Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3132382e302f32312d3234203d3e2035363530.roa
File:                     37382e3130352e3132382e302f32312d3234203d3e2035363530.roa (raw, json)
Hash identifier:          hDqK7GK1aW71jBPoQu3mQeorxqox8ZZpaGeFX6zuTCE=
Subject key identifier:   20:48:97:88:FB:E1:A3:F5:F2:D7:D7:F1:E2:C1:CF:60:AF:A2:8C:D1
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       185341393ED595FDDD9C4AD7FFD8AB15BE1D8BFC
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3132382e302f32312d3234203d3e2035363530.roa
Signing time:             Tue 24 Mar 2026 12:59:03 +0000
ROA not before:           Tue 24 Mar 2026 12:54:03 +0000
ROA not after:            Tue 23 Mar 2027 12:59:03 +0000
asID:                     5650
IP address blocks:        78.105.128.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:53:41:39:3e:d5:95:fd:dd:9c:4a:d7:ff:d8:ab:15:be:1d:8b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:54:03 2026 GMT
            Not After : Mar 23 12:59:03 2027 GMT
        Subject: CN=20489788FBE1A3F5F2D7D7F1E2C1CF60AFA28CD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ee:d3:2f:28:06:42:84:d6:10:30:bc:00:42:
                    6c:c0:16:ac:ab:ae:5d:67:10:56:87:0d:41:a9:5f:
                    f4:4a:72:e4:9e:9d:93:38:30:ae:be:a1:b7:8f:e4:
                    c7:0d:a4:3c:e2:67:11:f5:c9:81:c8:4f:f5:0c:8d:
                    98:7c:71:61:4c:44:6c:97:df:1a:9c:53:a1:a7:66:
                    4c:02:89:10:bf:5f:ff:f5:16:2c:0f:2d:01:58:ac:
                    4b:24:a8:9d:98:16:2a:2a:63:45:03:a4:46:3b:d8:
                    38:66:40:16:97:02:c4:17:b8:2b:2f:1b:45:7c:e1:
                    96:10:60:2c:e3:7c:38:02:dd:fa:1b:dc:cd:df:ee:
                    2e:86:f6:dd:68:d8:fb:ae:bc:89:e1:d8:9a:da:cf:
                    ba:01:91:f1:5c:da:6c:be:e6:8c:8e:42:f2:10:61:
                    cd:8e:ca:5e:37:eb:32:a3:ce:12:8a:f5:78:f1:5f:
                    3f:18:c8:94:27:2e:2b:d0:91:3e:33:35:f9:9a:e9:
                    43:35:76:d0:89:4f:f0:b8:fc:96:46:19:4b:1c:69:
                    b9:74:83:1e:26:d1:0f:40:e6:95:af:94:d3:8b:17:
                    1e:03:57:19:11:77:a4:17:29:c0:5f:a7:dd:f5:f0:
                    2b:65:fb:ba:07:85:17:ca:4c:90:56:b7:3f:6e:61:
                    1a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:48:97:88:FB:E1:A3:F5:F2:D7:D7:F1:E2:C1:CF:60:AF:A2:8C:D1
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3132382e302f32312d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:cb:c5:eb:68:a8:03:c4:59:45:26:ad:27:e7:52:23:61:89:
         64:e6:30:aa:e8:97:1c:78:29:bf:81:ae:87:9e:22:95:ca:75:
         69:ef:14:be:f3:4e:c3:f4:cb:b2:1e:29:4e:f8:05:6e:14:da:
         f0:18:6c:9d:69:77:62:d2:26:46:81:a7:48:d2:7e:b0:be:e5:
         4b:d6:c6:b6:28:a0:cd:9c:70:c8:1b:ab:36:74:4c:c8:51:55:
         db:4e:c4:26:e0:81:0a:1f:0a:fd:78:89:00:89:d3:67:48:7f:
         96:e3:c7:25:1c:45:0b:b1:22:c4:6b:33:6a:7a:1f:32:69:b2:
         eb:4d:7b:b3:31:09:bc:87:e3:b2:ef:b8:b7:7a:7e:3d:e1:cf:
         75:1f:0c:b8:76:51:e7:56:12:8b:7c:37:09:bb:9e:15:0c:fa:
         41:41:99:3c:8c:1c:69:4e:20:a2:b8:98:fa:aa:6a:ea:aa:cc:
         33:bf:12:dd:5e:c9:7f:9e:e1:cb:33:8c:43:22:0b:b1:9c:d6:
         c1:ed:b6:42:1c:23:26:59:f8:f4:9c:b2:19:9d:60:59:e4:e4:
         ba:d4:c7:b8:57:a9:5b:75:ab:3f:90:e2:a6:11:f9:56:cf:62:
         dc:25:aa:59:1a:1e:08:ba:48:6e:a3:2b:4a:73:f8:e5:73:7f:
         ae:e1:4f:32
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGFNBOT7Vlf3dnErX/9irFb4di/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU0MDNaFw0yNzAzMjMxMjU5MDNaMDMxMTAvBgNV
BAMTKDIwNDg5Nzg4RkJFMUEzRjVGMkQ3RDdGMUUyQzFDRjYwQUZBMjhDRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq7tMvKAZChNYQMLwAQmzAFqyr
rl1nEFaHDUGpX/RKcuSenZM4MK6+obeP5McNpDziZxH1yYHIT/UMjZh8cWFMRGyX
3xqcU6GnZkwCiRC/X//1FiwPLQFYrEskqJ2YFioqY0UDpEY72DhmQBaXAsQXuCsv
G0V84ZYQYCzjfDgC3fob3M3f7i6G9t1o2PuuvInh2Jraz7oBkfFc2my+5oyOQvIQ
Yc2Oyl436zKjzhKK9XjxXz8YyJQnLivQkT4zNfma6UM1dtCJT/C4/JZGGUscabl0
gx4m0Q9A5pWvlNOLFx4DVxkRd6QXKcBfp9318Ctl+7oHhRfKTJBWtz9uYRorAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIEiXiPvho/Xy19fx4sHPYK+ijNEwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMTMy
MzgyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA05p
gDANBgkqhkiG9w0BAQsFAAOCAQEAmcvF62ioA8RZRSatJ+dSI2GJZOYwquiXHHgp
v4Guh54ilcp1ae8UvvNOw/TLsh4pTvgFbhTa8BhsnWl3YtImRoGnSNJ+sL7lS9bG
tiigzZxwyBurNnRMyFFV207EJuCBCh8K/XiJAInTZ0h/luPHJRxFC7EixGszanof
Mmmy6017szEJvIfjsu+4t3p+PeHPdR8MuHZR51YSi3w3CbueFQz6QUGZPIwcaU4g
oriY+qpq6qrMM78S3V7Jf57hyzOMQyILsZzWwe22QhwjJln49JyyGZ1gWeTkutTH
uFepW3WrP5DiphH5Vs9i3CWqWRoeCLpIbqMrSnP45XN/ruFPMg==
-----END CERTIFICATE-----