Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa
File:                     38372e3235342e372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          uPveiCZb05Qe74m9ER/dRXkOE+jPcZGdhN1kbDCURUs=
Subject key identifier:   9B:38:28:89:E2:3B:BF:E1:14:A7:5F:4B:8C:4C:FE:AB:7A:6A:71:CA
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       32E12338FF21FA5BA4FAE911AD847BB28EE4E89C
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 16 Mar 2026 10:20:40 +0000
ROA not before:           Mon 16 Mar 2026 10:15:40 +0000
ROA not after:            Mon 15 Mar 2027 10:20:40 +0000
asID:                     834
IP address blocks:        87.254.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:57:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e1:23:38:ff:21:fa:5b:a4:fa:e9:11:ad:84:7b:b2:8e:e4:e8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar 16 10:15:40 2026 GMT
            Not After : Mar 15 10:20:40 2027 GMT
        Subject: CN=9B382889E23BBFE114A75F4B8C4CFEAB7A6A71CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:32:78:70:41:c8:d7:cd:95:47:20:8c:7e:93:
                    49:e5:17:4e:de:6c:82:b2:4e:f0:54:d5:23:2d:de:
                    a1:be:2b:ef:83:e5:28:ed:e5:74:62:bb:c4:e7:f4:
                    3a:99:63:4f:f8:1f:de:7d:9f:a0:02:9c:2b:b0:12:
                    4c:ee:e4:fe:cf:3f:f6:a7:e4:3e:11:62:7a:30:9f:
                    99:cf:53:b4:81:95:5b:24:63:07:27:c8:9f:d0:dc:
                    ca:91:01:2d:d5:50:39:b4:ca:66:4a:d2:17:ea:08:
                    c0:11:2b:1c:00:1b:16:bc:23:12:03:ee:7d:c4:bd:
                    bd:b1:5d:51:f3:af:0d:5c:35:8f:98:f9:fa:fc:76:
                    b6:42:4a:7f:0e:39:08:ca:82:1b:a8:f3:61:6c:73:
                    bd:93:03:54:6a:58:0f:c7:7a:5e:df:b3:2f:9f:3c:
                    d3:23:bc:47:39:9a:a4:39:6e:88:51:bc:a0:c0:02:
                    9d:3a:8f:01:1f:3a:b2:22:3f:70:8a:5f:36:b8:b5:
                    3d:b8:27:b8:94:ee:39:e0:57:44:2a:a0:cb:e9:1c:
                    c5:44:e5:71:19:d3:a7:de:d1:45:4e:8d:e3:83:64:
                    c6:7e:2c:5a:71:b7:39:5b:dc:b1:27:94:b1:f0:7f:
                    33:fe:17:dc:09:e3:5a:4d:d5:ca:ae:a0:f3:9d:e9:
                    bb:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:38:28:89:E2:3B:BF:E1:14:A7:5F:4B:8C:4C:FE:AB:7A:6A:71:CA
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e6:7e:7f:4e:77:c2:74:4e:bf:c0:c1:b1:67:48:a0:9c:9a:
         5a:dc:96:dd:28:3a:90:25:67:db:b6:1c:a9:7a:14:b1:49:7b:
         b3:cd:4f:56:56:30:ad:ac:ad:7c:ef:7f:18:1a:06:f3:d8:21:
         8b:58:7e:96:c2:80:61:ed:26:8b:6e:53:bd:10:f0:33:89:51:
         c8:86:48:27:91:13:1a:16:28:61:c8:63:b7:8f:c0:94:73:8a:
         46:fc:e2:e2:52:15:ce:36:2e:be:30:25:66:2d:29:c6:3b:7b:
         b5:da:53:77:5b:6a:0c:f5:c8:f7:6b:64:8a:75:65:5b:87:c7:
         06:6f:b6:a3:d9:ae:d4:51:60:02:25:26:f2:02:b1:b8:9f:8b:
         5c:67:4d:78:7a:8a:13:38:72:37:c1:3c:1a:bd:c8:54:4c:94:
         00:08:e6:72:cf:57:d8:4f:ff:70:50:40:29:32:56:c2:5e:6f:
         9d:c9:74:14:90:14:a4:af:db:a4:59:a2:f6:9f:b4:57:12:22:
         3d:dd:c0:8b:8b:36:4f:d6:bd:e6:7f:67:cc:b1:20:6d:e7:ba:
         8f:59:84:5c:6c:7f:35:de:60:3e:ba:cd:05:5c:04:9c:3d:f5:
         62:8c:12:26:56:e1:80:6e:5d:a9:82:ca:4a:18:26:08:46:cf:
         8b:64:55:d8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUMuEjOP8h+luk+ukRrYR7so7k6JwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMTYxMDE1NDBaFw0yNzAzMTUxMDIwNDBaMDMxMTAvBgNV
BAMTKDlCMzgyODg5RTIzQkJGRTExNEE3NUY0QjhDNENGRUFCN0E2QTcxQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxMnhwQcjXzZVHIIx+k0nlF07e
bIKyTvBU1SMt3qG+K++D5Sjt5XRiu8Tn9DqZY0/4H959n6ACnCuwEkzu5P7PP/an
5D4RYnown5nPU7SBlVskYwcnyJ/Q3MqRAS3VUDm0ymZK0hfqCMARKxwAGxa8IxID
7n3Evb2xXVHzrw1cNY+Y+fr8drZCSn8OOQjKghuo82Fsc72TA1RqWA/Hel7fsy+f
PNMjvEc5mqQ5bohRvKDAAp06jwEfOrIiP3CKXza4tT24J7iU7jngV0QqoMvpHMVE
5XEZ06fe0UVOjeODZMZ+LFpxtzlb3LEnlLHwfzP+F9wJ41pN1cquoPOd6buJAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUmzgoieI7v+EUp19LjEz+q3pqccowHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+BzANBgkq
hkiG9w0BAQsFAAOCAQEAYeZ+f053wnROv8DBsWdIoJyaWtyW3Sg6kCVn27YcqXoU
sUl7s81PVlYwraytfO9/GBoG89ghi1h+lsKAYe0mi25TvRDwM4lRyIZIJ5ETGhYo
Ychjt4/AlHOKRvzi4lIVzjYuvjAlZi0pxjt7tdpTd1tqDPXI92tkinVlW4fHBm+2
o9mu1FFgAiUm8gKxuJ+LXGdNeHqKEzhyN8E8Gr3IVEyUAAjmcs9X2E//cFBAKTJW
wl5vncl0FJAUpK/bpFmi9p+0VxIiPd3Ai4s2T9a95n9nzLEgbee6j1mEXGx/Nd5g
PrrNBVwEnD31YowSJlbhgG5dqYLKShgmCEbPi2RV2A==
-----END CERTIFICATE-----