Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234312e302f32342d3234203d3e2032393134.roa
File:                     38322e3139382e3234312e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          +Ly5cPm3l6HulEY5d6WY0CJgUmX98XSaK0+50ODhIIs=
Subject key identifier:   AE:23:E5:02:1A:64:2A:3A:CE:1F:67:EC:19:3A:E7:48:93:E6:8E:A1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1E607D2B2337670618600B598B7E46A8F12919AF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234312e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 14 Apr 2026 13:17:43 +0000
ROA not before:           Tue 14 Apr 2026 13:12:43 +0000
ROA not after:            Tue 13 Apr 2027 13:17:43 +0000
asID:                     2914
IP address blocks:        82.198.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:60:7d:2b:23:37:67:06:18:60:0b:59:8b:7e:46:a8:f1:29:19:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 14 13:12:43 2026 GMT
            Not After : Apr 13 13:17:43 2027 GMT
        Subject: CN=AE23E5021A642A3ACE1F67EC193AE74893E68EA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d4:4b:59:b4:26:09:ab:6a:cb:29:cf:35:a5:
                    71:02:41:b7:91:15:f1:92:ae:63:7f:63:26:c9:5b:
                    58:54:8b:58:85:0a:b3:48:59:31:26:73:1f:e0:e5:
                    e8:09:4b:1e:c4:95:b2:ea:4c:de:1a:82:7f:53:18:
                    77:16:86:1b:db:74:20:01:62:ed:30:8a:e3:77:4b:
                    d8:89:c8:bf:4c:49:d3:cd:46:65:1a:89:0f:0e:dd:
                    4c:4d:f3:04:f6:a0:81:43:9d:ce:a4:a8:b6:b6:4f:
                    c7:65:70:bf:92:32:f0:fb:2d:88:2c:a8:b9:b3:3b:
                    49:32:eb:1f:76:1e:8f:2a:e6:c9:20:13:45:e3:96:
                    8f:bb:34:f8:61:3a:c9:9c:f5:85:5f:66:89:86:46:
                    81:7b:5f:a1:08:3c:a8:c4:d0:bc:2e:7d:36:e5:19:
                    2c:b8:19:91:83:0d:1f:18:9e:84:8f:91:be:76:ee:
                    22:5b:10:94:90:b2:6c:de:b0:ba:8b:f8:df:78:81:
                    0c:60:b5:7d:df:3c:5d:11:f7:28:c7:d8:b0:ef:a2:
                    f2:e9:00:83:34:3b:d5:b9:c1:4a:8c:aa:7e:24:a6:
                    a3:c9:ca:a6:3f:ce:94:d5:9f:18:2c:12:36:96:88:
                    c4:c2:ac:8d:09:4d:c2:de:b1:d6:fd:ca:e6:07:fc:
                    aa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:23:E5:02:1A:64:2A:3A:CE:1F:67:EC:19:3A:E7:48:93:E6:8E:A1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234312e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.198.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:00:a0:d8:b4:1c:7b:c7:37:20:4b:52:c4:65:f9:66:17:c0:
         7f:14:9c:a0:db:71:25:26:71:b3:51:f1:57:d8:5e:e3:94:94:
         71:be:a8:99:0b:0a:22:fa:64:18:b4:7d:97:48:28:29:79:3a:
         3d:9b:ea:8b:c1:e3:58:11:90:27:57:93:e4:d4:e6:c0:c7:64:
         1f:03:cc:b0:2d:1e:37:eb:e6:90:03:3b:3f:d6:3a:fa:06:7c:
         87:e3:89:b9:db:d5:91:a0:3c:8b:6e:15:c2:63:e7:d1:46:4a:
         cf:2b:f8:bc:e3:a3:e6:c2:17:a8:21:4b:ca:56:63:64:ad:80:
         07:06:ba:92:ba:25:ae:53:b2:33:1d:6f:26:28:b5:bb:d2:03:
         eb:4b:a5:5b:06:6d:8f:9c:89:9b:8e:07:bb:4a:af:be:8d:13:
         21:3f:24:0a:fa:d4:5d:28:63:a0:3d:87:21:ca:58:9a:31:44:
         52:61:9d:f1:bf:10:ab:27:e5:1d:a3:42:94:0d:a1:b8:8c:8a:
         4c:ae:2f:de:cc:6d:7d:9a:77:35:24:d8:da:15:03:9b:0a:5e:
         1a:5c:54:ed:8e:57:5c:ac:28:6d:19:10:7f:be:47:8c:ad:0e:
         28:40:2f:45:93:4d:83:a5:74:60:fc:87:c2:1f:56:b7:98:9a:
         d4:c3:60:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHmB9KyM3ZwYYYAtZi35GqPEpGa8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTQxMzEyNDNaFw0yNzA0MTMxMzE3NDNaMDMxMTAvBgNV
BAMTKEFFMjNFNTAyMUE2NDJBM0FDRTFGNjdFQzE5M0FFNzQ4OTNFNjhFQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC81EtZtCYJq2rLKc81pXECQbeR
FfGSrmN/YybJW1hUi1iFCrNIWTEmcx/g5egJSx7ElbLqTN4agn9TGHcWhhvbdCAB
Yu0wiuN3S9iJyL9MSdPNRmUaiQ8O3UxN8wT2oIFDnc6kqLa2T8dlcL+SMvD7LYgs
qLmzO0ky6x92Ho8q5skgE0Xjlo+7NPhhOsmc9YVfZomGRoF7X6EIPKjE0LwufTbl
GSy4GZGDDR8YnoSPkb527iJbEJSQsmzesLqL+N94gQxgtX3fPF0R9yjH2LDvovLp
AIM0O9W5wUqMqn4kpqPJyqY/zpTVnxgsEjaWiMTCrI0JTcLesdb9yuYH/Kp7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUriPlAhpkKjrOH2fsGTrnSJPmjqEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM4MmUzMjM0
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFLG
8TANBgkqhkiG9w0BAQsFAAOCAQEAnACg2LQce8c3IEtSxGX5ZhfAfxScoNtxJSZx
s1HxV9he45SUcb6omQsKIvpkGLR9l0goKXk6PZvqi8HjWBGQJ1eT5NTmwMdkHwPM
sC0eN+vmkAM7P9Y6+gZ8h+OJudvVkaA8i24VwmPn0UZKzyv4vOOj5sIXqCFLylZj
ZK2ABwa6krolrlOyMx1vJii1u9ID60ulWwZtj5yJm44Hu0qvvo0TIT8kCvrUXShj
oD2HIcpYmjFEUmGd8b8QqyflHaNClA2huIyKTK4v3sxtfZp3NSTY2hUDmwpeGlxU
7Y5XXKwobRkQf75HjK0OKEAvRZNNg6V0YPyHwh9Wt5ia1MNgpA==
-----END CERTIFICATE-----