Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa
File:                     37382e33312e3234392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          4AsQW0TbK4Oy719jjJTf3ksViZ1bXDlBRiSKrFpSMHI=
Subject key identifier:   A9:18:45:A0:17:7C:4E:4E:E8:5F:AD:45:E8:77:9D:09:00:48:5B:FB
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       2640DCB9B25C4566D4B2E3FA83F5255C6F026AD7
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Mar 2026 13:29:32 +0000
ROA not before:           Tue 17 Mar 2026 13:24:32 +0000
ROA not after:            Tue 16 Mar 2027 13:29:32 +0000
asID:                     834
IP address blocks:        78.31.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:40:dc:b9:b2:5c:45:66:d4:b2:e3:fa:83:f5:25:5c:6f:02:6a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 17 13:24:32 2026 GMT
            Not After : Mar 16 13:29:32 2027 GMT
        Subject: CN=A91845A0177C4E4EE85FAD45E8779D0900485BFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a4:67:ab:96:0b:6a:c4:2f:a0:ff:ec:61:56:
                    4d:1b:1b:0a:1b:68:ee:ed:b8:a5:ce:63:63:71:7b:
                    4d:a4:be:5a:2e:6d:bd:3a:28:35:30:f4:02:45:59:
                    6d:1d:49:61:13:37:90:25:1d:a2:c5:52:17:48:b1:
                    80:7b:b7:ed:a5:de:80:dd:4b:38:f6:ac:c0:e8:14:
                    f5:52:2b:9d:0e:22:29:73:2a:f6:d5:24:3a:7f:8e:
                    ac:fa:b1:f7:02:b5:a7:01:d2:6e:84:d0:ce:c4:1e:
                    1b:bb:9f:ae:89:8a:74:70:d6:28:70:b2:29:c2:63:
                    33:0f:6f:a2:6a:c0:72:a1:66:d6:40:34:ed:26:de:
                    c2:83:c4:6a:cd:53:24:e7:dd:6e:09:05:37:41:42:
                    18:64:71:7b:7f:c6:a1:98:b1:29:9b:e0:10:c9:63:
                    ec:6a:98:37:12:6c:90:e3:c8:07:76:7a:b3:71:3a:
                    b4:d0:92:b7:3d:d0:19:f1:df:fd:c7:70:98:db:a5:
                    a7:33:f2:e0:3d:56:3e:24:6f:2c:9b:94:49:ef:da:
                    a8:07:2e:cd:3c:2b:4a:1c:55:ce:dd:66:f0:ce:02:
                    b0:ce:80:21:2b:21:92:62:11:5c:64:fb:d3:9a:d1:
                    0f:a3:9e:fa:4c:c3:cb:7c:a8:1f:c6:5e:44:46:0c:
                    41:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:18:45:A0:17:7C:4E:4E:E8:5F:AD:45:E8:77:9D:09:00:48:5B:FB
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:cb:2c:bd:cc:1b:dc:05:95:34:06:4d:80:61:86:5c:97:49:
         82:58:8f:36:e8:14:9b:8d:63:b1:96:db:8d:f5:bd:d1:11:85:
         2a:97:4b:1b:67:10:cf:ff:41:d6:43:17:64:48:4a:e3:40:ad:
         00:64:46:79:1d:94:35:33:e9:42:b6:05:cf:e7:f2:25:17:45:
         31:f3:a0:8a:45:7b:38:81:bd:7c:41:d5:d1:9d:4f:7e:27:ca:
         26:53:4d:49:2e:42:25:22:d4:07:f7:e9:f4:72:a4:05:64:6f:
         de:7e:71:31:db:2d:a0:27:9a:19:7a:a8:03:24:3c:b7:4a:ae:
         20:aa:a8:86:65:ae:5e:f6:d4:a0:0f:c0:8a:da:d1:0f:b1:d5:
         d9:48:19:dd:13:e4:47:89:1a:68:f6:81:5d:71:e0:18:6f:4e:
         15:82:89:a6:40:76:38:89:dd:39:a7:3e:0a:51:84:65:6e:19:
         fc:4c:f4:be:90:a3:ef:93:d2:1d:f8:fc:b8:72:9d:91:75:dc:
         0b:90:ea:87:5a:24:64:9f:ed:27:5d:74:54:b5:58:d4:3b:68:
         8a:d9:9c:f4:9f:54:bf:fe:4d:5b:7c:a1:39:2e:7f:61:0c:eb:
         2f:ba:39:8d:e0:eb:7f:e5:b1:a0:a9:94:b4:a8:0e:22:5b:11:
         13:da:c6:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJkDcubJcRWbUsuP6g/UlXG8CatcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMTcxMzI0MzJaFw0yNzAzMTYxMzI5MzJaMDMxMTAvBgNV
BAMTKEE5MTg0NUEwMTc3QzRFNEVFODVGQUQ0NUU4Nzc5RDA5MDA0ODVCRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6pGerlgtqxC+g/+xhVk0bGwob
aO7tuKXOY2Nxe02kvloubb06KDUw9AJFWW0dSWETN5AlHaLFUhdIsYB7t+2l3oDd
Szj2rMDoFPVSK50OIilzKvbVJDp/jqz6sfcCtacB0m6E0M7EHhu7n66JinRw1ihw
sinCYzMPb6JqwHKhZtZANO0m3sKDxGrNUyTn3W4JBTdBQhhkcXt/xqGYsSmb4BDJ
Y+xqmDcSbJDjyAd2erNxOrTQkrc90Bnx3/3HcJjbpacz8uA9Vj4kbyyblEnv2qgH
Ls08K0ocVc7dZvDOArDOgCErIZJiEVxk+9Oa0Q+jnvpMw8t8qB/GXkRGDEFpAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqRhFoBd8Tk7oX61F6HedCQBIW/swHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/5MA0G
CSqGSIb3DQEBCwUAA4IBAQCiyyy9zBvcBZU0Bk2AYYZcl0mCWI826BSbjWOxltuN
9b3REYUql0sbZxDP/0HWQxdkSErjQK0AZEZ5HZQ1M+lCtgXP5/IlF0Ux86CKRXs4
gb18QdXRnU9+J8omU01JLkIlItQH9+n0cqQFZG/efnEx2y2gJ5oZeqgDJDy3Sq4g
qqiGZa5e9tSgD8CK2tEPsdXZSBndE+RHiRpo9oFdceAYb04VgommQHY4id05pz4K
UYRlbhn8TPS+kKPvk9Id+Py4cp2RddwLkOqHWiRkn+0nXXRUtVjUO2iK2Zz0n1S/
/k1bfKE5Ln9hDOsvujmN4Ot/5bGgqZS0qA4iWxET2sZl
-----END CERTIFICATE-----