Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3232342e302f32312d3234203d3e2035363530.roa
File:                     37382e3130352e3232342e302f32312d3234203d3e2035363530.roa (raw, json)
Hash identifier:          9yJDDyCTvU/53/0BiySp5Wdc6MVJg6ozbRm65Vx19kQ=
Subject key identifier:   7A:02:78:64:69:43:07:B2:9B:FE:78:13:80:3C:0F:98:16:54:1F:CF
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5C40CAE0550F7A40DABCA6329F511F8ADA615307
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3232342e302f32312d3234203d3e2035363530.roa
Signing time:             Tue 24 Mar 2026 12:59:05 +0000
ROA not before:           Tue 24 Mar 2026 12:54:05 +0000
ROA not after:            Tue 23 Mar 2027 12:59:05 +0000
asID:                     5650
IP address blocks:        78.105.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:40:ca:e0:55:0f:7a:40:da:bc:a6:32:9f:51:1f:8a:da:61:53:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:54:05 2026 GMT
            Not After : Mar 23 12:59:05 2027 GMT
        Subject: CN=7A027864694307B29BFE7813803C0F9816541FCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:45:b7:ed:63:c0:7f:ae:79:49:36:a7:34:22:
                    82:da:fb:35:79:1e:d5:98:c8:37:75:6d:cd:29:88:
                    14:65:e6:74:6e:e9:d5:0b:aa:65:b1:27:21:c9:ba:
                    c6:80:5e:62:b3:77:35:22:24:82:31:0a:fb:af:ba:
                    59:2c:30:5e:6b:23:7e:9a:f2:fc:e4:be:25:6f:ad:
                    a8:c8:2e:bd:d4:10:46:03:3b:b8:fc:50:82:11:10:
                    a9:76:49:3b:e8:e0:79:9c:7c:5c:5d:4f:c9:ba:16:
                    70:b3:f3:fd:d6:11:10:86:07:0a:f3:80:c2:2c:17:
                    97:2d:fe:6b:cd:32:c1:b1:5f:dc:4c:e0:4c:51:0e:
                    80:c1:08:82:fa:b7:20:b5:a2:f8:2c:ca:2a:88:8d:
                    22:82:68:27:32:7e:5d:41:da:98:21:0d:e3:96:70:
                    38:99:29:29:b2:c1:19:a9:53:c5:33:5d:4d:0d:21:
                    29:07:b2:aa:71:de:ca:ce:8c:56:ea:67:6b:e7:a7:
                    5c:1c:53:27:84:5f:e0:74:30:c0:a6:51:d0:a1:c3:
                    25:f4:42:0a:d5:54:02:f6:06:91:19:9d:2b:f8:98:
                    22:bc:03:89:1b:00:11:48:27:6b:2c:d2:2a:1e:10:
                    d9:b3:07:60:af:40:50:92:fe:98:e0:b1:de:97:fd:
                    02:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:02:78:64:69:43:07:B2:9B:FE:78:13:80:3C:0F:98:16:54:1F:CF
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3232342e302f32312d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:eb:a6:11:9f:7b:1b:2b:c8:7f:fc:0e:27:ef:19:07:a4:22:
         cc:88:39:c5:1d:23:be:3e:fd:ad:15:5e:e0:6a:63:62:72:2e:
         1d:cd:d9:41:b5:c2:56:9d:29:40:a1:37:08:ca:d5:9d:0d:2e:
         52:74:e5:bc:2f:91:f1:24:04:b4:90:65:dc:2b:7b:1c:c6:1e:
         70:43:55:b1:e1:75:41:9a:75:7a:7f:ae:05:60:52:81:a8:56:
         b8:c4:f2:91:b6:37:43:61:b0:78:4a:4d:c3:07:49:32:46:bf:
         1f:65:e8:3f:cb:2b:3e:65:e4:bc:d9:f1:99:e1:ce:38:86:61:
         aa:be:96:f1:18:76:28:a9:f3:77:15:5f:2f:70:96:b1:c5:6a:
         82:59:78:71:4b:08:30:b7:d9:cf:61:99:26:bb:95:0e:97:18:
         03:6e:95:c3:01:b0:b7:82:67:23:3c:c0:9e:f6:6a:21:b4:87:
         cd:8c:5d:46:70:52:7e:db:55:96:9e:6c:84:13:2d:72:30:b6:
         68:e2:4d:5f:0b:cc:1e:c3:a2:38:30:77:d7:0b:5c:15:99:9e:
         0c:d6:a5:9f:22:6c:d9:ef:ad:37:38:e6:2b:07:6a:f8:33:de:
         59:93:83:62:0e:73:4b:a6:c7:79:be:3f:9f:79:6b:d6:20:a5:
         a6:b9:5a:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXEDK4FUPekDavKYyn1EfitphUwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU0MDVaFw0yNzAzMjMxMjU5MDVaMDMxMTAvBgNV
BAMTKDdBMDI3ODY0Njk0MzA3QjI5QkZFNzgxMzgwM0MwRjk4MTY1NDFGQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRbftY8B/rnlJNqc0IoLa+zV5
HtWYyDd1bc0piBRl5nRu6dULqmWxJyHJusaAXmKzdzUiJIIxCvuvulksMF5rI36a
8vzkviVvrajILr3UEEYDO7j8UIIREKl2STvo4HmcfFxdT8m6FnCz8/3WERCGBwrz
gMIsF5ct/mvNMsGxX9xM4ExRDoDBCIL6tyC1ovgsyiqIjSKCaCcyfl1B2pghDeOW
cDiZKSmywRmpU8UzXU0NISkHsqpx3srOjFbqZ2vnp1wcUyeEX+B0MMCmUdChwyX0
QgrVVAL2BpEZnSv4mCK8A4kbABFIJ2ss0ioeENmzB2CvQFCS/pjgsd6X/QI7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUegJ4ZGlDB7Kb/ngTgDwPmBZUH88wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMjMy
MzQyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA05p
4DANBgkqhkiG9w0BAQsFAAOCAQEAK+umEZ97GyvIf/wOJ+8ZB6QizIg5xR0jvj79
rRVe4GpjYnIuHc3ZQbXCVp0pQKE3CMrVnQ0uUnTlvC+R8SQEtJBl3Ct7HMYecENV
seF1QZp1en+uBWBSgahWuMTykbY3Q2GweEpNwwdJMka/H2XoP8srPmXkvNnxmeHO
OIZhqr6W8Rh2KKnzdxVfL3CWscVqgll4cUsIMLfZz2GZJruVDpcYA26VwwGwt4Jn
IzzAnvZqIbSHzYxdRnBSfttVlp5shBMtcjC2aOJNXwvMHsOiODB31wtcFZmeDNal
nyJs2e+tNzjmKwdq+DPeWZODYg5zS6bHeb4/n3lr1iClprlaRw==
-----END CERTIFICATE-----