Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3130302e302f32322d3234203d3e20383334.roa
File:                     37382e3130352e3130302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          +lYuDCD8ElUODYTWQ2UhkdQwLdfRHMMR1w3R2eIxX6g=
Subject key identifier:   E3:05:86:87:62:B4:F9:4B:A9:80:94:EF:0B:5B:24:47:7E:88:81:11
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7D46360196BBE3FFE9DCFA0454B6844B792AF17E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3130302e302f32322d3234203d3e20383334.roa
Signing time:             Wed 25 Mar 2026 02:21:16 +0000
ROA not before:           Wed 25 Mar 2026 02:16:16 +0000
ROA not after:            Wed 24 Mar 2027 02:21:16 +0000
asID:                     834
IP address blocks:        78.105.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:46:36:01:96:bb:e3:ff:e9:dc:fa:04:54:b6:84:4b:79:2a:f1:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 02:16:16 2026 GMT
            Not After : Mar 24 02:21:16 2027 GMT
        Subject: CN=E305868762B4F94BA98094EF0B5B24477E888111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a2:f8:73:89:aa:38:c5:c3:ce:fe:f7:47:4a:
                    cb:d6:fa:68:e8:a4:9f:db:b7:f3:13:fb:38:ed:67:
                    d5:c8:bd:85:e9:49:0d:29:b9:98:ce:d1:e7:2f:0e:
                    76:7b:ec:98:cb:59:2f:63:84:f5:35:04:08:76:ef:
                    c3:46:e2:06:0e:39:7b:15:63:4c:b1:29:82:78:8a:
                    27:14:88:a5:2c:90:ab:ae:f4:fd:4e:4b:38:5d:83:
                    2c:54:b8:e4:45:a5:de:4b:09:af:a2:82:70:6a:76:
                    7d:64:26:b6:59:5d:19:74:0f:a9:78:6d:9e:de:fb:
                    a8:e5:18:cd:a7:ba:b5:f4:94:ac:6f:d7:1b:5b:55:
                    57:d8:7d:10:75:b3:00:9a:f9:2e:45:d7:9b:31:fb:
                    13:a6:24:3c:5d:14:c4:24:21:e5:bb:3d:ab:37:22:
                    25:13:43:0e:81:08:5b:33:50:77:b1:e8:8f:46:95:
                    bb:3c:41:7e:11:75:14:7a:46:21:cc:05:fa:7c:b2:
                    8c:30:a2:31:44:d5:80:0d:81:9c:99:2f:ec:30:7b:
                    9d:6b:67:d2:17:2d:ff:da:10:eb:ed:b6:5c:3a:35:
                    0e:03:5a:51:3d:4c:13:ec:3e:19:f1:f3:c0:61:ad:
                    2c:18:5f:18:2c:a1:e9:4b:34:b8:30:6d:9b:4b:a4:
                    f3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:05:86:87:62:B4:F9:4B:A9:80:94:EF:0B:5B:24:47:7E:88:81:11
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3130302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:de:83:f4:54:9a:12:93:c2:50:f9:e4:93:ad:0f:aa:a9:4e:
         9b:ba:08:05:2a:7f:ae:c3:4e:bf:7f:7a:11:74:b3:54:c2:78:
         2c:e2:bc:22:21:25:ba:5e:89:48:fe:6b:64:bf:17:20:87:13:
         20:19:f6:87:91:30:3c:27:30:7a:ab:9a:d5:b7:7c:37:55:9b:
         03:d6:b9:b6:b5:39:bd:d8:c1:3e:59:68:d3:a5:c5:cd:c6:0c:
         ac:85:b2:81:dc:73:59:f1:ff:9b:d4:d0:cd:09:35:5a:6a:ca:
         6a:cb:38:97:c8:8b:71:45:8d:0a:55:9f:0d:41:b9:96:bb:4d:
         d0:7e:1d:4c:39:47:f5:46:13:2d:65:ea:f0:80:dd:f5:86:d8:
         f8:93:92:d9:cf:43:39:9a:33:e8:5c:ad:5c:f7:81:44:fc:5f:
         79:8b:a8:c2:d6:38:ae:8a:fd:c3:15:10:ce:dd:f8:12:09:6d:
         f8:4c:55:43:42:52:d3:c1:82:15:05:65:50:be:07:96:4a:a7:
         eb:71:98:48:78:16:90:19:43:72:f2:9c:e9:d8:5e:5c:3d:f8:
         7c:fa:eb:73:86:82:38:88:fa:89:6f:83:ad:18:7a:ef:ea:ff:
         a7:05:79:49:af:e5:36:08:b7:17:c8:96:c6:39:00:d1:a3:22:
         d5:cc:20:81
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfUY2AZa74//p3PoEVLaES3kq8X4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwMjE2MTZaFw0yNzAzMjQwMjIxMTZaMDMxMTAvBgNV
BAMTKEUzMDU4Njg3NjJCNEY5NEJBOTgwOTRFRjBCNUIyNDQ3N0U4ODgxMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ovhziao4xcPO/vdHSsvW+mjo
pJ/bt/MT+zjtZ9XIvYXpSQ0puZjO0ecvDnZ77JjLWS9jhPU1BAh278NG4gYOOXsV
Y0yxKYJ4iicUiKUskKuu9P1OSzhdgyxUuORFpd5LCa+ignBqdn1kJrZZXRl0D6l4
bZ7e+6jlGM2nurX0lKxv1xtbVVfYfRB1swCa+S5F15sx+xOmJDxdFMQkIeW7Pas3
IiUTQw6BCFszUHex6I9Glbs8QX4RdRR6RiHMBfp8sowwojFE1YANgZyZL+wwe51r
Z9IXLf/aEOvttlw6NQ4DWlE9TBPsPhnx88BhrSwYXxgsoelLNLgwbZtLpPP1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4wWGh2K0+UupgJTvC1skR36IgREwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMTMw
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJOaWQw
DQYJKoZIhvcNAQELBQADggEBAKXeg/RUmhKTwlD55JOtD6qpTpu6CAUqf67DTr9/
ehF0s1TCeCzivCIhJbpeiUj+a2S/FyCHEyAZ9oeRMDwnMHqrmtW3fDdVmwPWuba1
Ob3YwT5ZaNOlxc3GDKyFsoHcc1nx/5vU0M0JNVpqymrLOJfIi3FFjQpVnw1BuZa7
TdB+HUw5R/VGEy1l6vCA3fWG2PiTktnPQzmaM+hcrVz3gUT8X3mLqMLWOK6K/cMV
EM7d+BIJbfhMVUNCUtPBghUFZVC+B5ZKp+txmEh4FpAZQ3LynOnYXlw9+Hz663OG
gjiI+olvg60Yeu/q/6cFeUmv5TYItxfIlsY5ANGjItXMIIE=
-----END CERTIFICATE-----