Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31332e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e31332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OXClm11L7B4KQMtboKCAGazXbwccz8w1E47tvtW+E9Q=
Subject key identifier:   A9:74:FF:42:08:71:89:53:E0:E4:8B:46:29:C2:68:DE:0B:A4:C9:4E
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       42D7A424D08898DC18D04FA2E3CB5DA08CC19DAB
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 08 May 2026 04:02:02 +0000
ROA not before:           Fri 08 May 2026 03:57:02 +0000
ROA not after:            Fri 07 May 2027 04:02:02 +0000
asID:                     834
IP address blocks:        87.254.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d7:a4:24:d0:88:98:dc:18:d0:4f:a2:e3:cb:5d:a0:8c:c1:9d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  8 03:57:02 2026 GMT
            Not After : May  7 04:02:02 2027 GMT
        Subject: CN=A974FF4208718953E0E48B4629C268DE0BA4C94E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:f2:f8:4f:48:70:ab:0d:7d:70:f7:91:a7:
                    65:db:52:37:e9:96:16:d8:54:12:91:51:c4:21:07:
                    52:1d:74:f6:92:34:12:18:03:da:7c:0a:2d:d0:26:
                    c3:01:d4:52:58:c3:49:91:33:25:96:aa:64:e8:b5:
                    6d:c2:89:7f:43:b4:12:0b:e6:5f:7a:ec:e5:e3:ed:
                    09:ee:b4:e3:d9:ce:2f:2d:87:30:66:7b:56:60:6d:
                    48:8f:bc:92:c1:9b:2d:54:6c:10:58:07:55:e7:29:
                    a4:04:bd:91:a3:fa:41:d6:5d:91:b1:a2:d6:65:87:
                    43:10:d8:3e:97:9a:60:4b:53:4e:b9:a4:83:37:87:
                    ec:c0:6c:e3:b2:94:22:95:c6:e9:cd:bd:5d:96:98:
                    4f:78:cf:69:d3:bd:d6:c7:97:68:dc:b0:95:7b:24:
                    3a:e5:17:8d:6f:30:63:6f:3a:5a:87:74:bf:c5:0c:
                    49:0b:2b:ca:22:cf:ce:2f:4d:5d:23:5e:f9:e8:59:
                    a1:01:c5:fc:3a:98:d3:23:ad:0c:e6:0b:b0:d4:46:
                    63:73:88:36:74:ab:e1:9e:38:1f:81:39:2f:24:9a:
                    a9:d8:62:8d:15:24:88:99:4b:ae:5c:ae:d2:25:a7:
                    a6:e7:2a:80:cb:e9:af:33:70:2f:43:fa:c6:55:bd:
                    8b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:74:FF:42:08:71:89:53:E0:E4:8B:46:29:C2:68:DE:0B:A4:C9:4E
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:c2:7a:1b:d7:46:28:75:3c:0d:a4:3d:59:a6:7b:a1:21:
         b7:81:61:92:69:b1:bc:cc:69:46:55:69:98:98:6f:c8:56:6c:
         6d:90:44:68:c4:2b:33:70:da:e9:e6:d1:b5:ba:f5:62:cb:9a:
         43:31:c7:ed:94:c0:db:18:cc:a3:01:7e:4f:36:57:53:ea:9e:
         74:de:5c:3f:93:b6:e1:25:e1:33:cf:02:04:ea:04:99:ec:77:
         29:fa:3b:a0:7a:c9:a8:7f:a3:e0:8e:bd:f3:e7:3a:97:05:f5:
         58:47:0b:15:39:89:23:d1:34:21:ad:fe:f4:e3:3d:42:74:fb:
         75:1b:53:a2:28:19:ba:22:b1:4e:bd:bb:77:99:91:a1:eb:b9:
         de:2d:56:ec:52:68:69:ce:bc:94:fc:37:be:e4:00:20:ad:30:
         c3:4e:5b:33:09:66:fe:fc:7c:0b:40:f2:e9:85:bd:35:36:70:
         c8:82:c6:5b:df:2e:98:81:7a:c6:b3:d1:c8:71:9a:63:75:58:
         5b:21:3b:20:b8:09:5c:e4:4b:da:8f:c5:99:d5:f3:d8:ed:2b:
         bb:f1:f0:2f:1c:b2:9f:77:03:a7:5c:96:e7:13:97:ee:6d:f2:
         3b:cc:3e:46:b2:53:26:22:90:46:9b:d7:ca:0f:21:04:7b:2d:
         ba:d0:85:37
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQtekJNCImNwY0E+i48tdoIzBnaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDgwMzU3MDJaFw0yNzA1MDcwNDAyMDJaMDMxMTAvBgNV
BAMTKEE5NzRGRjQyMDg3MTg5NTNFMEU0OEI0NjI5QzI2OERFMEJBNEM5NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRUfL4T0hwqw19cPeRp2XbUjfp
lhbYVBKRUcQhB1IddPaSNBIYA9p8Ci3QJsMB1FJYw0mRMyWWqmTotW3CiX9DtBIL
5l967OXj7QnutOPZzi8thzBme1ZgbUiPvJLBmy1UbBBYB1XnKaQEvZGj+kHWXZGx
otZlh0MQ2D6XmmBLU065pIM3h+zAbOOylCKVxunNvV2WmE94z2nTvdbHl2jcsJV7
JDrlF41vMGNvOlqHdL/FDEkLK8oiz84vTV0jXvnoWaEBxfw6mNMjrQzmC7DURmNz
iDZ0q+GeOB+BOS8kmqnYYo0VJIiZS65crtIlp6bnKoDL6a8zcC9D+sZVvYsJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqXT/QghxiVPg5ItGKcJo3gukyU4wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4NMA0G
CSqGSIb3DQEBCwUAA4IBAQA3rcJ6G9dGKHU8DaQ9WaZ7oSG3gWGSabG8zGlGVWmY
mG/IVmxtkERoxCszcNrp5tG1uvViy5pDMcftlMDbGMyjAX5PNldT6p503lw/k7bh
JeEzzwIE6gSZ7Hcp+jugesmof6Pgjr3z5zqXBfVYRwsVOYkj0TQhrf704z1CdPt1
G1OiKBm6IrFOvbt3mZGh67neLVbsUmhpzryU/De+5AAgrTDDTlszCWb+/HwLQPLp
hb01NnDIgsZb3y6YgXrGs9HIcZpjdVhbITsguAlc5Evaj8WZ1fPY7Su78fAvHLKf
dwOnXJbnE5fubfI7zD5GslMmIpBGm9fKDyEEey260IU3
-----END CERTIFICATE-----