Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa
File:                     38352e3233372e3232302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jWbRrh8VyW1uD41U3+ezrE/+QhIe1lXl8Dxf2kWOpWQ=
Subject key identifier:   FA:21:64:72:20:AA:8E:4A:33:FC:F2:40:4E:83:A5:2C:4E:41:25:10
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       44182D0E0561A173C3F54196E3F5C65C54E624DF
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 01 May 2026 12:00:08 +0000
ROA not before:           Fri 01 May 2026 11:55:08 +0000
ROA not after:            Fri 30 Apr 2027 12:00:08 +0000
asID:                     834
IP address blocks:        85.237.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:17:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:18:2d:0e:05:61:a1:73:c3:f5:41:96:e3:f5:c6:5c:54:e6:24:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: May  1 11:55:08 2026 GMT
            Not After : Apr 30 12:00:08 2027 GMT
        Subject: CN=FA21647220AA8E4A33FCF2404E83A52C4E412510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:38:90:04:ff:20:5d:c5:8d:dc:6d:e6:c8:ff:
                    52:38:45:34:3b:f1:cc:10:6a:43:7c:16:ff:7f:2a:
                    ba:e4:a4:35:be:1c:8c:b7:c4:d9:ec:71:76:ff:86:
                    23:0c:6a:3f:bb:50:e5:13:8d:b7:c2:8d:b6:07:4c:
                    62:08:0f:3d:ce:39:7b:05:39:e0:49:23:0f:aa:8f:
                    0d:f3:23:f7:c5:8b:5e:0e:76:57:b1:d3:61:43:84:
                    49:5f:b9:13:2e:36:e4:cb:c4:60:cf:4b:df:36:0f:
                    03:22:e8:4c:bf:f6:65:d8:b3:02:86:1d:fe:e5:cd:
                    71:5e:f8:71:c4:56:4a:a7:19:10:ff:e3:b0:1c:5f:
                    2e:e7:85:41:07:89:59:77:5b:6c:0e:30:8d:06:3f:
                    35:45:b3:f9:d8:5a:0c:b9:0d:60:90:06:3b:67:51:
                    00:2d:c7:64:5a:bd:f9:2c:b5:9d:0f:47:3e:46:f5:
                    a7:da:7a:fb:61:57:d7:f9:79:43:66:37:b7:87:12:
                    1d:16:36:25:18:64:c6:45:c1:7c:5d:26:8e:1f:a0:
                    72:01:3a:53:ca:be:0c:60:e1:e4:d3:e8:5b:92:64:
                    bf:af:d1:06:74:16:cc:6a:96:c4:7d:25:f5:30:89:
                    87:d1:17:22:28:82:db:0f:2d:ef:0e:75:24:a2:4e:
                    8b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:21:64:72:20:AA:8E:4A:33:FC:F2:40:4E:83:A5:2C:4E:41:25:10
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3232302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:51:33:18:6f:51:cd:b9:b0:a3:0b:2f:c4:cd:36:9d:36:7d:
         31:82:8b:89:67:4e:8c:32:fa:8f:da:bc:5a:5d:16:81:40:70:
         c5:ac:bd:05:05:7b:cc:15:be:19:c8:45:02:92:61:37:01:e9:
         8d:0d:99:18:09:35:dd:e1:06:77:d4:fb:2a:a7:a7:bc:f8:76:
         ff:50:41:6d:a0:df:9f:b8:de:04:d7:bd:15:7f:d0:e6:d2:ea:
         42:a8:8f:a6:b7:6b:b6:cf:69:41:b6:5f:de:b8:47:67:95:d3:
         c2:17:d7:51:32:44:3a:f8:fa:42:ac:b4:0c:58:48:26:87:1c:
         f2:48:bc:74:83:95:18:12:26:c5:2a:49:ab:d6:96:95:87:dc:
         4a:85:31:90:75:38:b1:f0:af:73:81:44:fe:f3:6f:ec:df:57:
         15:a3:82:cd:1c:bb:b1:44:b2:4d:4d:eb:9f:8c:39:39:78:10:
         73:72:2a:e6:06:be:48:47:df:a8:c2:f8:02:3b:bf:5c:70:e9:
         47:ee:d0:33:42:fd:7f:4d:b0:69:87:52:06:2e:8c:99:65:8a:
         56:62:dd:40:79:77:24:b1:01:66:26:fa:9d:0e:3b:f4:b4:b9:
         83:91:3a:53:47:08:5a:ef:84:ba:cb:2a:bc:3c:25:f7:49:25:
         6e:02:2f:7d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURBgtDgVhoXPD9UGW4/XGXFTmJN8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjA1MDExMTU1MDhaFw0yNzA0MzAxMjAwMDhaMDMxMTAvBgNV
BAMTKEZBMjE2NDcyMjBBQThFNEEzM0ZDRjI0MDRFODNBNTJDNEU0MTI1MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9OJAE/yBdxY3cbebI/1I4RTQ7
8cwQakN8Fv9/KrrkpDW+HIy3xNnscXb/hiMMaj+7UOUTjbfCjbYHTGIIDz3OOXsF
OeBJIw+qjw3zI/fFi14Odlex02FDhElfuRMuNuTLxGDPS982DwMi6Ey/9mXYswKG
Hf7lzXFe+HHEVkqnGRD/47AcXy7nhUEHiVl3W2wOMI0GPzVFs/nYWgy5DWCQBjtn
UQAtx2RavfkstZ0PRz5G9afaevthV9f5eUNmN7eHEh0WNiUYZMZFwXxdJo4foHIB
OlPKvgxg4eTT6FuSZL+v0QZ0FsxqlsR9JfUwiYfRFyIogtsPLe8OdSSiTotBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+iFkciCqjkoz/PJAToOlLE5BJRAwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV7dww
DQYJKoZIhvcNAQELBQADggEBADlRMxhvUc25sKMLL8TNNp02fTGCi4lnTowy+o/a
vFpdFoFAcMWsvQUFe8wVvhnIRQKSYTcB6Y0NmRgJNd3hBnfU+yqnp7z4dv9QQW2g
35+43gTXvRV/0ObS6kKoj6a3a7bPaUG2X964R2eV08IX11EyRDr4+kKstAxYSCaH
HPJIvHSDlRgSJsUqSavWlpWH3EqFMZB1OLHwr3OBRP7zb+zfVxWjgs0cu7FEsk1N
65+MOTl4EHNyKuYGvkhH36jC+AI7v1xw6Ufu0DNC/X9NsGmHUgYujJllilZi3UB5
dySxAWYm+p0OO/S0uYOROlNHCFrvhLrLKrw8JfdJJW4CL30=
-----END CERTIFICATE-----