Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3235322e302f32332d3234203d3e2039333034.roa
File:                     38322e3139382e3235322e302f32332d3234203d3e2039333034.roa (raw, json)
Hash identifier:          +XW3P8tfDbdQGpsW8CAIbppv6YLxnO/Pr0wPudtPR6s=
Subject key identifier:   1D:BF:66:96:AB:92:F6:3E:94:6E:47:6A:3A:38:5E:2C:3F:63:7A:A2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       518B4DA5E7921C7924763E7D2EE640E2E8F4F33B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3235322e302f32332d3234203d3e2039333034.roa
Signing time:             Fri 22 Aug 2025 10:06:32 +0000
ROA not before:           Fri 22 Aug 2025 10:01:32 +0000
ROA not after:            Fri 21 Aug 2026 10:06:32 +0000
asID:                     9304
IP address blocks:        82.198.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:8b:4d:a5:e7:92:1c:79:24:76:3e:7d:2e:e6:40:e2:e8:f4:f3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 22 10:01:32 2025 GMT
            Not After : Aug 21 10:06:32 2026 GMT
        Subject: CN=1DBF6696AB92F63E946E476A3A385E2C3F637AA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:75:dd:ab:05:be:38:66:6a:36:6a:52:42:39:
                    56:7b:c7:6e:10:b5:3c:4d:b5:9e:40:ef:c8:7e:7a:
                    51:b3:b3:87:ef:a9:f9:38:1a:ca:5c:6a:72:c2:f5:
                    09:d4:59:1c:9a:07:33:7a:a9:f1:d3:98:f2:2b:8c:
                    a9:35:e9:c2:b1:ec:82:78:c3:f7:4e:91:d1:71:9c:
                    be:1b:c8:f6:a7:f1:32:13:7e:9e:28:ef:4b:2a:33:
                    80:d9:e1:2a:4c:bc:31:3c:7d:96:dc:66:ce:28:dc:
                    b4:34:53:4e:9e:9e:24:dd:e7:e2:71:f0:de:ea:e7:
                    de:04:1e:a6:26:f0:5c:4d:e1:97:cf:54:f4:f8:c4:
                    75:e0:8a:74:bf:dc:c6:47:9e:fe:25:3d:f1:2e:ab:
                    24:e3:71:16:d5:bf:25:a4:71:2a:84:2d:4d:fb:47:
                    5f:2d:e7:fb:a3:a1:73:0b:6a:15:5d:8a:fb:c9:ff:
                    a7:f0:f9:11:af:d5:d2:6e:df:bf:05:ae:e4:f9:95:
                    09:a7:4b:3f:fb:54:8a:37:dd:03:4a:42:4e:23:e7:
                    31:20:4f:f3:dd:af:86:f9:42:66:8f:c7:a7:be:a4:
                    12:7e:41:90:96:56:5c:ef:57:27:82:1c:fe:2d:40:
                    67:c1:8b:01:48:9e:19:d6:21:45:2f:ff:cb:9e:8f:
                    72:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BF:66:96:AB:92:F6:3E:94:6E:47:6A:3A:38:5E:2C:3F:63:7A:A2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38322e3139382e3235322e302f32332d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.198.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:8f:7a:0e:49:45:ae:5c:8f:a5:33:81:f1:d0:e2:f2:cd:7f:
         01:24:ac:99:7d:52:04:a0:0f:2d:53:18:d1:b5:00:0f:2a:5d:
         14:da:24:79:9f:40:f0:95:eb:33:f2:8a:85:00:81:62:9d:a6:
         6d:e4:25:02:50:1b:81:11:b1:44:a1:9c:bf:89:fa:14:ed:e0:
         7b:f1:47:f1:0c:eb:04:46:d0:d2:2f:15:3a:13:af:1a:9a:28:
         ce:fe:1b:c5:ab:f5:8e:07:e7:dc:f1:cf:6a:a2:61:45:f8:1f:
         26:b8:b9:08:91:2e:c5:21:43:49:cf:3c:33:e7:55:9e:0d:e0:
         73:fe:bb:e3:a4:49:18:e1:fe:e0:ae:fc:2a:0c:89:c8:ad:bd:
         ff:b0:0b:ef:e8:67:68:e9:51:89:67:74:8d:3b:64:94:ae:fe:
         a0:e0:12:a3:31:73:69:3e:eb:2e:61:45:de:31:f1:35:90:bc:
         e8:81:cc:0c:6e:f6:94:a8:f8:09:91:3f:9f:b5:4a:af:91:27:
         00:84:37:70:23:04:0c:4b:7e:89:b6:cd:bb:53:0a:d7:b6:eb:
         33:19:ac:3c:6d:e8:c3:dc:b2:a5:34:5a:ba:78:a3:41:01:f3:
         23:10:14:b5:7a:a5:ae:5d:07:13:23:1e:d3:7c:59:79:58:a2:
         b8:b2:29:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUYtNpeeSHHkkdj59LuZA4uj08zswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxMDAxMzJaFw0yNjA4MjExMDA2MzJaMDMxMTAvBgNV
BAMTKDFEQkY2Njk2QUI5MkY2M0U5NDZFNDc2QTNBMzg1RTJDM0Y2MzdBQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEdd2rBb44Zmo2alJCOVZ7x24Q
tTxNtZ5A78h+elGzs4fvqfk4GspcanLC9QnUWRyaBzN6qfHTmPIrjKk16cKx7IJ4
w/dOkdFxnL4byPan8TITfp4o70sqM4DZ4SpMvDE8fZbcZs4o3LQ0U06eniTd5+Jx
8N7q594EHqYm8FxN4ZfPVPT4xHXginS/3MZHnv4lPfEuqyTjcRbVvyWkcSqELU37
R18t5/ujoXMLahVdivvJ/6fw+RGv1dJu378FruT5lQmnSz/7VIo33QNKQk4j5zEg
T/Pdr4b5QmaPx6e+pBJ+QZCWVlzvVyeCHP4tQGfBiwFInhnWIUUv/8uej3L5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHb9mlquS9j6UbkdqOjheLD9jeqIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMjJlMzEzOTM4MmUzMjM1
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVLG
/DANBgkqhkiG9w0BAQsFAAOCAQEAEo96DklFrlyPpTOB8dDi8s1/ASSsmX1SBKAP
LVMY0bUADypdFNokeZ9A8JXrM/KKhQCBYp2mbeQlAlAbgRGxRKGcv4n6FO3ge/FH
8QzrBEbQ0i8VOhOvGpoozv4bxav1jgfn3PHPaqJhRfgfJri5CJEuxSFDSc88M+dV
ng3gc/6746RJGOH+4K78KgyJyK29/7AL7+hnaOlRiWd0jTtklK7+oOASozFzaT7r
LmFF3jHxNZC86IHMDG72lKj4CZE/n7VKr5EnAIQ3cCMEDEt+ibbNu1MK17brMxms
PG3ow9yypTRaunijQQHzIxAUtXqlrl0HEyMe03xZeViiuLIpcg==
-----END CERTIFICATE-----