Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233352e302f32342d3234203d3e20313336373837.roa
File:                     38352e3139302e3233352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5Ggq6qkpJpUq/Ftqy6mee1v3qa/sbpPJyB0lNOh+jUI=
Subject key identifier:   C3:1F:CA:E2:EA:5B:EF:53:68:55:E7:44:1D:9B:E2:4B:78:69:09:18
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A9F78D5C058403B6872579824EFB9EC4C3C6F60
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233352e302f32342d3234203d3e20313336373837.roa
Signing time:             Sun 28 Sep 2025 20:47:38 +0000
ROA not before:           Sun 28 Sep 2025 20:42:38 +0000
ROA not after:            Sun 27 Sep 2026 20:47:38 +0000
asID:                     136787
IP address blocks:        85.190.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:43:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:9f:78:d5:c0:58:40:3b:68:72:57:98:24:ef:b9:ec:4c:3c:6f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 28 20:42:38 2025 GMT
            Not After : Sep 27 20:47:38 2026 GMT
        Subject: CN=C31FCAE2EA5BEF536855E7441D9BE24B78690918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:69:16:cd:21:4c:2d:b6:a9:bc:80:79:0a:11:
                    5a:3b:0d:99:49:98:1d:d1:70:37:e7:13:fe:e4:08:
                    03:3b:de:96:5a:e5:95:d0:92:87:65:8b:44:6c:cb:
                    62:93:a8:37:3c:ef:b0:d1:c9:9d:d1:8d:0b:aa:55:
                    76:4e:33:56:14:60:b3:d5:a2:72:28:0e:6f:f9:1d:
                    ed:b6:d4:a8:ad:34:b7:43:81:72:83:3f:d6:6d:c6:
                    0c:4f:b1:40:f1:8b:a1:cc:a1:e4:1b:90:46:f4:87:
                    68:8a:7d:11:31:32:eb:df:8b:90:72:d1:dd:ba:e6:
                    93:f5:0a:07:3f:36:87:9a:3f:ad:82:88:5e:ab:ea:
                    ce:2c:11:e9:ed:52:86:b5:ef:9b:58:e5:2c:0f:36:
                    ca:01:64:0d:a2:fe:ac:c3:19:27:bf:e7:c2:f9:f8:
                    d2:c8:46:04:73:8c:fb:4d:95:75:04:9c:56:b1:d7:
                    fd:c0:82:ac:4c:73:9b:c4:f6:a0:54:d9:d5:f8:3b:
                    16:8a:1e:1c:51:f6:6e:44:54:5d:85:cf:e5:d3:68:
                    7c:d9:c9:d4:ae:40:53:b0:a0:df:4f:f4:cf:33:eb:
                    31:6a:c0:3b:40:12:dd:b9:ec:f0:68:96:f4:96:75:
                    a9:2d:b9:4b:16:b0:3a:ad:9e:6e:aa:a7:d0:e7:21:
                    7c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:1F:CA:E2:EA:5B:EF:53:68:55:E7:44:1D:9B:E2:4B:78:69:09:18
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.190.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ac:8e:3e:7c:c0:36:fe:1c:15:1e:09:60:5b:a0:67:60:3d:
         e2:0a:e8:2e:b5:d1:0b:45:86:28:68:dd:7a:5b:ec:fb:73:34:
         a7:21:8e:06:05:da:b0:81:0a:a7:88:13:5d:ac:ec:18:39:d9:
         6f:e4:ca:3c:39:f3:41:51:c4:40:43:a7:ff:e3:72:59:96:a1:
         e1:7b:8d:7a:06:c0:e7:d3:4f:f8:7f:bc:df:10:74:1d:f4:3c:
         2a:d8:5f:e1:57:ca:80:f6:2f:ab:75:de:4e:40:c5:84:d6:aa:
         14:c6:2f:c7:6d:e3:66:29:b7:5a:2c:98:9f:f7:04:6d:05:92:
         ce:3a:99:1d:bc:a9:f3:ad:57:e9:1a:a9:3b:e6:e5:2d:aa:e1:
         30:fc:62:37:41:b3:8a:7c:38:bb:c8:14:6f:e8:ea:00:a6:69:
         99:ac:8e:50:e7:ae:5b:10:83:53:1c:71:8c:a0:d7:48:90:88:
         21:37:09:8d:7c:6b:4d:76:81:b6:89:25:31:23:f9:24:a4:75:
         04:90:d7:12:ab:2d:2d:46:1b:b3:bf:53:5f:99:f1:0b:7c:7b:
         f1:37:09:e3:5b:8a:b3:2a:65:70:a3:ca:21:ff:0d:1d:4b:20:
         58:5e:6c:e7:57:6b:37:f1:58:07:70:7a:df:be:73:8e:f8:2f:
         0b:9b:8d:84
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSp941cBYQDtocleYJO+57Ew8b2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MjgyMDQyMzhaFw0yNjA5MjcyMDQ3MzhaMDMxMTAvBgNV
BAMTKEMzMUZDQUUyRUE1QkVGNTM2ODU1RTc0NDFEOUJFMjRCNzg2OTA5MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOaRbNIUwttqm8gHkKEVo7DZlJ
mB3RcDfnE/7kCAM73pZa5ZXQkodli0Rsy2KTqDc877DRyZ3RjQuqVXZOM1YUYLPV
onIoDm/5He221KitNLdDgXKDP9ZtxgxPsUDxi6HMoeQbkEb0h2iKfRExMuvfi5By
0d265pP1Cgc/NoeaP62CiF6r6s4sEentUoa175tY5SwPNsoBZA2i/qzDGSe/58L5
+NLIRgRzjPtNlXUEnFax1/3AgqxMc5vE9qBU2dX4OxaKHhxR9m5EVF2Fz+XTaHzZ
ydSuQFOwoN9P9M8z6zFqwDtAEt257PBolvSWdaktuUsWsDqtnm6qp9DnIXxvAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUwx/K4upb71NoVedEHZviS3hpCRgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzEzOTMwMmUzMjMz
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVvuswDQYJKoZIhvcNAQELBQADggEBAISsjj58wDb+HBUeCWBboGdgPeIK6C61
0QtFhiho3Xpb7PtzNKchjgYF2rCBCqeIE12s7Bg52W/kyjw580FRxEBDp//jclmW
oeF7jXoGwOfTT/h/vN8QdB30PCrYX+FXyoD2L6t13k5AxYTWqhTGL8dt42Ypt1os
mJ/3BG0Fks46mR28qfOtV+kaqTvm5S2q4TD8YjdBs4p8OLvIFG/o6gCmaZmsjlDn
rlsQg1MccYyg10iQiCE3CY18a012gbaJJTEj+SSkdQSQ1xKrLS1GG7O/U1+Z8Qt8
e/E3CeNbirMqZXCjyiH/DR1LIFhebOdXazfxWAdwet++c474LwubjYQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:41:21 2025 by rpki-client