Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/39322e3131382e36322e302f32342d3234203d3e20383334.roa
File:                     39322e3131382e36322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Hb7+G3d1pJDDOECKpgipqGhLc5Q02n9hqk0pHaFLF3A=
Subject key identifier:   F0:11:FE:ED:3B:55:C8:94:8B:DA:4E:9F:B4:4A:10:3E:07:9C:A5:B2
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       78379155D7D2DEF7AA47D64F999B68BBD65814D9
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/39322e3131382e36322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 10 Mar 2026 07:11:49 +0000
ROA not before:           Tue 10 Mar 2026 07:06:49 +0000
ROA not after:            Tue 09 Mar 2027 07:11:49 +0000
asID:                     834
IP address blocks:        92.118.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:37:91:55:d7:d2:de:f7:aa:47:d6:4f:99:9b:68:bb:d6:58:14:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Mar 10 07:06:49 2026 GMT
            Not After : Mar  9 07:11:49 2027 GMT
        Subject: CN=F011FEED3B55C8948BDA4E9FB44A103E079CA5B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5f:c9:90:84:21:b2:38:b1:31:70:31:9d:f2:
                    1d:c5:25:b8:fd:43:45:eb:04:c1:84:c1:8c:d4:35:
                    5e:92:b5:a9:d5:f2:d3:3d:79:94:1d:a3:5f:72:b8:
                    0a:bb:5f:89:42:d8:23:2b:31:da:c2:35:58:50:e1:
                    cd:09:b7:88:b8:15:c6:b5:53:c7:d7:21:84:94:db:
                    f7:fa:dd:42:f1:e2:ee:5e:7f:28:eb:1e:09:ce:c3:
                    93:4c:83:72:c6:10:f9:50:89:9a:b3:45:d9:32:65:
                    38:54:e1:b4:01:01:07:5e:a3:94:48:0f:1d:a3:f5:
                    f7:8e:ec:06:40:58:7b:a7:56:e6:84:34:96:9d:89:
                    91:01:03:ce:a3:f0:95:76:5e:e8:c4:1e:2b:8a:50:
                    60:3c:25:50:12:ce:ac:67:c3:ec:56:c9:7f:1a:9d:
                    f5:11:8e:10:6f:c6:a2:03:f5:93:a3:c7:7b:4a:39:
                    da:bb:81:c0:b3:ec:2f:5f:53:04:c9:d7:37:ad:71:
                    47:a8:ca:41:dd:6f:d7:4b:78:02:78:fe:6c:98:9c:
                    5d:8e:88:e5:e6:86:a1:e6:07:dd:29:af:37:32:69:
                    35:14:7e:4f:2a:ca:80:62:72:31:b0:bc:da:de:c8:
                    3a:ac:dc:73:26:8e:76:60:62:d8:4d:04:25:72:77:
                    7f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:11:FE:ED:3B:55:C8:94:8B:DA:4E:9F:B4:4A:10:3E:07:9C:A5:B2
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/39322e3131382e36322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:c2:82:7b:91:bd:c2:b4:1f:ac:5b:ae:dd:07:4a:f1:6e:3d:
         81:cf:fb:5d:3b:a3:e6:98:29:59:1c:77:c4:9a:5e:8c:42:3f:
         fb:fa:04:1d:7e:06:e0:45:93:5f:86:f5:0f:63:b1:2c:76:f7:
         4e:84:4b:db:05:8d:8c:be:a9:a0:1a:41:79:25:2c:81:5e:ff:
         c5:3f:93:a4:12:29:31:26:b7:4e:1f:b4:82:4d:4a:7f:6b:ec:
         a2:52:6e:42:aa:ce:36:d3:32:f5:ad:e5:4c:da:e7:44:ee:3b:
         98:2a:37:d0:41:c4:f6:99:e0:95:0c:80:fb:f7:82:9a:10:d9:
         a2:17:c2:eb:d5:6d:c9:3d:f0:d6:f6:25:e9:71:7f:f7:ea:52:
         34:0f:6f:d7:b0:c2:3f:20:c2:5c:52:d9:0c:4c:6a:54:e8:96:
         f6:72:52:dd:7b:88:4b:82:02:83:54:21:ae:92:c8:0e:77:ff:
         59:88:9a:8a:71:87:16:65:78:09:6f:ed:d1:cd:ce:16:65:cb:
         7f:62:96:8a:bb:68:21:8a:a2:00:a2:bc:26:6d:0d:a9:f0:f1:
         56:e0:d9:29:bd:5c:cb:31:24:68:bd:35:eb:c8:3f:41:68:a1:
         14:f0:6c:6e:2a:d9:1c:23:b6:37:02:c2:2b:38:7f:f7:dd:ed:
         a4:b6:cb:5b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUeDeRVdfS3veqR9ZPmZtou9ZYFNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNjAzMTAwNzA2NDlaFw0yNzAzMDkwNzExNDlaMDMxMTAvBgNV
BAMTKEYwMTFGRUVEM0I1NUM4OTQ4QkRBNEU5RkI0NEExMDNFMDc5Q0E1QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhX8mQhCGyOLExcDGd8h3FJbj9
Q0XrBMGEwYzUNV6StanV8tM9eZQdo19yuAq7X4lC2CMrMdrCNVhQ4c0Jt4i4Fca1
U8fXIYSU2/f63ULx4u5efyjrHgnOw5NMg3LGEPlQiZqzRdkyZThU4bQBAQdeo5RI
Dx2j9feO7AZAWHunVuaENJadiZEBA86j8JV2XujEHiuKUGA8JVASzqxnw+xWyX8a
nfURjhBvxqID9ZOjx3tKOdq7gcCz7C9fUwTJ1zetcUeoykHdb9dLeAJ4/myYnF2O
iOXmhqHmB90przcyaTUUfk8qyoBicjGwvNreyDqs3HMmjnZgYthNBCVyd38zAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQU8BH+7TtVyJSL2k6ftEoQPgecpbIwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zOTMyMmUzMTMxMzgy
ZTM2MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABc
dj4wDQYJKoZIhvcNAQELBQADggEBALjCgnuRvcK0H6xbrt0HSvFuPYHP+107o+aY
KVkcd8SaXoxCP/v6BB1+BuBFk1+G9Q9jsSx2906ES9sFjYy+qaAaQXklLIFe/8U/
k6QSKTEmt04ftIJNSn9r7KJSbkKqzjbTMvWt5Uza50TuO5gqN9BBxPaZ4JUMgPv3
gpoQ2aIXwuvVbck98Nb2Jelxf/fqUjQPb9ewwj8gwlxS2QxMalTolvZyUt17iEuC
AoNUIa6SyA53/1mImopxhxZleAlv7dHNzhZly39iloq7aCGKogCivCZtDanw8Vbg
2Sm9XMsxJGi9NevIP0FooRTwbG4q2RwjtjcCwis4f/fd7aS2y1s=
-----END CERTIFICATE-----