Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/38312e32322e33362e302f32342d3234203d3e2039333034.roa
File:                     38312e32322e33362e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          ZF9XZC/bODryhT6ZNOtTNtsCOo7PGEkxAC4PFaBeYz0=
Subject key identifier:   25:7B:B8:74:3C:76:C1:98:F5:52:97:CC:CE:B8:67:24:DA:3D:4D:37
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       5A948444C6FFFA67C97643A6BBC2CD7070420DA9
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/38312e32322e33362e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 19 Aug 2025 07:10:44 +0000
ROA not before:           Tue 19 Aug 2025 07:05:44 +0000
ROA not after:            Tue 18 Aug 2026 07:10:44 +0000
asID:                     9304
IP address blocks:        81.22.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:94:84:44:c6:ff:fa:67:c9:76:43:a6:bb:c2:cd:70:70:42:0d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Aug 19 07:05:44 2025 GMT
            Not After : Aug 18 07:10:44 2026 GMT
        Subject: CN=257BB8743C76C198F55297CCCEB86724DA3D4D37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3c:62:61:86:9d:29:90:91:8a:9b:8f:c6:41:
                    ef:e6:a9:c7:0f:83:4c:c7:a0:3a:6b:2a:7b:f5:b2:
                    69:4d:49:aa:6e:80:3e:23:75:be:38:e1:4b:e9:07:
                    ba:b8:79:b9:5e:c2:90:98:04:39:51:1c:bf:ee:1a:
                    d3:98:c5:11:93:25:37:16:8a:62:db:80:e0:84:7e:
                    80:c1:1f:d1:73:04:ea:31:77:d4:c0:d7:d0:50:78:
                    23:16:ea:48:a3:47:5e:42:1c:c1:39:87:91:21:eb:
                    11:6b:28:ed:56:4a:7e:6d:b4:b4:57:7f:ce:ad:8c:
                    1f:eb:a6:d5:93:d6:9f:cf:33:fc:47:83:a5:72:d1:
                    34:99:0b:80:be:96:72:84:7e:ef:0b:31:57:4e:b4:
                    33:a0:4b:ee:4f:54:79:88:4d:cf:97:57:a6:8c:4e:
                    d5:a9:48:c4:22:c4:0f:0a:75:d0:85:dd:72:bd:3d:
                    da:c5:fe:b3:f8:4e:46:67:ef:cf:95:9b:5d:36:53:
                    3c:be:b3:02:4a:66:61:de:ed:92:a3:46:29:c6:b5:
                    ff:1e:53:cf:23:e1:54:c8:91:17:a5:01:bb:b8:27:
                    20:72:4d:f3:72:89:c8:4b:5f:3c:d5:6c:11:1f:ea:
                    98:df:8f:1d:31:7b:da:ec:39:da:cf:e4:d4:d6:dd:
                    ea:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:7B:B8:74:3C:76:C1:98:F5:52:97:CC:CE:B8:67:24:DA:3D:4D:37
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/38312e32322e33362e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:78:cb:be:8d:ad:61:c4:1d:f9:04:0c:f5:b9:40:f2:17:82:
         b8:3e:99:f9:24:77:a0:a9:93:c9:c9:fb:ee:34:c9:51:94:26:
         75:7d:4c:f1:ae:e9:93:dd:4f:df:ba:5b:a3:9b:30:02:e7:36:
         35:f9:08:ba:5a:33:6b:9f:11:75:7e:26:fe:36:57:9a:cb:71:
         5c:c3:39:1d:0f:fe:2b:8e:55:b3:ef:07:6f:ee:32:a2:c6:04:
         23:c5:9a:78:af:65:2e:28:f8:68:8a:20:24:2c:08:a1:e2:59:
         0b:12:5c:ad:0e:9f:cb:a8:dd:b6:97:7f:9f:79:dc:8d:14:c3:
         27:12:9d:95:26:bb:51:39:91:4d:6d:d7:23:c9:f3:f0:43:37:
         5a:28:13:a6:87:36:9d:2d:e6:2d:cc:51:04:c9:3f:ce:94:fa:
         02:a2:1f:c1:50:3f:4d:c0:55:1b:12:9f:62:88:85:bb:5e:bf:
         ad:4c:28:a5:ad:1c:7f:c8:f5:a9:10:8f:3b:6a:ba:ac:f5:c5:
         ec:de:51:67:56:3d:38:e3:6b:ee:88:9c:22:a3:b4:59:ea:5e:
         04:26:c0:27:b7:a4:cc:07:0a:9e:c4:48:f4:ed:3e:4a:4b:ca:
         bc:21:a6:d3:f9:08:36:3a:f8:59:7c:59:00:df:5c:77:25:d6:
         3e:db:dd:e5
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUWpSERMb/+mfJdkOmu8LNcHBCDakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNTA4MTkwNzA1NDRaFw0yNjA4MTgwNzEwNDRaMDMxMTAvBgNV
BAMTKDI1N0JCODc0M0M3NkMxOThGNTUyOTdDQ0NFQjg2NzI0REEzRDREMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfPGJhhp0pkJGKm4/GQe/mqccP
g0zHoDprKnv1smlNSapugD4jdb444UvpB7q4eblewpCYBDlRHL/uGtOYxRGTJTcW
imLbgOCEfoDBH9FzBOoxd9TA19BQeCMW6kijR15CHME5h5Eh6xFrKO1WSn5ttLRX
f86tjB/rptWT1p/PM/xHg6Vy0TSZC4C+lnKEfu8LMVdOtDOgS+5PVHmITc+XV6aM
TtWpSMQixA8KddCF3XK9PdrF/rP4TkZn78+Vm102Uzy+swJKZmHe7ZKjRinGtf8e
U88j4VTIkRelAbu4JyByTfNyichLXzzVbBEf6pjfjx0xe9rsOdrP5NTW3eqTAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUJXu4dDx2wZj1UpfMzrhnJNo9TTcwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zODMxMmUzMjMyMmUz
MzM2MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABR
FiQwDQYJKoZIhvcNAQELBQADggEBAMZ4y76NrWHEHfkEDPW5QPIXgrg+mfkkd6Cp
k8nJ++40yVGUJnV9TPGu6ZPdT9+6W6ObMALnNjX5CLpaM2ufEXV+Jv42V5rLcVzD
OR0P/iuOVbPvB2/uMqLGBCPFmnivZS4o+GiKICQsCKHiWQsSXK0On8uo3baXf595
3I0UwycSnZUmu1E5kU1t1yPJ8/BDN1ooE6aHNp0t5i3MUQTJP86U+gKiH8FQP03A
VRsSn2KIhbtev61MKKWtHH/I9akQjztquqz1xezeUWdWPTjja+6InCKjtFnqXgQm
wCe3pMwHCp7ESPTtPkpLyrwhptP5CDY6+Fl8WQDfXHcl1j7b3eU=
-----END CERTIFICATE-----