Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234342e302f32342d3234203d3e2032393134.roa
File:                     38322e3139382e3234342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          HoneYVR9yVmxkFhRKvFUEjaZMSl4OnwgX18+66ibxG0=
Subject key identifier:   19:92:21:EF:56:57:7D:29:7D:33:DC:8C:CB:FE:00:C7:7D:FE:B3:86
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6FA0BF9A10FC613B2F78C148AF61897DCD5A500F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234342e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 14 Apr 2026 13:17:53 +0000
ROA not before:           Tue 14 Apr 2026 13:12:53 +0000
ROA not after:            Tue 13 Apr 2027 13:17:53 +0000
asID:                     2914
IP address blocks:        82.198.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:a0:bf:9a:10:fc:61:3b:2f:78:c1:48:af:61:89:7d:cd:5a:50:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 14 13:12:53 2026 GMT
            Not After : Apr 13 13:17:53 2027 GMT
        Subject: CN=199221EF56577D297D33DC8CCBFE00C77DFEB386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f0:a9:18:e2:29:68:6e:9c:5c:54:9f:76:3e:
                    10:b4:e6:90:44:fb:22:df:b4:0c:66:c0:f9:17:7c:
                    74:83:d5:3b:0e:fd:f9:60:50:35:f7:35:47:3a:5d:
                    d8:8f:29:9e:5f:c1:fa:fd:45:ef:55:48:b3:b3:ef:
                    a8:96:3d:c5:da:63:6d:8f:1e:c7:10:22:ec:07:9b:
                    b8:94:f1:1b:92:b9:f5:28:37:9b:33:0f:80:30:fb:
                    3a:50:f4:fe:f5:cf:cb:d0:b5:c7:f6:2a:ee:a1:18:
                    01:b4:93:a3:0d:05:c7:4a:e0:9f:fe:d5:c4:af:eb:
                    4e:1f:ba:2c:e3:7c:cc:d8:fe:53:ac:46:21:78:f3:
                    a7:7b:70:7e:ae:e4:6d:4a:b6:54:7a:65:61:6b:2f:
                    a1:4a:3f:85:9e:af:f8:65:d1:49:19:64:79:02:46:
                    b0:d4:35:40:8f:a9:76:72:3b:2a:65:03:1f:5e:26:
                    e8:cb:8a:97:6b:4f:79:a4:59:98:de:a3:76:79:e0:
                    82:95:87:1d:d9:e7:25:78:16:97:2e:99:c7:83:ce:
                    32:19:90:05:f2:05:46:e4:24:2d:1c:37:3f:d6:4f:
                    88:58:57:63:03:15:d8:0d:31:0d:d7:95:21:3f:2a:
                    40:cf:25:67:1c:92:a3:03:53:cf:60:19:75:9b:2a:
                    c3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:92:21:EF:56:57:7D:29:7D:33:DC:8C:CB:FE:00:C7:7D:FE:B3:86
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3234342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.198.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:69:3f:90:a6:cf:1f:dd:72:13:71:5a:38:96:33:b6:76:1f:
         45:76:25:8f:67:c2:fe:bd:a1:20:7f:84:ff:25:26:f2:28:e2:
         25:54:30:6e:95:81:6a:6b:b0:d7:2d:e3:b9:42:ac:01:8e:f2:
         9a:be:17:47:37:7b:d9:a8:b5:73:93:1a:3b:c4:19:7e:2c:ac:
         e0:72:48:97:95:3f:e0:58:57:3f:cb:2d:08:0d:aa:56:31:32:
         77:52:ac:41:e8:46:ac:cd:ea:eb:b3:5b:a0:bb:76:e5:a6:87:
         7c:b9:6f:bf:60:97:21:b3:e7:07:67:91:c0:72:53:b3:5f:64:
         2d:2c:15:91:24:8e:85:9d:27:14:58:32:29:83:8b:87:35:b6:
         be:a9:8b:74:d8:5f:28:68:b1:06:45:17:ce:1d:e9:4e:f9:20:
         f7:77:ff:dd:05:4e:02:35:72:1c:6a:58:72:03:0f:f4:0b:03:
         d6:a2:a7:ea:41:72:ba:e7:9e:11:96:30:a3:d0:b3:25:71:f6:
         5b:00:7a:f6:1c:35:a1:f1:eb:88:8c:6c:3a:16:d2:f1:e3:53:
         1f:a8:f7:76:b6:7e:d0:27:06:47:d6:ac:12:7f:c7:2e:ec:44:
         d9:81:1e:92:66:4b:a9:bc:f7:b7:bf:2a:2a:97:98:14:54:7f:
         0f:0c:97:a7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb6C/mhD8YTsveMFIr2GJfc1aUA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTQxMzEyNTNaFw0yNzA0MTMxMzE3NTNaMDMxMTAvBgNV
BAMTKDE5OTIyMUVGNTY1NzdEMjk3RDMzREM4Q0NCRkUwMEM3N0RGRUIzODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk8KkY4ilobpxcVJ92PhC05pBE
+yLftAxmwPkXfHSD1TsO/flgUDX3NUc6XdiPKZ5fwfr9Re9VSLOz76iWPcXaY22P
HscQIuwHm7iU8RuSufUoN5szD4Aw+zpQ9P71z8vQtcf2Ku6hGAG0k6MNBcdK4J/+
1cSv604fuizjfMzY/lOsRiF486d7cH6u5G1KtlR6ZWFrL6FKP4Wer/hl0UkZZHkC
RrDUNUCPqXZyOyplAx9eJujLipdrT3mkWZjeo3Z54IKVhx3Z5yV4FpcumceDzjIZ
kAXyBUbkJC0cNz/WT4hYV2MDFdgNMQ3XlSE/KkDPJWcckqMDU89gGXWbKsMzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGZIh71ZXfSl9M9yMy/4Ax33+s4YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM4MmUzMjM0
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFLG
9DANBgkqhkiG9w0BAQsFAAOCAQEAmWk/kKbPH91yE3FaOJYztnYfRXYlj2fC/r2h
IH+E/yUm8ijiJVQwbpWBamuw1y3juUKsAY7ymr4XRzd72ai1c5MaO8QZfiys4HJI
l5U/4FhXP8stCA2qVjEyd1KsQehGrM3q67NboLt25aaHfLlvv2CXIbPnB2eRwHJT
s19kLSwVkSSOhZ0nFFgyKYOLhzW2vqmLdNhfKGixBkUXzh3pTvkg93f/3QVOAjVy
HGpYcgMP9AsD1qKn6kFyuueeEZYwo9CzJXH2WwB69hw1ofHriIxsOhbS8eNTH6j3
drZ+0CcGR9asEn/HLuxE2YEekmZLqbz3t78qKpeYFFR/DwyXpw==
-----END CERTIFICATE-----