Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39372e302f32342d3234203d3e20383334.roa
File:                     37382e3130352e39372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          s2euKsFmI9GX5Ua8xaa8RD0IbHqn/M+8gqSZ/cM0tS4=
Subject key identifier:   1D:53:0B:92:C7:6D:04:89:3F:5B:87:8B:10:AB:4E:87:4E:FD:98:F3
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       433E9C531BED7F3CB6A8AD7ED85936318E202CE1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 25 Mar 2026 02:21:16 +0000
ROA not before:           Wed 25 Mar 2026 02:16:16 +0000
ROA not after:            Wed 24 Mar 2027 02:21:16 +0000
asID:                     834
IP address blocks:        78.105.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:3e:9c:53:1b:ed:7f:3c:b6:a8:ad:7e:d8:59:36:31:8e:20:2c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 02:16:16 2026 GMT
            Not After : Mar 24 02:21:16 2027 GMT
        Subject: CN=1D530B92C76D04893F5B878B10AB4E874EFD98F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:62:6c:d5:40:84:aa:0d:a4:3a:06:e5:97:d9:
                    94:17:d6:fd:84:12:fc:50:b2:f3:13:cb:a1:f5:cb:
                    66:18:77:87:7f:80:65:f6:f1:65:1e:5c:2c:c4:cb:
                    dd:fa:23:90:fa:ea:2c:53:54:7c:61:5f:42:d6:e5:
                    20:91:09:1d:08:83:e8:8e:29:34:c8:af:a8:2a:da:
                    e5:ea:eb:4c:8e:2e:cb:26:de:76:00:ba:d4:83:c5:
                    c5:b3:2e:85:39:ba:fb:ab:9d:8d:ed:4d:54:31:87:
                    59:d6:b9:d2:c4:30:83:09:a1:7c:19:a0:ff:f8:5f:
                    ce:40:61:fb:ea:67:cd:43:fd:b2:6e:42:13:e3:3f:
                    0b:31:1b:bc:00:cf:94:d4:0e:27:8d:99:d5:71:8c:
                    0e:ec:14:17:d2:e3:d5:26:3e:c6:97:f1:0d:bc:be:
                    3b:39:9a:41:c6:29:47:da:0f:fb:b5:d5:ce:c5:d0:
                    1e:0f:18:60:76:ab:84:fb:c4:ce:9a:98:36:8f:e0:
                    e5:58:18:c6:d0:bd:87:8d:7b:d7:05:2f:13:ea:75:
                    72:01:df:ab:a4:80:b9:17:46:35:d9:7b:d8:fb:b0:
                    12:37:47:6e:f6:2a:f7:95:c3:f3:83:86:df:84:8b:
                    18:c8:08:95:13:85:70:c7:56:e2:00:17:ed:51:b7:
                    56:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:53:0B:92:C7:6D:04:89:3F:5B:87:8B:10:AB:4E:87:4E:FD:98:F3
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:c8:de:e5:b0:1b:ed:15:6d:50:7c:2e:1f:0e:d4:69:2b:c5:
         bb:07:bd:c3:de:7a:71:b5:51:11:1e:9e:ca:bb:51:4b:98:29:
         22:b4:c5:29:eb:da:76:61:4e:55:84:d4:2b:95:21:e1:c8:d1:
         f5:2a:51:b0:2b:d4:85:b8:6d:2b:33:ff:f3:0b:2f:87:cc:18:
         17:e1:f7:44:e6:51:12:d6:44:36:57:a3:0e:89:e0:58:70:6d:
         92:8d:e4:87:fc:f4:a4:78:32:24:8a:6c:2f:f1:e1:d6:8a:ab:
         99:95:28:0f:9f:30:de:37:e5:dc:29:0e:5b:53:5c:3f:b9:9b:
         a3:7a:80:f4:b7:fb:cf:e2:e2:c9:0b:03:c6:d5:cf:d4:fd:8f:
         ef:57:30:c6:22:88:94:05:22:02:b8:da:b4:b7:a3:a8:1c:14:
         51:20:fb:87:4e:c8:90:ab:8c:08:4b:b8:e3:93:6d:2e:3d:02:
         5b:9e:6d:87:ce:cc:88:70:65:d6:39:40:17:c9:89:ec:b6:4b:
         c5:be:9b:11:e3:39:8e:f5:6a:dc:dc:34:03:8d:b4:69:f9:50:
         68:1c:04:72:82:cb:2b:75:cf:39:8d:a7:b6:95:89:cf:f9:f0:
         81:04:79:ce:ae:80:28:25:34:c0:ec:a3:3f:5e:9c:68:aa:30:
         8e:7f:24:6a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQz6cUxvtfzy2qK1+2Fk2MY4gLOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwMjE2MTZaFw0yNzAzMjQwMjIxMTZaMDMxMTAvBgNV
BAMTKDFENTMwQjkyQzc2RDA0ODkzRjVCODc4QjEwQUI0RTg3NEVGRDk4RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7YmzVQISqDaQ6BuWX2ZQX1v2E
EvxQsvMTy6H1y2YYd4d/gGX28WUeXCzEy936I5D66ixTVHxhX0LW5SCRCR0Ig+iO
KTTIr6gq2uXq60yOLssm3nYAutSDxcWzLoU5uvurnY3tTVQxh1nWudLEMIMJoXwZ
oP/4X85AYfvqZ81D/bJuQhPjPwsxG7wAz5TUDieNmdVxjA7sFBfS49UmPsaX8Q28
vjs5mkHGKUfaD/u11c7F0B4PGGB2q4T7xM6amDaP4OVYGMbQvYeNe9cFLxPqdXIB
36ukgLkXRjXZe9j7sBI3R272KveVw/ODht+EixjICJUThXDHVuIAF+1Rt1adAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHVMLksdtBIk/W4eLEKtOh079mPMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzOTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmlhMA0G
CSqGSIb3DQEBCwUAA4IBAQAVyN7lsBvtFW1QfC4fDtRpK8W7B73D3npxtVERHp7K
u1FLmCkitMUp69p2YU5VhNQrlSHhyNH1KlGwK9SFuG0rM//zCy+HzBgX4fdE5lES
1kQ2V6MOieBYcG2SjeSH/PSkeDIkimwv8eHWiquZlSgPnzDeN+XcKQ5bU1w/uZuj
eoD0t/vP4uLJCwPG1c/U/Y/vVzDGIoiUBSICuNq0t6OoHBRRIPuHTsiQq4wIS7jj
k20uPQJbnm2HzsyIcGXWOUAXyYnstkvFvpsR4zmO9Wrc3DQDjbRp+VBoHARygssr
dc85jae2lYnP+fCBBHnOroAoJTTA7KM/XpxoqjCOfyRq
-----END CERTIFICATE-----