Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e203531303832.roa
File:                     38372e3235342e352e302f32342d3234203d3e203531303832.roa (raw, json)
Hash identifier:          0HnaDsDo2UX9wDKSm/WMFUG8xs3WsZvg6JVekoAYPCA=
Subject key identifier:   E9:F9:3C:DB:DD:BE:37:94:35:00:BA:B6:52:69:5F:6C:0F:C7:FE:3A
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       10D22C68A127A19F7F118BC10574311F240AA40A
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e203531303832.roa
Signing time:             Mon 04 May 2026 15:22:30 +0000
ROA not before:           Mon 04 May 2026 15:17:30 +0000
ROA not after:            Mon 03 May 2027 15:22:30 +0000
asID:                     51082
IP address blocks:        87.254.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d2:2c:68:a1:27:a1:9f:7f:11:8b:c1:05:74:31:1f:24:0a:a4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  4 15:17:30 2026 GMT
            Not After : May  3 15:22:30 2027 GMT
        Subject: CN=E9F93CDBDDBE37943500BAB652695F6C0FC7FE3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d2:6d:96:87:ab:39:af:75:c1:fc:38:88:2b:
                    95:b6:4c:a0:5f:34:e0:83:e5:dc:71:3f:1a:26:f7:
                    c3:54:d0:20:20:15:fb:40:7b:85:81:99:45:30:08:
                    e3:56:34:25:93:1e:bf:d7:ae:d0:23:cb:13:d7:a0:
                    da:02:ff:16:47:3d:9e:d6:b5:36:87:b3:10:42:9b:
                    02:83:1f:24:8a:58:0e:4f:e9:6d:8a:26:45:3f:d2:
                    12:df:a4:83:45:8c:b9:e7:6b:f0:7f:46:eb:40:59:
                    87:03:70:5f:04:95:46:33:4c:a4:93:5b:b9:61:bd:
                    e0:a2:6b:25:72:02:00:e0:e2:70:98:1a:da:3f:f2:
                    24:75:f6:76:cd:e9:4f:13:f7:ad:b7:62:f2:51:ce:
                    da:38:52:10:62:85:bc:1d:87:50:50:97:cb:48:ad:
                    ba:cc:61:df:88:bc:46:51:e6:1b:37:a8:5e:f4:6b:
                    af:c1:80:40:1b:ea:55:65:6e:18:47:1e:f7:86:5b:
                    e0:10:a1:0a:37:c8:02:04:f7:93:c0:de:9d:51:09:
                    4e:d6:59:b7:2b:0a:06:95:7a:6a:3c:b8:99:46:a5:
                    e0:9e:38:4d:c9:16:59:72:4f:7b:11:98:a6:88:b4:
                    a0:d6:2b:8d:3c:03:fd:a7:20:2f:d3:e1:c0:b9:72:
                    14:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F9:3C:DB:DD:BE:37:94:35:00:BA:B6:52:69:5F:6C:0F:C7:FE:3A
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e203531303832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a6:90:c1:db:a7:cb:23:08:d9:2d:66:b7:40:bb:7b:72:97:
         8c:fd:0d:05:ac:a5:58:bd:7f:03:e2:9c:5a:75:a8:64:a6:31:
         d7:f0:48:98:9b:f1:0d:e2:08:df:d2:7c:01:ec:e7:64:53:5e:
         e5:7f:36:9b:b3:70:05:22:eb:dc:f9:f4:10:2f:54:db:8f:9d:
         2c:9c:ab:fa:d8:b7:07:b3:64:0c:37:0a:76:28:13:00:e4:e1:
         60:62:07:19:8b:b0:fc:71:2c:db:73:32:47:4c:71:6b:52:f0:
         8c:72:27:8f:40:1c:be:8c:89:c7:39:cc:bc:c3:a5:92:0b:f5:
         02:34:3c:78:78:e6:7c:09:ea:ae:f2:8e:27:cb:95:fd:bd:f5:
         b7:99:34:1b:b9:96:46:7f:0b:60:c0:c8:07:29:98:f1:0c:13:
         7e:62:63:17:9b:c1:f1:8f:9c:87:a4:b6:0f:6f:4c:f0:30:11:
         13:90:41:88:96:de:73:65:9a:d6:06:30:c2:4e:aa:22:15:12:
         dd:39:5d:44:e8:e7:33:7e:7f:0c:58:7b:14:8a:23:00:5e:a7:
         cb:ff:74:97:74:c5:41:fd:27:8d:20:af:7d:2f:6a:66:b7:6c:
         d4:34:42:b5:fa:c7:3e:8b:58:f7:93:08:6a:82:be:63:19:fc:
         58:e2:47:ae
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUENIsaKEnoZ9/EYvBBXQxHyQKpAowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDQxNTE3MzBaFw0yNzA1MDMxNTIyMzBaMDMxMTAvBgNV
BAMTKEU5RjkzQ0RCRERCRTM3OTQzNTAwQkFCNjUyNjk1RjZDMEZDN0ZFM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV0m2Wh6s5r3XB/DiIK5W2TKBf
NOCD5dxxPxom98NU0CAgFftAe4WBmUUwCONWNCWTHr/XrtAjyxPXoNoC/xZHPZ7W
tTaHsxBCmwKDHySKWA5P6W2KJkU/0hLfpINFjLnna/B/RutAWYcDcF8ElUYzTKST
W7lhveCiayVyAgDg4nCYGto/8iR19nbN6U8T9623YvJRzto4UhBihbwdh1BQl8tI
rbrMYd+IvEZR5hs3qF70a6/BgEAb6lVlbhhHHveGW+AQoQo3yAIE95PA3p1RCU7W
WbcrCgaVemo8uJlGpeCeOE3JFllyT3sRmKaItKDWK408A/2nIC/T4cC5chRPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6fk8292+N5Q1ALq2UmlfbA/H/jowHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzEzMDM4MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX/gUw
DQYJKoZIhvcNAQELBQADggEBAEGmkMHbp8sjCNktZrdAu3tyl4z9DQWspVi9fwPi
nFp1qGSmMdfwSJib8Q3iCN/SfAHs52RTXuV/NpuzcAUi69z59BAvVNuPnSycq/rY
twezZAw3CnYoEwDk4WBiBxmLsPxxLNtzMkdMcWtS8IxyJ49AHL6Micc5zLzDpZIL
9QI0PHh45nwJ6q7yjifLlf299beZNBu5lkZ/C2DAyAcpmPEME35iYxebwfGPnIek
tg9vTPAwEROQQYiW3nNlmtYGMMJOqiIVEt05XUTo5zN+fwxYexSKIwBep8v/dJd0
xUH9J40gr30vama3bNQ0QrX6xz6LWPeTCGqCvmMZ/FjiR64=
-----END CERTIFICATE-----