Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39382e302f32332d3234203d3e20383334.roa
File:                     37382e3130352e39382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          dtgGMz36YLQaBVuVFrLgopCJ2FAkz4+klu/CHFSucQA=
Subject key identifier:   34:10:EF:51:BE:9A:27:F6:5D:85:55:86:3F:1E:34:92:F2:A8:94:12
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3D726EC718D1C0FE623C68C2C94D5F56F3E43F48
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39382e302f32332d3234203d3e20383334.roa
Signing time:             Wed 25 Mar 2026 02:21:16 +0000
ROA not before:           Wed 25 Mar 2026 02:16:16 +0000
ROA not after:            Wed 24 Mar 2027 02:21:16 +0000
asID:                     834
IP address blocks:        78.105.98.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:72:6e:c7:18:d1:c0:fe:62:3c:68:c2:c9:4d:5f:56:f3:e4:3f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 02:16:16 2026 GMT
            Not After : Mar 24 02:21:16 2027 GMT
        Subject: CN=3410EF51BE9A27F65D8555863F1E3492F2A89412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:43:ef:4e:10:fc:f2:fe:e7:44:5b:c2:85:a5:
                    c4:de:c5:9e:a2:f7:a1:89:7d:bb:b1:1c:3c:ac:37:
                    d2:a6:9e:e5:34:88:00:c9:4a:b0:0a:75:f0:07:bb:
                    76:a1:11:03:4e:19:5d:d0:1e:3f:c8:b7:9b:53:1d:
                    73:d1:4c:06:03:37:fb:19:c9:a8:df:62:fc:e7:e3:
                    d5:ce:e6:78:3f:cc:48:74:14:e5:a2:37:73:b2:07:
                    46:05:e7:ca:b0:03:84:ef:bb:e7:b7:bd:29:dc:af:
                    37:a0:72:dd:1e:62:fc:72:fc:65:f2:53:fc:77:d3:
                    43:ca:53:db:b4:e2:bc:78:df:12:f8:7f:b1:68:da:
                    21:4e:de:03:35:54:ab:e2:3c:c3:eb:2d:12:2e:36:
                    4b:5f:87:91:6a:e9:5c:28:fb:54:06:02:f5:6d:dc:
                    ab:ed:3c:4e:d3:80:58:f6:f1:9c:43:84:5e:64:67:
                    72:18:52:3f:cd:41:75:de:52:b9:93:d2:59:df:b7:
                    6f:18:f4:b5:27:57:09:54:86:8d:27:d6:7f:17:07:
                    9d:2b:57:15:28:6a:aa:03:df:76:c7:07:d0:61:89:
                    8f:19:8c:6d:4c:42:d1:b5:94:02:79:7f:50:24:56:
                    9f:2a:f1:8a:cf:3f:a6:fb:9a:81:7a:56:b6:89:69:
                    dd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:10:EF:51:BE:9A:27:F6:5D:85:55:86:3F:1E:34:92:F2:A8:94:12
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:13:6b:bf:d4:9a:e8:36:11:1e:5c:8e:e1:19:b0:7c:4b:2a:
         eb:17:f6:d1:4d:74:63:8f:52:b2:eb:4c:ff:bf:32:a6:6e:9d:
         49:a5:92:b7:e2:db:d8:33:44:e9:73:78:2e:75:68:bd:cb:51:
         ac:17:90:ee:a6:f1:cf:8c:7b:d1:70:63:48:85:64:c1:08:ab:
         04:50:a5:a5:f1:cd:6c:10:59:9e:8c:cc:d4:c3:52:b1:43:36:
         2c:64:16:54:21:59:45:7c:33:75:34:08:35:c7:70:1f:c1:0e:
         06:f2:45:ef:85:a5:98:2c:e6:6f:a0:10:ff:b4:89:74:52:87:
         0a:40:1e:13:03:2c:62:f7:36:8b:2a:7d:2b:12:94:df:7a:65:
         3b:38:89:04:e1:ca:21:a7:9e:8b:b8:18:21:08:02:34:85:7f:
         cd:75:9b:ea:dd:f7:39:78:27:69:39:32:2e:37:d1:5a:74:68:
         4d:87:9d:fa:ca:bb:6b:e2:76:a9:74:5d:1d:90:a2:7a:bf:48:
         9b:d1:25:04:13:e7:00:68:81:ed:c6:55:56:aa:4e:c5:2e:9a:
         5d:86:e8:a7:57:df:bb:78:0c:72:a8:5c:3d:7f:15:c5:37:96:
         88:63:d8:b1:13:b5:0a:3b:8a:ec:bf:1b:f3:1c:0c:6b:fe:5d:
         56:75:71:a8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUPXJuxxjRwP5iPGjCyU1fVvPkP0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwMjE2MTZaFw0yNzAzMjQwMjIxMTZaMDMxMTAvBgNV
BAMTKDM0MTBFRjUxQkU5QTI3RjY1RDg1NTU4NjNGMUUzNDkyRjJBODk0MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnQ+9OEPzy/udEW8KFpcTexZ6i
96GJfbuxHDysN9KmnuU0iADJSrAKdfAHu3ahEQNOGV3QHj/It5tTHXPRTAYDN/sZ
yajfYvzn49XO5ng/zEh0FOWiN3OyB0YF58qwA4Tvu+e3vSncrzegct0eYvxy/GXy
U/x300PKU9u04rx43xL4f7Fo2iFO3gM1VKviPMPrLRIuNktfh5Fq6Vwo+1QGAvVt
3KvtPE7TgFj28ZxDhF5kZ3IYUj/NQXXeUrmT0lnft28Y9LUnVwlUho0n1n8XB50r
VxUoaqoD33bHB9BhiY8ZjG1MQtG1lAJ5f1AkVp8q8YrPP6b7moF6VraJad3zAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUNBDvUb6aJ/ZdhVWGPx40kvKolBIwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzOTM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTmliMA0G
CSqGSIb3DQEBCwUAA4IBAQADE2u/1JroNhEeXI7hGbB8SyrrF/bRTXRjj1Ky60z/
vzKmbp1JpZK34tvYM0Tpc3gudWi9y1GsF5DupvHPjHvRcGNIhWTBCKsEUKWl8c1s
EFmejMzUw1KxQzYsZBZUIVlFfDN1NAg1x3AfwQ4G8kXvhaWYLOZvoBD/tIl0UocK
QB4TAyxi9zaLKn0rEpTfemU7OIkE4cohp56LuBghCAI0hX/NdZvq3fc5eCdpOTIu
N9FadGhNh536yrtr4napdF0dkKJ6v0ib0SUEE+cAaIHtxlVWqk7FLppdhuinV9+7
eAxyqFw9fxXFN5aIY9ixE7UKO4rsvxvzHAxr/l1WdXGo
-----END CERTIFICATE-----