Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa
File:                     37382e33312e3234382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          v1L33ws8y4XxYAqFLtjWRBHufk0FcOgCVyMI3hnjPxA=
Subject key identifier:   8F:25:92:9C:40:15:33:28:1C:17:C3:42:92:02:2C:82:4B:D6:73:97
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       104ED8E9716A7ECF6A925EA2F903AF2B10D3584A
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa
Signing time:             Thu 12 Mar 2026 11:55:51 +0000
ROA not before:           Thu 12 Mar 2026 11:50:51 +0000
ROA not after:            Thu 11 Mar 2027 11:55:51 +0000
asID:                     834
IP address blocks:        78.31.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:4e:d8:e9:71:6a:7e:cf:6a:92:5e:a2:f9:03:af:2b:10:d3:58:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 12 11:50:51 2026 GMT
            Not After : Mar 11 11:55:51 2027 GMT
        Subject: CN=8F25929C401533281C17C34292022C824BD67397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:dc:56:37:60:00:c7:bd:91:e6:62:f7:91:da:
                    3c:99:f7:97:c8:7d:86:4f:f7:96:17:73:b8:56:45:
                    18:a4:fe:88:20:b3:9e:6f:25:77:91:d3:49:4d:fd:
                    9b:07:9b:32:3d:79:38:9a:3d:ee:b3:e2:ad:64:be:
                    3e:78:da:c5:ef:49:f1:f6:51:f5:db:9f:57:ec:93:
                    29:b5:26:d7:df:b2:7a:21:0e:70:08:f4:f8:de:ea:
                    c5:47:60:f9:de:f8:be:6f:f5:02:7d:24:2a:9b:cd:
                    46:8f:93:17:8b:41:8d:47:e4:ad:98:22:70:64:2c:
                    30:61:7b:ac:3f:7e:b3:14:b1:bd:39:9b:bf:40:0c:
                    94:6b:cd:97:ac:a3:88:51:23:b5:24:c2:2a:c2:2f:
                    c5:ff:fe:46:1f:a3:69:29:4f:8f:ab:40:94:58:02:
                    5e:71:8d:ac:39:f0:5d:a1:f3:85:2f:39:9f:2e:48:
                    54:b2:6b:a6:60:71:2d:d6:b0:1b:71:44:e2:84:2b:
                    38:66:56:cc:50:29:5b:65:d4:9d:57:e4:f6:a2:43:
                    85:fe:2c:25:82:33:54:e6:1c:4a:41:34:23:91:ba:
                    1d:bd:92:9e:9d:9a:af:2e:21:d5:27:64:a3:6d:ed:
                    b4:56:0a:3d:49:41:53:d3:27:36:7d:19:0c:5e:1a:
                    d7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:25:92:9C:40:15:33:28:1C:17:C3:42:92:02:2C:82:4B:D6:73:97
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2d:76:0f:33:eb:62:ba:f7:eb:18:1e:22:5d:f7:4c:66:65:
         be:6c:d9:42:2f:ce:c7:ee:63:d1:21:7b:49:75:8b:ef:58:52:
         00:cf:74:20:45:07:07:af:49:3e:f1:15:da:78:d6:22:e1:eb:
         92:e4:dc:05:d5:87:db:ec:9b:5a:34:39:c0:2c:eb:ce:ef:5a:
         0e:84:b7:46:34:fd:34:b0:74:03:79:db:95:b1:45:b3:3b:ca:
         8b:02:b8:fb:9a:e5:f5:78:24:bc:17:87:24:93:c9:3b:b6:19:
         b8:36:7b:e6:e8:76:5f:d9:a2:ac:30:ac:02:3a:1e:76:6e:77:
         3c:23:77:55:35:3e:dd:33:9e:d0:b1:fc:7f:7d:a3:fd:a1:da:
         03:4a:5f:bc:08:9c:18:4b:78:01:f0:75:50:b0:1d:c8:ff:74:
         63:7a:c4:84:f2:1c:23:3a:18:7d:86:6d:d8:ec:86:66:ee:99:
         09:d0:5b:45:ba:18:7f:0b:9a:d9:6f:48:fd:85:68:fc:07:14:
         53:0a:29:5b:fe:5d:c0:69:a9:ba:c8:05:05:f6:15:70:07:c3:
         32:38:53:e8:9b:e6:f1:76:aa:ec:90:cd:37:ec:a7:8c:a3:da:
         fa:a1:9d:65:d6:23:28:37:16:90:12:91:ef:f2:73:3e:aa:eb:
         4e:c1:da:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUEE7Y6XFqfs9qkl6i+QOvKxDTWEowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMTIxMTUwNTFaFw0yNzAzMTExMTU1NTFaMDMxMTAvBgNV
BAMTKDhGMjU5MjlDNDAxNTMzMjgxQzE3QzM0MjkyMDIyQzgyNEJENjczOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh3FY3YADHvZHmYveR2jyZ95fI
fYZP95YXc7hWRRik/oggs55vJXeR00lN/ZsHmzI9eTiaPe6z4q1kvj542sXvSfH2
UfXbn1fskym1JtffsnohDnAI9Pje6sVHYPne+L5v9QJ9JCqbzUaPkxeLQY1H5K2Y
InBkLDBhe6w/frMUsb05m79ADJRrzZeso4hRI7UkwirCL8X//kYfo2kpT4+rQJRY
Al5xjaw58F2h84UvOZ8uSFSya6ZgcS3WsBtxROKEKzhmVsxQKVtl1J1X5PaiQ4X+
LCWCM1TmHEpBNCORuh29kp6dmq8uIdUnZKNt7bRWCj1JQVPTJzZ9GQxeGtcjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUjyWSnEAVMygcF8NCkgIsgkvWc5cwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBtLXYPM+tiuvfrGB4iXfdMZmW+bNlCL87H7mPRIXtJ
dYvvWFIAz3QgRQcHr0k+8RXaeNYi4euS5NwF1Yfb7JtaNDnALOvO71oOhLdGNP00
sHQDeduVsUWzO8qLArj7muX1eCS8F4ckk8k7thm4Nnvm6HZf2aKsMKwCOh52bnc8
I3dVNT7dM57Qsfx/faP9odoDSl+8CJwYS3gB8HVQsB3I/3RjesSE8hwjOhh9hm3Y
7IZm7pkJ0FtFuhh/C5rZb0j9hWj8BxRTCilb/l3Aaam6yAUF9hVwB8MyOFPom+bx
dqrskM037KeMo9r6oZ1l1iMoNxaQEpHv8nM+qutOwdpl
-----END CERTIFICATE-----