Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3233322e302f32312d3234203d3e20383334.roa
File:                     37382e3130352e3233322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          BK3Y48bKzMiQAhwfuWPpY0L+hr0joJYos0y498GWB+4=
Subject key identifier:   D5:21:23:FD:4F:48:32:A9:11:D8:D0:CA:28:03:38:C1:64:51:90:89
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       64D08194A1C08ADB4D76BB3BA304CF8A385CE6D8
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3233322e302f32312d3234203d3e20383334.roa
Signing time:             Tue 24 Mar 2026 13:02:02 +0000
ROA not before:           Tue 24 Mar 2026 12:57:02 +0000
ROA not after:            Tue 23 Mar 2027 13:02:02 +0000
asID:                     834
IP address blocks:        78.105.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d0:81:94:a1:c0:8a:db:4d:76:bb:3b:a3:04:cf:8a:38:5c:e6:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 24 12:57:02 2026 GMT
            Not After : Mar 23 13:02:02 2027 GMT
        Subject: CN=D52123FD4F4832A911D8D0CA280338C164519089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:72:09:1d:39:51:d8:46:22:35:cf:18:4f:bb:
                    5a:60:b6:7b:13:13:85:90:12:25:9c:0c:3b:f9:5f:
                    4e:2b:18:f4:fc:b2:17:a2:ac:e7:d4:4d:d4:62:8c:
                    d9:d8:2e:c8:04:4a:99:88:04:c3:8f:ae:56:3f:72:
                    a9:67:b5:f4:69:62:01:27:cf:77:87:f6:b7:93:1f:
                    ff:7d:e1:1c:bf:f5:46:f4:b7:05:ed:62:89:1c:8b:
                    77:be:4d:b1:99:63:02:cf:b1:7f:4d:99:e3:16:2d:
                    a4:41:99:5d:d3:b4:59:bd:db:18:a9:2b:24:fa:79:
                    67:d9:2f:5d:84:56:e0:78:17:5f:dc:d6:b9:95:c8:
                    dd:1e:95:22:57:f0:c5:11:d0:d7:7e:e1:da:96:97:
                    46:4e:c5:5e:74:f3:2d:23:b3:2b:0f:fe:12:53:e6:
                    c0:7f:15:0f:17:c5:6c:cf:10:c1:df:e1:b8:de:16:
                    3b:6b:75:22:69:3b:ec:89:25:9d:84:96:5d:c0:50:
                    8a:88:d0:fd:d7:b9:81:98:0c:08:46:14:60:91:e3:
                    9d:86:01:92:fe:7f:0a:1e:0a:ee:ab:70:6c:0c:df:
                    4d:24:4d:f5:a7:3c:5f:e2:dc:6b:11:fe:34:46:37:
                    89:10:3f:22:d3:c6:ef:57:59:6d:57:6a:42:84:92:
                    c5:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:21:23:FD:4F:48:32:A9:11:D8:D0:CA:28:03:38:C1:64:51:90:89
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e3233322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:67:70:84:ab:d0:aa:f6:40:dc:51:03:80:1d:b7:8c:11:f2:
         20:88:3d:60:70:f1:98:13:d8:1d:9a:b1:61:77:b7:82:b8:45:
         ed:48:86:ba:bd:c5:f2:1f:45:27:d1:af:58:32:9d:8c:22:e6:
         13:ee:df:80:f8:9e:26:48:0a:77:91:b0:24:6a:1e:1e:a1:4e:
         67:d2:d6:bd:1b:6a:c6:81:50:2c:da:2b:ad:c8:19:58:cf:bc:
         be:58:a2:a1:73:28:3e:7c:55:16:ec:b8:27:21:49:85:54:66:
         0e:06:0a:0e:df:b3:5d:7c:6b:02:46:80:fe:8a:53:73:51:e0:
         c8:16:c2:60:86:09:0b:9e:a3:d1:91:dc:ad:89:4d:d3:e1:b1:
         a3:b3:b1:1f:85:62:55:b8:a7:2f:48:a7:1c:ca:ad:4b:8c:c0:
         27:6c:34:f2:6c:f0:a5:55:20:b4:e4:61:67:74:90:57:5f:80:
         b9:10:5a:d5:f1:36:8f:14:ba:a9:d7:38:60:44:c3:87:09:23:
         3d:55:b3:82:15:79:d7:15:bd:d4:82:f7:c5:83:68:76:7c:81:
         ac:6c:d8:c3:5b:89:3e:7e:db:f1:e0:58:be:cf:4f:b7:4c:b3:
         53:02:23:ff:83:f6:cb:14:fe:02:6c:bb:7d:98:66:14:2d:cd:
         c0:5a:d6:7f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZNCBlKHAittNdrs7owTPijhc5tgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjQxMjU3MDJaFw0yNzAzMjMxMzAyMDJaMDMxMTAvBgNV
BAMTKEQ1MjEyM0ZENEY0ODMyQTkxMUQ4RDBDQTI4MDMzOEMxNjQ1MTkwODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAcgkdOVHYRiI1zxhPu1pgtnsT
E4WQEiWcDDv5X04rGPT8sheirOfUTdRijNnYLsgESpmIBMOPrlY/cqlntfRpYgEn
z3eH9reTH/994Ry/9Ub0twXtYokci3e+TbGZYwLPsX9NmeMWLaRBmV3TtFm92xip
KyT6eWfZL12EVuB4F1/c1rmVyN0elSJX8MUR0Nd+4dqWl0ZOxV508y0jsysP/hJT
5sB/FQ8XxWzPEMHf4bjeFjtrdSJpO+yJJZ2Ell3AUIqI0P3XuYGYDAhGFGCR452G
AZL+fwoeCu6rcGwM300kTfWnPF/i3GsR/jRGN4kQPyLTxu9XWW1XakKEksWnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1SEj/U9IMqkR2NDKKAM4wWRRkIkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzMjMz
MzIyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANOaegw
DQYJKoZIhvcNAQELBQADggEBABFncISr0Kr2QNxRA4Adt4wR8iCIPWBw8ZgT2B2a
sWF3t4K4Re1Ihrq9xfIfRSfRr1gynYwi5hPu34D4niZICneRsCRqHh6hTmfS1r0b
asaBUCzaK63IGVjPvL5YoqFzKD58VRbsuCchSYVUZg4GCg7fs118awJGgP6KU3NR
4MgWwmCGCQueo9GR3K2JTdPhsaOzsR+FYlW4py9IpxzKrUuMwCdsNPJs8KVVILTk
YWd0kFdfgLkQWtXxNo8UuqnXOGBEw4cJIz1Vs4IVedcVvdSC98WDaHZ8gaxs2MNb
iT5+2/HgWL7PT7dMs1MCI/+D9ssU/gJsu32YZhQtzcBa1n8=
-----END CERTIFICATE-----