Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3133362e302f32312d3234203d3e20383334.roa
File:                     37382e3130352e3133362e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          WF+ne0glMTRuQKPxGcmtP7NdWQYC9d+iUOL8knxpwGY=
Subject key identifier:   46:0B:8A:ED:0F:C5:3C:22:8E:5B:D0:86:06:A3:F2:89:8C:5C:1C:98
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       4FA28AE1C2C2262E18B879C25BA427F0CF836FD3
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3133362e302f32312d3234203d3e20383334.roa
Signing time:             Tue 24 Mar 2026 13:02:02 +0000
ROA not before:           Tue 24 Mar 2026 12:57:02 +0000
ROA not after:            Tue 23 Mar 2027 13:02:02 +0000
asID:                     834
IP address blocks:        78.105.136.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:a2:8a:e1:c2:c2:26:2e:18:b8:79:c2:5b:a4:27:f0:cf:83:6f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:57:02 2026 GMT
            Not After : Mar 23 13:02:02 2027 GMT
        Subject: CN=460B8AED0FC53C228E5BD08606A3F2898C5C1C98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f3:e6:b3:dc:4b:79:08:58:04:54:db:9e:6d:
                    df:c9:99:58:e8:8b:e5:5c:f4:8e:dd:33:1d:e3:df:
                    27:ec:24:54:c7:29:af:4d:a6:f3:42:e2:a4:31:b1:
                    d2:a3:71:f7:d1:0d:43:53:1b:67:5a:29:6e:21:98:
                    cd:b9:32:0d:f9:ab:b3:d3:e8:51:6e:70:be:2f:28:
                    65:fa:94:d0:cf:34:0d:36:19:b2:25:f8:8d:3f:89:
                    93:93:ab:ab:de:66:f5:bd:8d:17:c0:84:d2:32:28:
                    07:b4:c1:ad:37:d5:97:89:c0:55:7f:17:8b:a6:c6:
                    5f:52:5c:bf:d1:02:50:a3:d5:78:af:5a:75:6d:5a:
                    94:c9:94:98:af:61:3b:27:e0:e0:af:fa:50:9a:c1:
                    fc:3b:e3:2f:18:52:0c:f1:85:e4:4c:94:b5:dc:91:
                    73:91:1d:5f:09:00:62:ed:11:6d:3f:b8:5c:7e:17:
                    e8:fa:3d:f4:b2:6f:62:a5:55:cb:08:21:ba:29:2a:
                    1f:55:ef:ce:51:83:9e:79:4d:f6:57:a3:97:d5:99:
                    13:8f:c9:12:d4:2b:b8:59:60:c6:b5:78:38:43:fd:
                    84:dd:f9:d5:04:59:1f:fb:65:b7:1c:11:cc:10:6a:
                    d2:ac:ae:78:1a:92:0e:d3:3f:05:0f:c9:ea:0e:48:
                    f2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0B:8A:ED:0F:C5:3C:22:8E:5B:D0:86:06:A3:F2:89:8C:5C:1C:98
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3133362e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:39:90:78:b6:01:24:ec:5b:ce:10:ac:29:95:a9:1b:4c:51:
         0a:83:d5:86:21:39:67:cd:86:23:58:f1:b3:4f:8f:44:d1:2f:
         c0:0e:45:cb:f6:a3:82:c3:32:0e:58:5a:89:b6:56:3c:f5:5f:
         1c:42:de:41:46:3b:1f:e0:ae:0f:a8:e1:77:e0:fa:8f:07:08:
         30:59:13:ea:b9:56:43:c2:29:e1:8b:72:c9:2a:e7:6e:05:ec:
         bc:a1:b4:0a:ae:c4:b3:24:57:e9:35:e1:f5:0d:b0:b2:5d:ba:
         24:54:02:8a:f5:d9:b9:dc:e6:00:2b:e9:e0:b6:6c:f2:93:be:
         46:ea:69:a8:d2:44:cb:b8:64:d6:d0:44:f4:18:ac:11:0b:9d:
         53:ba:d3:5e:a7:4d:7d:f1:72:8b:07:ad:24:a9:87:2e:c6:4c:
         5f:67:ef:cd:86:d6:d5:32:0c:45:e7:01:26:9b:c4:0a:69:9b:
         f6:83:69:0a:2a:ec:24:24:d9:7d:c1:19:af:f7:45:f5:00:60:
         d6:31:44:c8:65:4f:8c:2f:49:e5:2c:e1:19:7e:64:f2:ac:b9:
         06:e1:2c:71:7d:ed:f8:e9:09:3c:15:2e:e6:87:e3:ae:54:3b:
         cf:1c:9d:0e:76:3c:2b:ac:c3:45:b9:df:47:d7:3b:7d:89:65:
         3d:51:a5:40
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUT6KK4cLCJi4YuHnCW6Qn8M+Db9MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU3MDJaFw0yNzAzMjMxMzAyMDJaMDMxMTAvBgNV
BAMTKDQ2MEI4QUVEMEZDNTNDMjI4RTVCRDA4NjA2QTNGMjg5OEM1QzFDOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE8+az3Et5CFgEVNuebd/JmVjo
i+Vc9I7dMx3j3yfsJFTHKa9NpvNC4qQxsdKjcffRDUNTG2daKW4hmM25Mg35q7PT
6FFucL4vKGX6lNDPNA02GbIl+I0/iZOTq6veZvW9jRfAhNIyKAe0wa031ZeJwFV/
F4umxl9SXL/RAlCj1XivWnVtWpTJlJivYTsn4OCv+lCawfw74y8YUgzxheRMlLXc
kXORHV8JAGLtEW0/uFx+F+j6PfSyb2KlVcsIIbopKh9V785Rg555TfZXo5fVmROP
yRLUK7hZYMa1eDhD/YTd+dUEWR/7ZbccEcwQatKsrngakg7TPwUPyeoOSPKxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURguK7Q/FPCKOW9CGBqPyiYxcHJgwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMTMz
MzYyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANOaYgw
DQYJKoZIhvcNAQELBQADggEBAFk5kHi2ASTsW84QrCmVqRtMUQqD1YYhOWfNhiNY
8bNPj0TRL8AORcv2o4LDMg5YWom2Vjz1XxxC3kFGOx/grg+o4Xfg+o8HCDBZE+q5
VkPCKeGLcskq524F7LyhtAquxLMkV+k14fUNsLJduiRUAor12bnc5gAr6eC2bPKT
vkbqaajSRMu4ZNbQRPQYrBELnVO6016nTX3xcosHrSSphy7GTF9n782G1tUyDEXn
ASabxAppm/aDaQoq7CQk2X3BGa/3RfUAYNYxRMhlT4wvSeUs4Rl+ZPKsuQbhLHF9
7fjpCTwVLuaH465UO88cnQ52PCusw0W530fXO32JZT1RpUA=
-----END CERTIFICATE-----