Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e20343031383338.roa
File:                     39332e39322e32322e302f32332d3234203d3e20343031383338.roa (raw, json)
Hash identifier:          ZR3NimLfDuSVrHX3TIHZtfUL9Oft/y6YDT0lI8Ay4iU=
Subject key identifier:   C8:0A:13:4A:0E:33:72:E8:F9:11:E0:A2:B2:FE:31:9E:56:C1:C8:61
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       6FE6FEFF529756FF6465CA2BFB3890DD28988232
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e20343031383338.roa
Signing time:             Wed 13 Aug 2025 05:14:16 +0000
ROA not before:           Wed 13 Aug 2025 05:09:16 +0000
ROA not after:            Wed 12 Aug 2026 05:14:16 +0000
asID:                     401838
IP address blocks:        93.92.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e6:fe:ff:52:97:56:ff:64:65:ca:2b:fb:38:90:dd:28:98:82:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug 13 05:09:16 2025 GMT
            Not After : Aug 12 05:14:16 2026 GMT
        Subject: CN=C80A134A0E3372E8F911E0A2B2FE319E56C1C861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f6:4d:dc:8c:d5:0b:e6:5e:4b:d2:7f:3c:e4:
                    1b:c0:14:62:6a:69:9d:5a:ab:0b:96:3b:cd:1f:9c:
                    77:22:d7:33:5b:66:b9:3a:af:99:b6:7c:b1:8b:ca:
                    3c:e1:68:2b:e8:a1:8d:55:e3:e8:05:b3:e5:bd:3d:
                    f8:3a:6d:89:24:32:ba:d3:73:93:dd:83:86:b9:d7:
                    c9:2f:fe:86:ff:0b:f3:9d:7d:36:bc:2a:eb:00:fb:
                    dd:16:fe:78:7d:a4:9f:86:60:3a:d4:bd:10:99:bb:
                    8a:a2:ee:c0:c5:17:9a:9d:23:b4:1e:69:1f:46:99:
                    45:2a:6c:72:4e:f1:1c:75:27:99:06:07:98:19:a4:
                    3b:bc:44:ff:f5:b3:88:94:94:f9:45:2b:8b:f9:2c:
                    7e:a5:35:bf:ac:c9:fe:c3:5b:74:42:62:22:0f:da:
                    ed:4c:83:8a:c2:54:55:36:5f:40:30:17:0b:0f:1e:
                    69:98:64:78:6b:03:03:73:f8:88:8f:d2:19:d4:ea:
                    fe:2e:e8:c7:7a:ce:28:7e:b8:03:c7:a3:3f:dd:4a:
                    05:23:48:0d:96:7b:98:21:77:4e:76:ef:98:b3:b8:
                    33:6f:37:37:b7:0c:d8:af:9e:45:bf:d8:84:3e:fe:
                    2a:35:fb:29:67:da:d6:68:45:8d:86:4b:ee:6f:a6:
                    8a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0A:13:4A:0E:33:72:E8:F9:11:E0:A2:B2:FE:31:9E:56:C1:C8:61
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/39332e39322e32322e302f32332d3234203d3e20343031383338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:37:ca:10:f1:2c:94:ce:19:48:d9:93:95:65:f2:4d:b4:2a:
         e6:3b:97:96:ff:fc:ee:f1:19:1e:92:02:d0:3a:43:1f:d3:7a:
         67:05:c9:3f:8f:e4:31:a5:12:90:30:d3:ef:71:78:3e:2a:87:
         55:a2:19:98:55:90:95:b0:29:21:97:19:98:4e:e2:11:54:65:
         0e:43:10:5e:d9:64:6f:3c:c7:8b:90:17:c2:04:d8:39:61:26:
         87:d1:52:c0:f7:44:0d:f8:9e:11:74:1e:f6:b6:28:3f:b9:58:
         95:63:e9:36:a0:4c:d5:ad:33:95:97:38:f7:d0:8b:41:d0:14:
         9d:1e:fa:57:ed:6a:60:60:97:24:92:0e:ce:4a:d9:31:29:ef:
         1f:c1:7f:15:0a:aa:88:c5:ec:56:43:56:9c:76:f3:6f:90:0a:
         9c:19:1f:75:fe:c3:22:4b:ab:21:5c:61:64:58:67:07:16:b4:
         e0:e9:69:32:81:22:42:0d:5c:e6:3e:a5:bc:9a:ba:90:a7:05:
         1f:bd:96:36:9b:70:9e:26:f8:99:3c:99:ed:e0:2c:38:47:aa:
         59:3e:68:db:22:34:9f:e7:01:22:d3:b1:52:7c:4b:5e:43:67:
         ce:21:fb:9c:94:6d:5b:f0:9c:db:ba:ba:c1:54:7c:67:aa:e2:
         06:ca:3a:3b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb+b+/1KXVv9kZcor+ziQ3SiYgjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA4MTMwNTA5MTZaFw0yNjA4MTIwNTE0MTZaMDMxMTAvBgNV
BAMTKEM4MEExMzRBMEUzMzcyRThGOTExRTBBMkIyRkUzMTlFNTZDMUM4NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE9k3cjNUL5l5L0n885BvAFGJq
aZ1aqwuWO80fnHci1zNbZrk6r5m2fLGLyjzhaCvooY1V4+gFs+W9Pfg6bYkkMrrT
c5Pdg4a518kv/ob/C/OdfTa8KusA+90W/nh9pJ+GYDrUvRCZu4qi7sDFF5qdI7Qe
aR9GmUUqbHJO8Rx1J5kGB5gZpDu8RP/1s4iUlPlFK4v5LH6lNb+syf7DW3RCYiIP
2u1Mg4rCVFU2X0AwFwsPHmmYZHhrAwNz+IiP0hnU6v4u6Md6zih+uAPHoz/dSgUj
SA2We5ghd05275izuDNvNze3DNivnkW/2IQ+/io1+yln2tZoRY2GS+5vpopHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyAoTSg4zcuj5EeCisv4xnlbByGEwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzkzMzJlMzkzMjJlMzIzMjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzAzMTM4MzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAV1c
FjANBgkqhkiG9w0BAQsFAAOCAQEAKDfKEPEslM4ZSNmTlWXyTbQq5juXlv/87vEZ
HpIC0DpDH9N6ZwXJP4/kMaUSkDDT73F4PiqHVaIZmFWQlbApIZcZmE7iEVRlDkMQ
XtlkbzzHi5AXwgTYOWEmh9FSwPdEDfieEXQe9rYoP7lYlWPpNqBM1a0zlZc499CL
QdAUnR76V+1qYGCXJJIOzkrZMSnvH8F/FQqqiMXsVkNWnHbzb5AKnBkfdf7DIkur
IVxhZFhnBxa04OlpMoEiQg1c5j6lvJq6kKcFH72WNptwnib4mTyZ7eAsOEeqWT5o
2yI0n+cBItOxUnxLXkNnziH7nJRtW/Cc27q6wVR8Z6riBso6Ow==
-----END CERTIFICATE-----