Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa
File:                     37382e33312e3234392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          69Z2zcnezdISHbcl0exELHoWlDGXmZN2Hkt1OCELvzs=
Subject key identifier:   D4:96:F1:CF:ED:3E:B3:19:42:C8:4F:59:32:27:B8:A0:75:DF:AF:B7
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1B233939E9308D45F7E274BC8C337BD670295D56
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa
Signing time:             Sat 18 Oct 2025 06:09:11 +0000
ROA not before:           Sat 18 Oct 2025 06:04:11 +0000
ROA not after:            Sat 17 Oct 2026 06:09:11 +0000
asID:                     834
IP address blocks:        78.31.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:23:39:39:e9:30:8d:45:f7:e2:74:bc:8c:33:7b:d6:70:29:5d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 18 06:04:11 2025 GMT
            Not After : Oct 17 06:09:11 2026 GMT
        Subject: CN=D496F1CFED3EB31942C84F593227B8A075DFAFB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:08:bd:c3:cc:6e:9e:e2:29:c9:17:93:2d:53:
                    31:8a:7b:b3:85:b8:33:e1:80:3a:36:7b:e9:88:60:
                    8c:9f:9a:13:00:9b:e1:33:25:d7:dd:bc:61:e6:4c:
                    54:40:b4:bf:d4:97:39:31:b4:bd:f8:14:e5:72:e1:
                    3f:26:e9:d5:18:41:39:6f:85:43:21:b5:80:f1:51:
                    e3:09:e1:d9:0f:5e:e7:c0:0c:c1:97:b5:ad:90:5a:
                    c9:70:44:d1:45:db:2d:4d:54:bc:4a:79:ad:68:a5:
                    5a:14:e4:e4:7a:b9:55:b5:1d:92:31:08:f6:52:2b:
                    2e:80:7b:ee:4b:7d:50:97:9e:99:ab:f2:26:02:de:
                    64:d0:cf:83:f1:55:e7:c2:43:64:2c:49:11:68:cd:
                    5d:cb:ce:e5:56:4e:0e:c9:a2:d0:ce:25:8b:31:be:
                    02:4c:80:c5:a5:93:3f:78:0b:38:63:0a:3d:b4:14:
                    66:7d:0a:0e:cb:1b:7d:0c:b3:c2:a7:a2:a3:00:7c:
                    5e:2f:8d:96:3b:fc:ff:ca:82:7b:8f:f5:88:3d:45:
                    bf:25:ec:00:99:9e:3a:bc:b8:eb:41:69:96:c9:71:
                    15:fe:d2:1f:da:e1:97:7a:b8:a2:0f:1a:a6:a7:83:
                    b4:e3:f7:f1:a4:d7:19:ad:71:11:97:81:89:a2:11:
                    37:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:96:F1:CF:ED:3E:B3:19:42:C8:4F:59:32:27:B8:A0:75:DF:AF:B7
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ae:4e:ce:e1:4c:ad:67:f2:fe:17:d3:3d:02:ed:08:7d:0b:
         55:6c:10:56:03:38:5b:e7:c6:6e:19:cb:4a:3f:21:a0:f9:9c:
         1e:3b:14:da:6f:03:51:11:d6:85:ba:56:10:cd:bd:e8:e0:40:
         75:fa:21:82:e8:35:41:1e:52:59:ae:ca:5e:1c:e6:b6:55:fc:
         51:a1:6e:db:7a:42:da:8d:29:7e:d5:eb:ef:92:d4:44:03:61:
         de:e0:58:e7:a8:7a:06:5c:94:f4:99:0d:8c:ee:93:fb:b7:7f:
         e2:9e:89:a3:d3:91:e2:42:05:c1:66:32:2b:d1:a4:c9:f2:74:
         8e:f3:09:cf:ab:76:dc:8e:38:fd:15:a8:7b:0e:31:e7:73:6f:
         6d:c3:d1:39:8a:4d:16:52:fc:02:90:30:1e:a1:60:a5:a9:a4:
         3a:9c:f4:d6:d5:2d:8d:57:1b:62:15:d9:b3:6a:97:9e:a6:4e:
         24:7e:7d:1f:c9:3a:81:11:da:91:88:38:b3:72:5b:d7:e1:38:
         77:22:e2:31:5f:22:37:4f:6a:88:85:13:fd:08:47:dd:a2:8b:
         b3:63:ba:94:bb:ee:5a:b2:2f:ac:31:4d:00:3e:94:da:47:8a:
         10:5d:11:af:51:68:35:b6:f5:b5:2f:a3:df:1b:41:ab:e5:6e:
         e7:04:d2:61
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGyM5OekwjUX34nS8jDN71nApXVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMTgwNjA0MTFaFw0yNjEwMTcwNjA5MTFaMDMxMTAvBgNV
BAMTKEQ0OTZGMUNGRUQzRUIzMTk0MkM4NEY1OTMyMjdCOEEwNzVERkFGQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5CL3DzG6e4inJF5MtUzGKe7OF
uDPhgDo2e+mIYIyfmhMAm+EzJdfdvGHmTFRAtL/UlzkxtL34FOVy4T8m6dUYQTlv
hUMhtYDxUeMJ4dkPXufADMGXta2QWslwRNFF2y1NVLxKea1opVoU5OR6uVW1HZIx
CPZSKy6Ae+5LfVCXnpmr8iYC3mTQz4PxVefCQ2QsSRFozV3LzuVWTg7JotDOJYsx
vgJMgMWlkz94CzhjCj20FGZ9Cg7LG30Ms8KnoqMAfF4vjZY7/P/KgnuP9Yg9Rb8l
7ACZnjq8uOtBaZbJcRX+0h/a4Zd6uKIPGqang7Tj9/Gk1xmtcRGXgYmiETdBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1Jbxz+0+sxlCyE9ZMie4oHXfr7cwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/5MA0G
CSqGSIb3DQEBCwUAA4IBAQBxrk7O4UytZ/L+F9M9Au0IfQtVbBBWAzhb58ZuGctK
PyGg+ZweOxTabwNREdaFulYQzb3o4EB1+iGC6DVBHlJZrspeHOa2VfxRoW7bekLa
jSl+1evvktREA2He4FjnqHoGXJT0mQ2M7pP7t3/inomj05HiQgXBZjIr0aTJ8nSO
8wnPq3bcjjj9Fah7DjHnc29tw9E5ik0WUvwCkDAeoWClqaQ6nPTW1S2NVxtiFdmz
apeepk4kfn0fyTqBEdqRiDizclvX4Th3IuIxXyI3T2qIhRP9CEfdoouzY7qUu+5a
si+sMU0APpTaR4oQXRGvUWg1tvW1L6PfG0Gr5W7nBNJh
-----END CERTIFICATE-----