Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/37382e34312e34382e302f32322d3234203d3e2038383230.roa
File:                     37382e34312e34382e302f32322d3234203d3e2038383230.roa (raw, json)
Hash identifier:          RswOHjmxibJ5IFZuD+ZGzZ9fwgNMDbturSliustz+vc=
Subject key identifier:   C0:44:9A:AD:13:1B:2D:AE:3F:A6:09:F9:C9:29:EB:83:32:99:9B:C0
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       0E011206DB84B4EBC13EDFAFB94F79F0C3C14088
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/37382e34312e34382e302f32322d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     8820
IP address blocks:        78.41.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:01:12:06:db:84:b4:eb:c1:3e:df:af:b9:4f:79:f0:c3:c1:40:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=C0449AAD131B2DAE3FA609F9C929EB8332999BC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:16:b1:06:68:45:13:7f:ce:fd:23:9c:6f:
                    37:6a:1b:31:6c:2b:2c:bd:43:3e:ac:32:9c:05:46:
                    84:38:b0:24:6a:0b:63:d6:d4:9e:95:1c:9d:0c:a6:
                    a1:7e:9a:96:e1:2b:e2:3a:f9:00:6c:7a:56:21:1a:
                    75:5c:df:5c:0f:40:d8:3b:4e:d7:6f:92:9d:16:49:
                    ce:8a:81:ca:70:85:43:86:04:97:f7:df:3e:74:1d:
                    84:05:11:4b:48:1f:80:61:5d:5b:ec:cf:f0:91:03:
                    80:a6:ad:3d:ac:33:ff:85:fc:6b:16:94:5d:7f:85:
                    e7:d3:01:36:f1:3e:83:b0:b6:5b:45:5c:67:bc:08:
                    b1:0e:51:cf:cc:19:79:b2:fe:08:21:5a:2b:0e:bd:
                    c2:29:1d:46:47:07:55:32:24:ad:31:e9:48:9d:6b:
                    6f:17:8e:ec:02:cc:50:8e:e1:8e:48:fb:7b:7e:4e:
                    dc:23:a9:95:12:f9:86:b9:2f:03:85:83:d4:05:ad:
                    83:71:5b:c1:ab:e3:52:53:dc:45:2e:a0:5f:e8:da:
                    80:e7:25:82:e6:e9:0d:25:06:cf:6d:97:8b:e5:7b:
                    d5:ff:89:eb:18:9a:fb:4d:ef:5c:24:2d:80:c2:34:
                    6d:fc:92:84:54:62:d6:ff:ed:18:38:39:b8:41:34:
                    a4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:44:9A:AD:13:1B:2D:AE:3F:A6:09:F9:C9:29:EB:83:32:99:9B:C0
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/37382e34312e34382e302f32322d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:3f:c1:26:2f:0d:4c:52:d2:e9:87:6e:40:18:89:d2:7d:f3:
         60:50:73:9d:a6:7b:b6:33:57:53:c6:13:4a:5b:6e:a5:b4:a8:
         05:30:60:be:75:b1:f4:25:3c:1a:a0:08:52:85:28:ec:d4:c4:
         b6:3e:6b:0c:9c:62:04:e6:c3:3c:46:77:fa:e4:6a:03:b5:a8:
         e1:64:b1:56:be:f2:64:88:5d:a2:39:b7:f7:1a:72:a3:83:88:
         a1:94:cf:80:d5:9e:bb:98:ca:03:72:fb:61:be:dd:fd:59:07:
         2b:8e:74:e3:77:88:44:52:aa:70:cb:dc:9e:73:7e:7f:4e:8d:
         33:9f:87:e0:85:27:96:45:ec:e7:4b:28:fb:9e:3b:94:7b:55:
         e4:9e:b5:63:d9:ca:9b:64:b5:95:55:1c:ea:49:c3:41:a5:b6:
         0b:c9:9e:62:a1:14:27:b8:5d:6f:f1:8b:0c:ca:09:c7:0d:d1:
         0e:d6:19:b7:6a:e2:dc:56:e4:da:5c:b9:ee:b7:b2:a0:a8:6e:
         15:05:08:28:05:54:ca:3f:f9:a6:52:e2:53:35:33:f6:28:54:
         f4:bb:bf:84:ba:0a:3a:57:a7:93:75:4f:d0:93:b4:c8:41:10:
         f7:1f:26:19:c8:1e:10:4b:d6:44:eb:b7:91:26:20:bd:0a:e0:
         b5:e1:df:b0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDgESBtuEtOvBPt+vuU958MPBQIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKEMwNDQ5QUFEMTMxQjJEQUUzRkE2MDlGOUM5MjlFQjgzMzI5OTlCQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ThaxBmhFE3/O/SOcbzdqGzFs
Kyy9Qz6sMpwFRoQ4sCRqC2PW1J6VHJ0MpqF+mpbhK+I6+QBselYhGnVc31wPQNg7
Ttdvkp0WSc6KgcpwhUOGBJf33z50HYQFEUtIH4BhXVvsz/CRA4CmrT2sM/+F/GsW
lF1/hefTATbxPoOwtltFXGe8CLEOUc/MGXmy/gghWisOvcIpHUZHB1UyJK0x6Uid
a28XjuwCzFCO4Y5I+3t+TtwjqZUS+Ya5LwOFg9QFrYNxW8Gr41JT3EUuoF/o2oDn
JYLm6Q0lBs9tl4vle9X/iesYmvtN71wkLYDCNG38koRUYtb/7Rg4ObhBNKR9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUwESarRMbLa4/pgn5ySnrgzKZm8AwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzczODJlMzQzMTJlMzQzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzgzMjMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTikwMA0G
CSqGSIb3DQEBCwUAA4IBAQAUP8EmLw1MUtLph25AGInSffNgUHOdpnu2M1dTxhNK
W26ltKgFMGC+dbH0JTwaoAhShSjs1MS2PmsMnGIE5sM8Rnf65GoDtajhZLFWvvJk
iF2iObf3GnKjg4ihlM+A1Z67mMoDcvthvt39WQcrjnTjd4hEUqpwy9yec35/To0z
n4fghSeWReznSyj7njuUe1XknrVj2cqbZLWVVRzqScNBpbYLyZ5ioRQnuF1v8YsM
ygnHDdEO1hm3auLcVuTaXLnut7KgqG4VBQgoBVTKP/mmUuJTNTP2KFT0u7+Eugo6
V6eTdU/Qk7TIQRD3HyYZyB4QS9ZE67eRJiC9CuC14d+w
-----END CERTIFICATE-----