Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3139322e302f31392d3234203d3e20383334.roa
File:                     37382e3130352e3139322e302f31392d3234203d3e20383334.roa (raw, json)
Hash identifier:          9+s3uOzAr8Z/bXBxs3obt94fo7K9Np+sNjsPagjibKU=
Subject key identifier:   D7:4B:EE:E0:AD:29:7F:CE:D7:C2:A2:6B:90:2E:24:1B:4C:87:16:E5
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       51FC07214D6A3D4D8A5E29F8581C245D2174989D
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3139322e302f31392d3234203d3e20383334.roa
Signing time:             Tue 24 Mar 2026 13:02:02 +0000
ROA not before:           Tue 24 Mar 2026 12:57:02 +0000
ROA not after:            Tue 23 Mar 2027 13:02:02 +0000
asID:                     834
IP address blocks:        78.105.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:fc:07:21:4d:6a:3d:4d:8a:5e:29:f8:58:1c:24:5d:21:74:98:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:57:02 2026 GMT
            Not After : Mar 23 13:02:02 2027 GMT
        Subject: CN=D74BEEE0AD297FCED7C2A26B902E241B4C8716E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ad:81:d8:2f:0c:2d:6b:20:40:a3:7b:80:e7:
                    77:4f:81:21:c8:05:e2:cc:32:40:d2:b6:34:f7:f8:
                    1a:18:f2:ee:f6:3a:be:4a:93:d3:2c:9c:ac:82:81:
                    5f:85:a2:a3:ca:0c:6d:dc:ec:c5:60:44:53:4d:a2:
                    49:c8:20:81:47:39:2c:f0:79:f9:a5:12:e6:81:f2:
                    75:d1:2b:52:b6:cd:fd:fd:0a:a3:6e:3d:a2:66:83:
                    8b:cf:b4:e1:35:00:73:56:3b:64:6c:22:f1:fb:c5:
                    11:eb:d2:5f:12:c2:ad:37:af:9e:73:89:d1:11:2c:
                    7c:9e:9b:81:6c:32:cd:b6:db:02:48:f1:dd:7a:0a:
                    43:37:eb:f0:c0:74:71:61:1d:bb:19:b0:8a:56:8b:
                    e6:b4:96:44:9a:a4:ea:2b:bd:5a:dd:67:f7:e8:a9:
                    b4:5b:f8:95:99:da:82:76:11:b4:2b:12:e4:2c:8a:
                    56:68:0c:f4:15:e4:4f:a9:72:2e:f0:40:0b:2d:6d:
                    f8:fd:8f:17:d7:75:1f:62:8b:fe:d1:1d:8b:d8:2b:
                    f9:b7:de:23:a7:b3:82:82:4c:84:a4:b9:97:7e:cd:
                    d6:30:3e:80:d2:69:bf:42:ab:44:34:ef:51:6e:b1:
                    69:e0:5f:54:5d:60:0c:58:51:c0:e3:bf:e6:24:5e:
                    de:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:4B:EE:E0:AD:29:7F:CE:D7:C2:A2:6B:90:2E:24:1B:4C:87:16:E5
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3139322e302f31392d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         82:a0:8d:d9:53:3a:10:9f:62:5f:04:59:6b:54:e4:95:57:80:
         1d:4c:30:ea:6a:fc:74:79:fc:0e:ab:63:0a:65:53:89:a3:f4:
         19:01:4b:20:00:5c:8f:c2:a7:15:78:41:19:7e:b5:66:92:93:
         a7:05:81:17:f7:5b:06:15:6e:42:b0:df:c6:dc:24:e6:2e:7b:
         9a:e2:25:d5:90:fa:c5:53:70:d3:21:62:b6:85:24:48:73:f5:
         2b:1b:44:10:1d:fb:97:84:83:db:b1:2d:cf:58:2d:bf:39:2b:
         2d:a0:be:02:b5:30:0b:e5:18:bf:ee:9f:98:e6:05:be:7b:23:
         c5:22:38:05:86:49:89:05:2b:18:e8:61:a9:26:a1:aa:de:3d:
         58:bb:35:54:4c:66:b8:3c:35:40:4e:7b:48:81:d4:08:24:ac:
         02:60:fe:3f:83:b2:dc:10:af:47:a6:f1:65:8d:99:ee:e8:57:
         9a:43:20:fa:da:80:74:88:3f:a6:70:53:bc:26:8f:b6:b0:4f:
         36:9c:16:d1:fb:65:51:2a:8c:ee:da:5a:d6:a1:cf:04:3b:c3:
         98:f6:78:0c:a4:23:00:93:8e:17:cc:c2:fa:24:c9:1e:2c:23:
         4a:15:d5:e8:54:42:31:61:20:c8:c9:ae:53:93:ef:c5:32:08:
         d6:5c:33:4d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUfwHIU1qPU2KXin4WBwkXSF0mJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU3MDJaFw0yNzAzMjMxMzAyMDJaMDMxMTAvBgNV
BAMTKEQ3NEJFRUUwQUQyOTdGQ0VEN0MyQTI2QjkwMkUyNDFCNEM4NzE2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDErYHYLwwtayBAo3uA53dPgSHI
BeLMMkDStjT3+BoY8u72Or5Kk9MsnKyCgV+FoqPKDG3c7MVgRFNNoknIIIFHOSzw
efmlEuaB8nXRK1K2zf39CqNuPaJmg4vPtOE1AHNWO2RsIvH7xRHr0l8Swq03r55z
idERLHyem4FsMs222wJI8d16CkM36/DAdHFhHbsZsIpWi+a0lkSapOorvVrdZ/fo
qbRb+JWZ2oJ2EbQrEuQsilZoDPQV5E+pci7wQAstbfj9jxfXdR9ii/7RHYvYK/m3
3iOns4KCTISkuZd+zdYwPoDSab9Cq0Q071FusWngX1RdYAxYUcDjv+YkXt4DAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU10vu4K0pf87XwqJrkC4kG0yHFuUwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMTM5
MzIyZTMwMmYzMTM5MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAVOacAw
DQYJKoZIhvcNAQELBQADggEBAIKgjdlTOhCfYl8EWWtU5JVXgB1MMOpq/HR5/A6r
YwplU4mj9BkBSyAAXI/CpxV4QRl+tWaSk6cFgRf3WwYVbkKw38bcJOYue5riJdWQ
+sVTcNMhYraFJEhz9SsbRBAd+5eEg9uxLc9YLb85Ky2gvgK1MAvlGL/un5jmBb57
I8UiOAWGSYkFKxjoYakmoarePVi7NVRMZrg8NUBOe0iB1AgkrAJg/j+DstwQr0em
8WWNme7oV5pDIPragHSIP6ZwU7wmj7awTzacFtH7ZVEqjO7aWtahzwQ7w5j2eAyk
IwCTjhfMwvokyR4sI0oV1ehUQjFhIMjJrlOT78UyCNZcM00=
-----END CERTIFICATE-----