Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa
File:                     38352e3230392e31372e302f32342d3234203d3e203235363933.roa (raw, json)
Hash identifier:          5YJLPDaGqAiDF0G+tUXhPNg3tA1r1b/VO1ZV0rM38dQ=
Subject key identifier:   F6:B3:3D:46:36:49:5E:A8:7A:6C:0D:E5:41:92:E1:AF:1B:BD:3D:F3
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       39428DF8D2CEB4C4591CBB41FA5E32F2679586BE
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa
Signing time:             Sat 07 Mar 2026 15:46:47 +0000
ROA not before:           Sat 07 Mar 2026 15:41:47 +0000
ROA not after:            Sat 06 Mar 2027 15:46:47 +0000
asID:                     25693
IP address blocks:        85.209.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:42:8d:f8:d2:ce:b4:c4:59:1c:bb:41:fa:5e:32:f2:67:95:86:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Mar  7 15:41:47 2026 GMT
            Not After : Mar  6 15:46:47 2027 GMT
        Subject: CN=F6B33D4636495EA87A6C0DE54192E1AF1BBD3DF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2a:df:3c:4f:5b:1d:fd:93:eb:cb:09:eb:9f:
                    b9:6d:65:e7:36:ff:3e:00:38:bb:90:3a:1b:f6:4b:
                    51:4f:bd:32:9b:45:87:30:ec:55:40:1c:21:0d:44:
                    21:ca:9c:6c:84:e0:52:4b:a1:de:0e:e8:fa:06:59:
                    9f:01:7b:07:bc:d4:89:fd:c8:35:6f:62:f8:b0:b1:
                    2f:bf:0e:e2:b8:84:36:8c:b2:05:15:d2:83:5e:00:
                    ee:d7:72:d5:b5:39:28:c4:89:8b:c8:70:d0:0e:9c:
                    87:08:6a:ad:2d:bb:0d:10:a1:95:21:57:12:b2:5e:
                    44:14:d2:3a:65:80:b1:94:5e:81:1f:4b:f5:61:b9:
                    3d:12:11:4c:c4:b2:af:8a:60:36:c8:5c:4b:b8:f0:
                    2b:15:7b:c6:0f:cd:16:49:bb:ed:7e:17:68:86:07:
                    33:06:e1:75:fa:99:cc:e2:68:07:df:8e:55:1e:0e:
                    45:36:e2:dc:81:91:cf:b8:27:e6:03:61:0b:fe:c2:
                    f2:6d:69:4d:77:82:8c:1a:89:69:f4:38:bb:fc:d7:
                    96:e0:9b:e2:b6:92:a2:92:7b:93:f0:17:02:72:e8:
                    0f:4c:56:f2:69:03:d5:2f:57:23:22:1d:d0:76:70:
                    5a:a7:04:3b:75:97:0f:ac:7d:c1:99:70:ec:eb:f1:
                    1f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B3:3D:46:36:49:5E:A8:7A:6C:0D:E5:41:92:E1:AF:1B:BD:3D:F3
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/38352e3230392e31372e302f32342d3234203d3e203235363933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:a7:49:a6:a0:2e:36:e9:8f:38:c4:79:be:8f:1d:f9:b1:a4:
         1a:e1:f4:dc:10:0c:8b:bb:52:c1:65:d8:de:9a:1b:8d:e4:5e:
         78:37:81:cb:54:d3:89:12:c6:d6:cd:08:37:9a:cd:03:c7:84:
         49:d0:d6:3b:cc:a6:dd:70:95:ca:71:6f:5e:04:93:af:73:39:
         4a:74:e4:51:73:4e:48:0d:64:44:44:ff:fe:dc:39:1f:8f:42:
         0f:28:79:53:8a:76:b5:cb:5b:ce:94:75:e2:ce:c7:a1:59:ed:
         db:d0:54:bb:b9:3f:d0:1d:b0:d6:75:ce:3d:bd:4c:a6:12:10:
         c5:70:c7:24:2b:a2:b9:c3:c6:d9:99:61:c1:11:a5:4f:64:f9:
         14:c0:1b:c5:1f:b5:d1:c7:23:be:39:da:82:ba:38:67:bb:82:
         25:3b:00:43:28:b1:58:18:14:0d:38:d3:5b:0a:19:52:71:01:
         40:5d:27:df:2e:6c:54:61:80:cb:69:79:1d:dd:b2:bd:26:34:
         3b:06:94:a7:2e:8c:7c:36:8a:dd:c6:38:c3:7e:51:7b:34:89:
         ec:75:81:3c:5f:0d:5d:6f:50:60:8a:a1:a2:f7:93:65:e6:0c:
         d0:25:cb:09:0c:5c:37:55:e8:8c:1f:be:d4:87:b0:bc:2f:8f:
         e2:71:b8:d2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOUKN+NLOtMRZHLtB+l4y8meVhr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNjAzMDcxNTQxNDdaFw0yNzAzMDYxNTQ2NDdaMDMxMTAvBgNV
BAMTKEY2QjMzRDQ2MzY0OTVFQTg3QTZDMERFNTQxOTJFMUFGMUJCRDNERjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+Kt88T1sd/ZPrywnrn7ltZec2
/z4AOLuQOhv2S1FPvTKbRYcw7FVAHCENRCHKnGyE4FJLod4O6PoGWZ8Bewe81In9
yDVvYviwsS+/DuK4hDaMsgUV0oNeAO7XctW1OSjEiYvIcNAOnIcIaq0tuw0QoZUh
VxKyXkQU0jplgLGUXoEfS/VhuT0SEUzEsq+KYDbIXEu48CsVe8YPzRZJu+1+F2iG
BzMG4XX6mcziaAffjlUeDkU24tyBkc+4J+YDYQv+wvJtaU13gowaiWn0OLv815bg
m+K2kqKSe5PwFwJy6A9MVvJpA9UvVyMiHdB2cFqnBDt1lw+sfcGZcOzr8R9fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9rM9RjZJXqh6bA3lQZLhrxu9PfMwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzgzNTJlMzIzMDM5MmUzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTM2MzkzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR
ETANBgkqhkiG9w0BAQsFAAOCAQEAwadJpqAuNumPOMR5vo8d+bGkGuH03BAMi7tS
wWXY3pobjeReeDeBy1TTiRLG1s0IN5rNA8eESdDWO8ym3XCVynFvXgSTr3M5SnTk
UXNOSA1kRET//tw5H49CDyh5U4p2tctbzpR14s7HoVnt29BUu7k/0B2w1nXOPb1M
phIQxXDHJCuiucPG2ZlhwRGlT2T5FMAbxR+10ccjvjnagro4Z7uCJTsAQyixWBgU
DTjTWwoZUnEBQF0n3y5sVGGAy2l5Hd2yvSY0OwaUpy6MfDaK3cY4w35RezSJ7HWB
PF8NXW9QYIqhoveTZeYM0CXLCQxcN1XojB++1IewvC+P4nG40g==
-----END CERTIFICATE-----