Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa
File:                     38342e33392e3134382e302f32332d3234203d3e203630363634.roa (raw, json)
Hash identifier:          OX9ouaRV4FgL9FRIlCQF3OSBVFvoaVznAerjHIbaXLA=
Subject key identifier:   54:C5:2A:E3:04:10:B0:90:A7:95:08:4D:07:67:E0:CC:CC:03:89:90
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7D3D64C35EF8ACA09C508549E16F1A62FDE38125
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa
Signing time:             Fri 24 Apr 2026 18:23:55 +0000
ROA not before:           Fri 24 Apr 2026 18:18:55 +0000
ROA not after:            Fri 23 Apr 2027 18:23:55 +0000
asID:                     60664
IP address blocks:        84.39.148.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3d:64:c3:5e:f8:ac:a0:9c:50:85:49:e1:6f:1a:62:fd:e3:81:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 24 18:18:55 2026 GMT
            Not After : Apr 23 18:23:55 2027 GMT
        Subject: CN=54C52AE30410B090A795084D0767E0CCCC038990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:24:cc:17:29:c2:a4:b9:aa:35:50:33:13:b5:
                    53:ec:21:67:ed:13:c8:cb:5f:e4:c7:6f:ab:e8:ed:
                    aa:f9:3e:2e:ad:4f:5a:7a:5e:f6:70:7c:e7:1e:c7:
                    8c:c0:ce:a0:ee:63:cd:6b:d3:97:7d:f3:a3:da:d7:
                    f6:0c:37:c1:ef:40:b0:4b:f7:14:8f:a2:b2:eb:d5:
                    02:76:ed:18:6e:54:ee:6e:4e:df:00:ed:a6:70:f9:
                    d3:a3:b6:27:e6:73:16:bc:16:85:ee:31:48:a3:57:
                    8b:c1:6b:66:27:33:59:72:6d:90:87:2e:96:18:ee:
                    cd:54:c2:70:ac:1b:52:3e:02:b3:c9:dd:01:ff:26:
                    4f:91:f3:7c:fb:76:d2:4b:95:38:0a:0a:54:0c:95:
                    82:26:00:50:c5:cc:a4:20:e7:68:ad:20:42:bb:85:
                    f9:d5:07:ca:1e:4a:87:8b:82:6b:22:fc:ad:5f:31:
                    15:a3:cd:0f:1b:b5:e6:8f:4e:7e:08:46:97:d2:ef:
                    5e:66:ac:58:c5:13:75:46:f7:ef:5c:bd:52:47:4b:
                    f8:1f:f1:7d:c1:18:1b:37:bf:57:7e:fc:05:22:7d:
                    6a:bc:c6:53:c3:2f:fe:c4:d2:31:ea:e8:7f:c7:98:
                    83:2f:41:86:0a:37:66:1e:dc:a1:c3:14:a4:f6:80:
                    5a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C5:2A:E3:04:10:B0:90:A7:95:08:4D:07:67:E0:CC:CC:03:89:90
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3134382e302f32332d3234203d3e203630363634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:d9:54:c4:fa:c7:a3:57:56:2c:49:aa:96:c7:55:52:85:5d:
         e8:3c:01:5d:63:c4:2c:16:d3:65:f1:09:37:47:47:cd:3b:4c:
         88:d9:e1:58:04:9e:50:98:f4:38:90:59:f4:72:3a:bd:15:3c:
         92:d2:eb:09:e6:b6:c9:79:fa:85:a7:1b:33:1a:e5:c0:3b:05:
         11:80:27:6f:35:5d:9a:20:51:b8:6e:70:4c:0d:0a:c7:56:6e:
         e8:62:5a:b4:53:22:b2:fb:1d:3e:fe:a4:9e:18:2b:98:3d:7f:
         0f:32:cc:73:4d:27:dc:b3:b7:6b:62:dc:b8:77:d3:06:1a:85:
         67:93:35:ae:c8:4e:80:89:86:d1:9d:23:b7:e1:db:94:ee:5d:
         bb:89:e1:b5:5a:c3:d7:87:e9:1b:5f:9d:2f:11:18:cd:19:3a:
         bf:dc:2c:5e:51:07:da:3c:9c:77:50:63:f0:da:ec:ba:ad:83:
         02:c0:5d:3a:ce:96:81:d9:5a:eb:29:28:ab:ad:81:b9:f0:cf:
         2f:5c:7f:d8:68:d4:fc:cc:49:0f:53:57:9a:06:51:24:c9:1f:
         af:6c:4b:05:66:6f:7f:2e:fb:94:2b:e7:3f:9d:89:dd:54:63:
         46:fc:02:5f:66:15:c8:e9:da:60:93:1c:f1:74:e7:e5:43:85:
         5b:67:9b:b1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfT1kw174rKCcUIVJ4W8aYv3jgSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjQxODE4NTVaFw0yNzA0MjMxODIzNTVaMDMxMTAvBgNV
BAMTKDU0QzUyQUUzMDQxMEIwOTBBNzk1MDg0RDA3NjdFMENDQ0MwMzg5OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYJMwXKcKkuao1UDMTtVPsIWft
E8jLX+THb6vo7ar5Pi6tT1p6XvZwfOcex4zAzqDuY81r05d986Pa1/YMN8HvQLBL
9xSPorLr1QJ27RhuVO5uTt8A7aZw+dOjtifmcxa8FoXuMUijV4vBa2YnM1lybZCH
LpYY7s1UwnCsG1I+ArPJ3QH/Jk+R83z7dtJLlTgKClQMlYImAFDFzKQg52itIEK7
hfnVB8oeSoeLgmsi/K1fMRWjzQ8bteaPTn4IRpfS715mrFjFE3VG9+9cvVJHS/gf
8X3BGBs3v1d+/AUifWq8xlPDL/7E0jHq6H/HmIMvQYYKN2Ye3KHDFKT2gFqRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVMUq4wQQsJCnlQhNB2fgzMwDiZAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzYzMDM2MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVQn
lDANBgkqhkiG9w0BAQsFAAOCAQEAM9lUxPrHo1dWLEmqlsdVUoVd6DwBXWPELBbT
ZfEJN0dHzTtMiNnhWASeUJj0OJBZ9HI6vRU8ktLrCea2yXn6hacbMxrlwDsFEYAn
bzVdmiBRuG5wTA0Kx1Zu6GJatFMisvsdPv6knhgrmD1/DzLMc00n3LO3a2LcuHfT
BhqFZ5M1rshOgImG0Z0jt+HblO5du4nhtVrD14fpG1+dLxEYzRk6v9wsXlEH2jyc
d1Bj8Nrsuq2DAsBdOs6Wgdla6ykoq62BufDPL1x/2GjU/MxJD1NXmgZRJMkfr2xL
BWZvfy77lCvnP52J3VRjRvwCX2YVyOnaYJMc8XTn5UOFW2ebsQ==
-----END CERTIFICATE-----