Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32372e302f32342d3234203d3e203137343937.roa
File:                     38372e3235342e32372e302f32342d3234203d3e203137343937.roa (raw, json)
Hash identifier:          oJ5rvj5E9wUerv74B0/Wvc0SZ2sawHmom3dQkatBF5E=
Subject key identifier:   72:93:D6:A5:2B:8C:13:37:68:E9:06:EC:F2:33:68:89:E0:C2:79:94
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       4D41E78371C67E9B2355984319939DB799947771
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32372e302f32342d3234203d3e203137343937.roa
Signing time:             Thu 26 Mar 2026 07:52:38 +0000
ROA not before:           Thu 26 Mar 2026 07:47:38 +0000
ROA not after:            Thu 25 Mar 2027 07:52:38 +0000
asID:                     17497
IP address blocks:        87.254.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:41:e7:83:71:c6:7e:9b:23:55:98:43:19:93:9d:b7:99:94:77:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar 26 07:47:38 2026 GMT
            Not After : Mar 25 07:52:38 2027 GMT
        Subject: CN=7293D6A52B8C133768E906ECF2336889E0C27994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a1:15:22:2a:62:4a:ed:12:e0:95:ec:ea:a6:
                    89:35:06:20:cc:7f:19:c5:b1:d1:d3:54:a4:47:64:
                    5e:3c:93:22:8d:f7:bd:22:f8:c0:a2:11:14:b9:11:
                    db:9a:b1:9b:e9:d6:0e:13:d5:c8:17:91:be:e8:c4:
                    4d:ed:31:b9:63:1e:b8:fa:55:80:e5:d1:59:1e:61:
                    03:1f:fa:8b:66:9e:84:dc:e3:d0:b7:08:b7:de:ff:
                    8b:fa:87:c1:f0:d4:3b:ec:ca:41:bb:85:e3:22:c3:
                    85:a6:8a:0e:4f:06:ed:15:a5:54:54:79:7a:ef:75:
                    96:80:67:59:4d:97:bf:32:96:10:47:1b:d3:b0:4e:
                    89:23:79:36:f7:c2:83:e1:62:a1:34:a4:c7:ec:90:
                    ff:2f:9d:53:4c:1f:66:c1:a1:87:fd:a3:cb:22:90:
                    06:a8:b0:91:3d:22:65:bb:fd:65:ef:1c:03:a1:77:
                    14:e9:90:79:cb:51:ee:ad:0f:9a:1d:f9:0c:80:30:
                    81:3e:5c:7a:3a:2e:bd:3a:08:34:aa:5b:88:7c:7e:
                    c2:c3:00:94:db:42:1a:a6:0c:b0:12:a3:a1:cf:79:
                    ee:3b:10:ba:3f:f2:a4:df:9a:6f:54:27:c8:f3:32:
                    9d:e9:50:51:21:60:41:fb:86:c8:8e:d8:7f:56:66:
                    d8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:93:D6:A5:2B:8C:13:37:68:E9:06:EC:F2:33:68:89:E0:C2:79:94
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32372e302f32342d3234203d3e203137343937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b5:7c:47:81:fe:6a:2a:0f:df:12:ff:6b:89:56:2f:32:1e:
         30:24:a6:86:28:71:3b:6f:8d:a2:18:14:ca:21:d3:06:c1:96:
         4b:62:83:1c:18:64:7e:7c:a3:8a:9f:49:88:a3:8f:28:23:9d:
         bb:d8:2b:4f:74:9b:04:a7:f1:5e:3e:43:53:ee:bf:97:da:88:
         1b:43:0b:88:52:e5:29:20:f9:31:5a:74:b9:d5:08:37:d8:51:
         62:4a:ca:47:27:ff:fe:13:c3:af:62:90:53:0f:da:b7:72:6d:
         d1:9f:a3:31:a2:f6:8a:75:17:04:de:fb:c2:3d:81:4e:7b:03:
         ff:a7:c3:f6:f8:75:9f:62:fa:72:79:1e:a6:65:c5:2a:70:57:
         0f:28:16:23:c5:f9:a1:e9:1a:18:bd:ac:7e:dc:a7:24:b7:5a:
         6b:bd:fb:f7:02:9a:d0:e4:9f:2a:6f:e5:91:c7:e2:a5:bd:be:
         c2:c3:34:a4:f2:4d:2c:4d:6d:15:00:97:2a:ec:86:f9:21:f2:
         53:67:0a:2e:67:91:de:7f:ca:56:db:66:9f:9e:d0:c8:86:ee:
         47:89:8a:5f:f8:4f:9b:b1:8c:91:00:c7:ec:5c:0a:d3:a8:82:
         f4:e5:a1:57:d9:97:78:ee:d2:94:de:8f:6d:8d:06:8e:2f:2e:
         c3:27:cc:24
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTUHng3HGfpsjVZhDGZOdt5mUd3EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMjYwNzQ3MzhaFw0yNzAzMjUwNzUyMzhaMDMxMTAvBgNV
BAMTKDcyOTNENkE1MkI4QzEzMzc2OEU5MDZFQ0YyMzM2ODg5RTBDMjc5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcoRUiKmJK7RLglezqpok1BiDM
fxnFsdHTVKRHZF48kyKN970i+MCiERS5EduasZvp1g4T1cgXkb7oxE3tMbljHrj6
VYDl0VkeYQMf+otmnoTc49C3CLfe/4v6h8Hw1DvsykG7heMiw4Wmig5PBu0VpVRU
eXrvdZaAZ1lNl78ylhBHG9OwTokjeTb3woPhYqE0pMfskP8vnVNMH2bBoYf9o8si
kAaosJE9ImW7/WXvHAOhdxTpkHnLUe6tD5od+QyAMIE+XHo6Lr06CDSqW4h8fsLD
AJTbQhqmDLASo6HPee47ELo/8qTfmm9UJ8jzMp3pUFEhYEH7hsiO2H9WZtg5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcpPWpSuMEzdo6Qbs8jNoieDCeZQwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0MzkzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
GzANBgkqhkiG9w0BAQsFAAOCAQEAM7V8R4H+aioP3xL/a4lWLzIeMCSmhihxO2+N
ohgUyiHTBsGWS2KDHBhkfnyjip9JiKOPKCOdu9grT3SbBKfxXj5DU+6/l9qIG0ML
iFLlKSD5MVp0udUIN9hRYkrKRyf//hPDr2KQUw/at3Jt0Z+jMaL2inUXBN77wj2B
TnsD/6fD9vh1n2L6cnkepmXFKnBXDygWI8X5oekaGL2sftynJLdaa7379wKa0OSf
Km/lkcfipb2+wsM0pPJNLE1tFQCXKuyG+SHyU2cKLmeR3n/KVttmn57QyIbuR4mK
X/hPm7GMkQDH7FwK06iC9OWhV9mXeO7SlN6PbY0Gji8uwyfMJA==
-----END CERTIFICATE-----