Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38302e37352e3232312e302f32342d3234203d3e203438393235.roa
File:                     38302e37352e3232312e302f32342d3234203d3e203438393235.roa (raw, json)
Hash identifier:          Q4yUdFFGtrq1xUVDtHn0DoNWjht0ICRHxiUX7p+xRAQ=
Subject key identifier:   21:E9:D0:14:DC:65:2C:C3:EE:CE:31:C6:1B:4B:D9:C3:8A:0B:10:3A
Certificate issuer:       /CN=5ecb4cadbbadd500f49ca697d566a2761e017608
Certificate serial:       4FFDA39A7C04004315B1A3C4E5470C2831168AB8
Authority key identifier: 5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38302e37352e3232312e302f32342d3234203d3e203438393235.roa
Signing time:             Mon 13 Oct 2025 18:55:08 +0000
ROA not before:           Mon 13 Oct 2025 18:50:08 +0000
ROA not after:            Mon 12 Oct 2026 18:55:08 +0000
asID:                     48925
IP address blocks:        80.75.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 23:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:fd:a3:9a:7c:04:00:43:15:b1:a3:c4:e5:47:0c:28:31:16:8a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ecb4cadbbadd500f49ca697d566a2761e017608
        Validity
            Not Before: Oct 13 18:50:08 2025 GMT
            Not After : Oct 12 18:55:08 2026 GMT
        Subject: CN=21E9D014DC652CC3EECE31C61B4BD9C38A0B103A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5b:e5:4a:38:b7:84:75:a0:af:a0:18:35:12:
                    7b:0d:dc:83:98:ac:bd:7e:09:9d:72:0b:95:ea:b3:
                    15:5a:e4:1d:6d:3b:73:af:b3:9b:d8:52:a9:59:cb:
                    65:df:d9:80:3e:6f:0e:a4:9a:84:49:37:49:52:59:
                    9a:ed:0e:42:57:af:07:ae:60:e8:f3:be:ef:c0:f6:
                    72:52:92:7d:2d:5d:7f:c1:88:f5:8b:31:40:53:6f:
                    97:a3:7f:2a:e2:35:b0:60:a4:f9:3c:1b:49:21:84:
                    9a:3c:20:be:90:22:e2:d9:a5:9e:88:e8:88:b2:1f:
                    e2:7b:f1:2e:63:c2:88:a2:91:82:93:4d:65:23:b1:
                    d1:fe:2c:c7:ec:dd:64:d3:34:3f:29:48:75:76:37:
                    c1:3e:ac:77:ce:78:ee:01:fd:21:e5:24:db:e6:10:
                    a1:a8:d7:6c:1d:75:2b:10:fa:14:6d:16:c4:68:e7:
                    00:92:1e:1f:57:c8:f0:fe:80:80:2d:22:61:9d:cc:
                    f8:f1:b6:5d:ab:e7:2a:2e:a4:a0:87:05:42:6b:7e:
                    d7:db:6e:3b:4e:57:28:bb:b4:0f:50:ec:15:30:a3:
                    47:73:bc:5e:c2:27:7f:c3:6f:b2:be:ce:f3:06:df:
                    48:14:50:5c:8a:4d:fc:e9:5c:e8:19:88:db:9f:ed:
                    08:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E9:D0:14:DC:65:2C:C3:EE:CE:31:C6:1B:4B:D9:C3:8A:0B:10:3A
            X509v3 Authority Key Identifier:
