Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20383334.roa
File:                     37382e33312e3235312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3c+X3nx3aPWnE/nybMff6CXXbhYw64NJt/hPQxxTdFE=
Subject key identifier:   B7:0E:78:11:86:0A:F7:75:76:48:65:CB:E5:5D:24:48:07:03:AC:7F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4CF53D25EAA9BAF3E851A511F8183B012FE5984F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20383334.roa
Signing time:             Sat 18 Oct 2025 06:08:47 +0000
ROA not before:           Sat 18 Oct 2025 06:03:47 +0000
ROA not after:            Sat 17 Oct 2026 06:08:47 +0000
asID:                     834
IP address blocks:        78.31.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:f5:3d:25:ea:a9:ba:f3:e8:51:a5:11:f8:18:3b:01:2f:e5:98:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 18 06:03:47 2025 GMT
            Not After : Oct 17 06:08:47 2026 GMT
        Subject: CN=B70E7811860AF775764865CBE55D24480703AC7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:db:e5:c4:c9:8b:50:cb:99:3f:35:49:18:32:
                    c3:00:74:f4:5f:0d:46:78:fa:97:a5:3e:81:09:fe:
                    00:29:97:9c:36:3b:25:78:3c:cd:f2:fa:3c:44:26:
                    89:2c:13:58:60:f8:b9:7d:d1:5b:be:47:14:fd:b9:
                    22:6f:d8:1a:8e:15:8e:f2:c4:d7:f1:ec:bb:ad:04:
                    91:93:75:27:b7:78:ae:87:c0:b3:f6:3f:27:30:97:
                    73:d5:74:25:36:b4:28:1d:e7:85:8b:07:47:a1:1e:
                    22:08:b6:e1:d8:a3:74:2d:cf:38:68:e3:62:e4:45:
                    1b:f0:3c:6a:83:3b:cb:86:5f:ad:6b:9c:d0:50:cc:
                    cf:25:af:e2:b9:81:bf:57:1c:0a:3f:1a:11:e1:af:
                    82:fa:bb:10:cd:7c:ba:51:19:2b:46:b3:c0:2a:3b:
                    80:a0:30:bb:05:3d:85:35:61:36:db:a1:fd:aa:13:
                    19:b3:c6:80:86:60:a9:1f:ba:e2:82:69:46:5d:bd:
                    b3:45:23:41:4c:83:8d:02:6c:47:c4:58:41:a8:8f:
                    eb:ec:32:eb:f6:cf:c7:d2:88:db:03:8d:59:ed:29:
                    8d:a6:4d:07:e9:62:3f:b1:70:d5:f2:a3:5b:e3:d6:
                    6d:3b:4b:8d:9e:80:e3:2d:95:99:33:1b:86:ee:2e:
                    21:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:0E:78:11:86:0A:F7:75:76:48:65:CB:E5:5D:24:48:07:03:AC:7F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b9:22:3b:ac:09:1a:d6:7a:ca:de:6e:16:a5:55:14:ab:9d:
         a4:5f:04:f3:ae:79:6d:b8:2f:66:51:4f:ef:21:29:fe:69:73:
         8c:4f:1b:fc:e9:7f:c7:ad:7d:e4:c9:66:09:f4:2e:91:85:03:
         94:39:3b:1f:64:c0:45:44:86:1d:a7:0c:52:7d:7d:49:0f:ba:
         16:32:29:b9:f7:eb:2e:c1:e7:ae:6f:83:3b:86:b4:09:d2:c1:
         2a:97:1a:9c:d5:02:9c:e9:22:f4:fc:25:88:0b:e0:a4:56:89:
         36:08:c2:70:ce:26:ff:5b:62:19:c1:d6:48:42:79:5f:28:c0:
         1f:5f:b9:4d:47:79:ab:a8:d8:97:55:27:22:79:4a:e2:e3:09:
         bc:00:58:ff:b7:ad:84:32:cd:3c:ab:95:3f:5f:5f:ce:f6:b4:
         f6:9d:df:62:0c:ff:12:24:83:73:6b:e0:0a:44:c3:e6:75:cc:
         e4:f4:c3:92:16:d5:5d:39:2b:75:39:ab:84:ca:01:64:a5:37:
         09:6c:84:48:63:d7:0b:1b:8a:85:2a:0f:51:aa:26:87:7c:6c:
         45:4f:e0:84:6b:67:ab:77:d5:89:b0:a2:1c:fd:7a:6c:1f:0a:
         90:ba:6e:a5:07:84:dd:f6:99:c8:44:f6:7e:3f:38:26:b7:c4:
         1d:4e:bc:40
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUTPU9JeqpuvPoUaUR+Bg7AS/lmE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMTgwNjAzNDdaFw0yNjEwMTcwNjA4NDdaMDMxMTAvBgNV
BAMTKEI3MEU3ODExODYwQUY3NzU3NjQ4NjVDQkU1NUQyNDQ4MDcwM0FDN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2+XEyYtQy5k/NUkYMsMAdPRf
DUZ4+pelPoEJ/gApl5w2OyV4PM3y+jxEJoksE1hg+Ll90Vu+RxT9uSJv2BqOFY7y
xNfx7LutBJGTdSe3eK6HwLP2Pycwl3PVdCU2tCgd54WLB0ehHiIItuHYo3Qtzzho
42LkRRvwPGqDO8uGX61rnNBQzM8lr+K5gb9XHAo/GhHhr4L6uxDNfLpRGStGs8Aq
O4CgMLsFPYU1YTbbof2qExmzxoCGYKkfuuKCaUZdvbNFI0FMg40CbEfEWEGoj+vs
Muv2z8fSiNsDjVntKY2mTQfpYj+xcNXyo1vj1m07S42egOMtlZkzG4buLiHrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtw54EYYK93V2SGXL5V0kSAcDrH8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/7MA0G
CSqGSIb3DQEBCwUAA4IBAQAzuSI7rAka1nrK3m4WpVUUq52kXwTzrnltuC9mUU/v
ISn+aXOMTxv86X/HrX3kyWYJ9C6RhQOUOTsfZMBFRIYdpwxSfX1JD7oWMim59+su
weeub4M7hrQJ0sEqlxqc1QKc6SL0/CWIC+CkVok2CMJwzib/W2IZwdZIQnlfKMAf
X7lNR3mrqNiXVScieUri4wm8AFj/t62EMs08q5U/X1/O9rT2nd9iDP8SJINza+AK
RMPmdczk9MOSFtVdOSt1OauEygFkpTcJbIRIY9cLG4qFKg9RqiaHfGxFT+CEa2er
d9WJsKIc/XpsHwqQum6lB4Td9pnIRPZ+Pzgmt8QdTrxA
-----END CERTIFICATE-----