e9:ad:e2:8a:31:72:e0:a1:b4:f0:56:64:
                    df:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:89:C2:FD:58:4E:D3:C9:1E:D0:BD:01:E2:87:88:D8:40:BF:9F:E5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139372e36342e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.197.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:38:6d:c5:ed:eb:8d:e3:d7:36:d4:19:31:fe:de:f4:3a:ce:
         2a:1c:70:9a:cb:6f:59:f5:38:e8:0b:60:74:21:2a:ff:02:c3:
         0e:96:a8:c9:81:05:d9:17:a8:4b:d1:58:11:be:c7:1c:02:0a:
         e6:37:63:fb:e1:9f:6a:26:35:55:3c:95:e2:f5:66:92:21:89:
         a4:ab:66:11:0e:9f:a5:8b:86:a6:c9:5e:2b:e5:33:2d:96:7e:
         05:ef:8a:e1:a8:b7:97:89:a7:2d:f8:9e:fc:34:af:f7:b1:f0:
         0e:f4:3a:43:a5:a8:34:5f:be:8d:d1:fe:15:9b:6c:66:6b:48:
         34:81:1d:b2:fe:63:de:25:b9:61:a7:ec:00:19:a1:f5:64:7f:
         f4:84:ba:5a:ef:68:d7:18:08:c4:91:10:cd:89:a6:47:50:de:
         59:84:a0:05:6c:30:1e:8f:a9:8c:17:2c:d0:e5:e5:1a:d9:70:
         82:ea:e0:fd:df:5b:c4:1d:78:63:d3:ec:84:ab:22:c6:2f:9c:
         ea:1b:0a:3f:82:d6:35:c2:0e:1a:a0:a1:63:ea:31:81:e8:0b:
         86:9e:87:b4:ec:05:ae:06:d5:92:48:8e:e1:0e:7b:f6:79:ea:
         b7:71:ad:89:86:73:74:fb:b6:6e:e8:9e:df:04:26:13:36:76:
         90:1e:42:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFqyK3F/VMV5X/yCk10dwL50hUxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAxMjAxMjE4MTBaFw0yNzAxMTkxMjIzMTBaMDMxMTAvBgNV
BAMTKEJDODlDMkZENTg0RUQzQzkxRUQwQkQwMUUyODc4OEQ4NDBCRjlGRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3CHuAtirRcCsV6MBYl/NN4BAu
B7vieagd3dtUd7EOhdb0Hd0yLRZ99LT7Ot51FukEKrVwEG/mvs6joHIikZGltUlG
6jGchmJIVUNcts5Z6rFiPeDSTjG6RNUONLjD0n13dvsdi8a9sgcLvvw0nAFjhIyg
S7USMyOsIjb9EM0DjjtQ8Pxi3XrFUxX1ScJUjZWPLbab1bx3Ci5nbRB+VQSLBzlL
iB5mRd0pAXt/CE76YsmS8oKIwc7fM24AUhdtS1d5j6sf5tTOEEb44+RByO0ozNce
a4PvhDKnyLq7hWr3dyEPYKtJ5P6ueyZgDOax1tF+Xumt4ooxcuChtPBWZN8VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvInC/VhO08ke0L0B4oeI2EC/n+UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM3MmUzNjM0
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlLF
QDANBgkqhkiG9w0BAQsFAAOCAQEAWzhtxe3rjePXNtQZMf7e9DrOKhxwmstvWfU4
6AtgdCEq/wLDDpaoyYEF2ReoS9FYEb7HHAIK5jdj++GfaiY1VTyV4vVmkiGJpKtm
EQ6fpYuGpsleK+UzLZZ+Be+K4ai3l4mnLfie/DSv97HwDvQ6Q6WoNF++jdH+FZts
ZmtINIEdsv5j3iW5YafsABmh9WR/9IS6Wu9o1xgIxJEQzYmmR1DeWYSgBWwwHo+p
jBcs0OXlGtlwgurg/d9bxB14Y9PshKsixi+c6hsKP4LWNcIOGqChY+oxgegLhp6H
tOwFrgbVkkiO4Q579nnqt3GtiYZzdPu2buie3wQmEzZ2kB5CHA==
-----END CERTIFICATE-----