                keyid:5E:CB:4C:AD:BB:AD:D5:00:F4:9C:A6:97:D5:66:A2:76:1E:01:76:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/5ECB4CADBBADD500F49CA697D566A2761E017608.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XstMrbut1QD0nKaX1Waidh4Bdgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ac0e13d8-bfe0-4235-afb4-d53edfbacdd2/0/38302e37352e3232312e302f32342d3234203d3e203438393235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b2:fc:1b:ce:dc:af:fe:26:28:42:21:6b:3e:63:2e:fc:bb:
         d7:7f:9f:de:25:18:26:d6:04:0d:59:da:c5:48:2e:69:94:10:
         56:2c:e2:c7:e6:ef:25:60:28:61:93:a7:ab:79:35:58:ca:9e:
         d0:c6:1f:31:3d:ec:41:f8:81:fc:ef:aa:08:39:6e:e9:bb:62:
         fd:18:d6:eb:18:79:f5:0f:d7:f9:ac:85:9c:76:34:25:56:0f:
         a0:15:b8:e2:15:ed:93:b8:98:54:18:68:53:66:18:7e:8d:3e:
         4f:2b:03:44:a7:8e:c2:23:57:6b:8e:79:3b:3c:29:04:f3:25:
         15:7b:64:3d:b1:3a:45:16:7c:01:d7:8b:df:18:6a:23:be:47:
         98:63:69:21:84:f2:e0:42:32:d5:aa:3d:01:ba:b2:ae:ed:a2:
         fa:1e:87:41:02:cc:8f:01:90:a6:56:03:89:07:48:e5:40:75:
         9c:7c:33:89:a7:46:ff:3c:5c:61:9f:7f:ee:6e:c9:fe:ab:cf:
         84:6c:f7:3a:74:69:0c:49:13:cf:a1:0c:f4:c4:21:33:55:5c:
         f0:b3:5d:05:a5:56:d2:6a:26:57:60:32:bd:43:05:8a:5a:69:
         38:f8:e5:c4:40:1e:e6:05:1e:ab:8f:1e:f9:66:0f:83:2f:7a:
         cf:7b:09:39
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT/2jmnwEAEMVsaPE5UcMKDEWirgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVjYjRjYWRiYmFkZDUwMGY0OWNhNjk3ZDU2NmEyNzYx
ZTAxNzYwODAeFw0yNTEwMTMxODUwMDhaFw0yNjEwMTIxODU1MDhaMDMxMTAvBgNV
BAMTKDIxRTlEMDE0REM2NTJDQzNFRUNFMzFDNjFCNEJEOUMzOEEwQjEwM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOW+VKOLeEdaCvoBg1EnsN3IOY
rL1+CZ1yC5XqsxVa5B1tO3Ovs5vYUqlZy2Xf2YA+bw6kmoRJN0lSWZrtDkJXrweu
YOjzvu/A9nJSkn0tXX/BiPWLMUBTb5ejfyriNbBgpPk8G0khhJo8IL6QIuLZpZ6I
6IiyH+J78S5jwoiikYKTTWUjsdH+LMfs3WTTND8pSHV2N8E+rHfOeO4B/SHlJNvm
EKGo12wddSsQ+hRtFsRo5wCSHh9XyPD+gIAtImGdzPjxtl2r5youpKCHBUJrftfb
bjtOVyi7tA9Q7BUwo0dzvF7CJ3/Db7K+zvMG30gUUFyKTfzpXOgZiNuf7QjfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIenQFNxlLMPuzjHGG0vZw4oLEDowHwYDVR0j
BBgwFoAUXstMrbut1QD0nKaX1Waidh4BdggwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgtYmZlMC00MjM1LWFmYjQtZDUzZWRmYmFj
ZGQyLzAvNUVDQjRDQURCQkFERDUwMEY0OUNBNjk3RDU2NkEyNzYxRTAxNzYwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hzdE1yYnV0MVFEMG5LYVgxV2FpZGg0
QmRnZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWMwZTEzZDgt
YmZlMC00MjM1LWFmYjQtZDUzZWRmYmFjZGQyLzAvMzgzMDJlMzczNTJlMzIzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzODM5MzIzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBL
3TANBgkqhkiG9w0BAQsFAAOCAQEAQbL8G87cr/4mKEIhaz5jLvy713+f3iUYJtYE
DVnaxUguaZQQVizix+bvJWAoYZOnq3k1WMqe0MYfMT3sQfiB/O+qCDlu6bti/RjW
6xh59Q/X+ayFnHY0JVYPoBW44hXtk7iYVBhoU2YYfo0+TysDRKeOwiNXa455Ozwp
BPMlFXtkPbE6RRZ8AdeL3xhqI75HmGNpIYTy4EIy1ao9Abqyru2i+h6HQQLMjwGQ
plYDiQdI5UB1nHwziadG/zxcYZ9/7m7J/qvPhGz3OnRpDEkTz6EM9MQhM1Vc8LNd
BaVW0momV2AyvUMFilppOPjlxEAe5gUeq48e+WYPgy96z3sJOQ==
-----END CERTIFICATE-----