Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3136302e302f31392d3234203d3e20383334.roa
File:                     37382e3130352e3136302e302f31392d3234203d3e20383334.roa (raw, json)
Hash identifier:          S0CDR1oLbETjilF9372m4HtpKh8krtvFajObff3L+cU=
Subject key identifier:   25:F8:B4:48:CE:83:7F:B8:25:B5:46:C5:2E:7A:9F:A2:56:4E:B7:91
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       0FA313E96834D564C75AD989778C0804F5972B08
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3136302e302f31392d3234203d3e20383334.roa
Signing time:             Tue 24 Mar 2026 13:02:02 +0000
ROA not before:           Tue 24 Mar 2026 12:57:02 +0000
ROA not after:            Tue 23 Mar 2027 13:02:02 +0000
asID:                     834
IP address blocks:        78.105.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a3:13:e9:68:34:d5:64:c7:5a:d9:89:77:8c:08:04:f5:97:2b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:57:02 2026 GMT
            Not After : Mar 23 13:02:02 2027 GMT
        Subject: CN=25F8B448CE837FB825B546C52E7A9FA2564EB791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:23:0d:b3:57:66:2a:9f:26:a9:3b:fa:ce:
                    bd:75:4a:49:cc:d6:66:ec:3f:d1:af:95:15:1e:d4:
                    20:97:e0:dd:72:1e:43:2d:f5:2c:50:90:5c:24:c8:
                    be:f7:98:13:90:4a:80:16:95:27:fb:f7:1a:0e:55:
                    82:c6:a3:98:7d:5a:46:8d:63:70:a7:35:a1:52:1f:
                    a9:04:6d:44:11:4d:f7:7f:0f:ab:f4:7e:c7:8d:04:
                    16:b4:a8:e3:5f:82:58:38:ea:bf:34:85:9c:ee:b0:
                    6f:95:60:d7:f1:fb:35:7a:58:d5:79:25:8e:e4:73:
                    d2:6d:b5:cf:79:1e:66:6e:ea:c7:59:8a:75:d6:1e:
                    1a:16:e3:f1:a4:7c:50:28:38:7d:05:02:9c:3e:8c:
                    5e:e4:64:a8:b3:0b:02:5f:06:55:72:e4:b3:c7:02:
                    8e:1a:be:2f:71:a0:0a:fa:c8:5c:e8:a9:c8:a3:6e:
                    84:f6:12:9d:6d:fa:b8:3b:e3:d5:cf:30:3e:8a:da:
                    45:0b:a0:99:cf:f6:56:02:29:99:62:d1:2f:35:41:
                    30:91:ce:65:4e:73:92:14:48:76:17:e5:89:8e:a5:
                    a1:91:fb:27:5a:f6:f1:a5:ac:64:55:d9:34:4e:19:
                    cf:fd:c8:23:95:7d:ce:9c:e6:71:93:d1:ac:65:9e:
                    60:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F8:B4:48:CE:83:7F:B8:25:B5:46:C5:2E:7A:9F:A2:56:4E:B7:91
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3136302e302f31392d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         86:f6:c4:a4:54:b1:28:ea:f7:a5:b6:f3:5e:31:7e:b7:36:0a:
         eb:6c:cb:64:2c:99:81:b9:dd:ab:b8:a4:d3:86:a6:3d:69:f8:
         a7:43:29:c4:f3:40:88:33:0c:fa:7a:31:8f:d7:cf:49:a7:5f:
         e7:8f:b0:07:d0:d8:6d:c8:83:fc:16:17:bc:26:e3:c9:e6:6e:
         c1:e3:9b:9a:2e:31:dd:53:b6:9c:84:b0:15:d0:29:5f:55:8a:
         93:99:d3:6d:52:5a:7f:da:c6:6b:39:7f:44:98:72:4e:02:db:
         9f:74:06:57:af:84:cd:45:b5:ad:24:ef:99:8f:3f:15:7c:f3:
         0d:7c:ad:78:eb:10:f6:68:4e:1d:fd:d8:92:ee:86:98:59:22:
         42:cc:55:92:70:6e:19:24:20:9c:00:f6:7b:9c:1f:1d:c3:df:
         41:c2:1a:87:d9:2d:95:42:da:bf:a3:8f:a2:5e:bb:af:10:24:
         df:d1:a2:75:0d:a7:71:e4:26:bb:48:a2:c0:28:8f:da:61:5b:
         8a:92:3b:5c:77:56:ce:de:1c:fd:5a:ca:de:7b:70:ef:08:13:
         30:2c:86:ee:7d:97:09:2e:09:9a:99:fd:34:df:84:a1:bb:e2:
         11:ea:07:a8:c1:a5:e1:e7:dc:8b:b3:b0:3b:36:8e:b0:75:8c:
         d2:87:89:9d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUD6MT6Wg01WTHWtmJd4wIBPWXKwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU3MDJaFw0yNzAzMjMxMzAyMDJaMDMxMTAvBgNV
BAMTKDI1RjhCNDQ4Q0U4MzdGQjgyNUI1NDZDNTJFN0E5RkEyNTY0RUI3OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6PCMNs1dmKp8mqTv6zr11SknM
1mbsP9GvlRUe1CCX4N1yHkMt9SxQkFwkyL73mBOQSoAWlSf79xoOVYLGo5h9WkaN
Y3CnNaFSH6kEbUQRTfd/D6v0fseNBBa0qONfglg46r80hZzusG+VYNfx+zV6WNV5
JY7kc9Jttc95HmZu6sdZinXWHhoW4/GkfFAoOH0FApw+jF7kZKizCwJfBlVy5LPH
Ao4avi9xoAr6yFzoqcijboT2Ep1t+rg749XPMD6K2kULoJnP9lYCKZli0S81QTCR
zmVOc5IUSHYX5YmOpaGR+yda9vGlrGRV2TROGc/9yCOVfc6c5nGT0axlnmDXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJfi0SM6Df7gltUbFLnqfolZOt5EwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMTM2
MzAyZTMwMmYzMTM5MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAVOaaAw
DQYJKoZIhvcNAQELBQADggEBAIb2xKRUsSjq96W2814xfrc2Cutsy2QsmYG53au4
pNOGpj1p+KdDKcTzQIgzDPp6MY/Xz0mnX+ePsAfQ2G3Ig/wWF7wm48nmbsHjm5ou
Md1TtpyEsBXQKV9VipOZ021SWn/axms5f0SYck4C2590BlevhM1Fta0k75mPPxV8
8w18rXjrEPZoTh392JLuhphZIkLMVZJwbhkkIJwA9nucHx3D30HCGofZLZVC2r+j
j6Jeu68QJN/RonUNp3HkJrtIosAoj9phW4qSO1x3Vs7eHP1ayt57cO8IEzAshu59
lwkuCZqZ/TTfhKG74hHqB6jBpeHn3IuzsDs2jrB1jNKHiZ0=
-----END CERTIFICATE-----