Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
File:                     3137382e3230382e3138322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          jf+cIT6nEVHToJP/a0/x6WM2rank69mU8ey5Ri6tVqo=
Subject key identifier:   EC:B1:2D:E0:89:8E:5A:F1:15:F9:FE:B6:C9:85:6E:8A:8F:65:F1:37
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       2CA32976DE6388C6C7AAC5355D319F2168F6EE62
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa
Signing time:             Wed 03 Jun 2026 02:09:48 +0000
ROA not before:           Wed 03 Jun 2026 02:04:48 +0000
ROA not after:            Wed 02 Jun 2027 02:09:48 +0000
asID:                     834
IP address blocks:        178.208.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 19:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:a3:29:76:de:63:88:c6:c7:aa:c5:35:5d:31:9f:21:68:f6:ee:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Jun  3 02:04:48 2026 GMT
            Not After : Jun  2 02:09:48 2027 GMT
        Subject: CN=ECB12DE0898E5AF115F9FEB6C9856E8A8F65F137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:99:2b:99:5b:2a:e5:24:44:1e:dd:c2:ee:e3:
                    43:10:22:37:fd:9d:f7:3c:a9:63:0c:58:f7:79:5d:
                    e9:cd:7b:e2:eb:85:9a:f7:3c:cc:64:2f:6c:2a:f3:
                    d2:e6:43:d1:2b:ee:cc:6a:92:c1:50:04:56:2b:de:
                    c6:a2:2a:57:8a:b4:71:37:93:91:e1:c8:16:fa:c4:
                    fd:bc:e5:a4:76:ac:64:f1:a6:e8:60:94:84:0c:c7:
                    64:42:c2:f7:68:c0:18:5a:2a:4a:5a:9c:de:6b:1d:
                    e9:56:51:20:fa:a9:64:ba:ff:d3:00:55:ba:0c:fd:
                    b1:f6:69:90:8f:98:ac:29:5f:5a:9f:55:36:08:63:
                    d6:76:fa:a7:4a:f1:82:63:cd:66:31:67:63:c7:e9:
                    8b:b6:75:a2:a6:1c:1b:23:35:4e:65:f4:fd:0e:5a:
                    40:f6:f0:8e:2c:89:ef:b0:8e:29:c5:49:e4:fe:76:
                    b8:8c:c0:a0:35:75:51:4a:9d:df:3c:49:04:de:5f:
                    1e:c7:e1:8b:95:b2:3f:3a:e7:c6:d9:22:e3:bf:d9:
                    b6:8c:7b:1d:67:e9:4f:43:e4:5b:ea:04:fe:12:56:
                    3a:63:ba:5f:2d:06:41:c3:6e:b1:01:98:ec:ca:5f:
                    98:ee:be:8f:56:52:cf:77:b6:36:04:59:66:a2:b6:
                    fb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B1:2D:E0:89:8E:5A:F1:15:F9:FE:B6:C9:85:6E:8A:8F:65:F1:37
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3137382e3230382e3138322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:0b:f6:c6:59:5b:22:88:70:d3:a4:0a:0f:c9:11:45:b7:b2:
         b4:ee:e5:b8:97:bc:8c:4b:c0:0f:5c:12:d7:e3:36:df:d6:d5:
         af:a5:28:b2:c0:90:ec:78:b0:aa:87:b3:52:94:ae:3b:0a:14:
         49:98:f0:24:ee:9e:bb:56:29:3a:1f:b7:1b:d0:1e:b5:76:10:
         6c:6f:fe:3a:df:f6:96:41:17:d7:0c:c5:1d:90:e2:7b:13:7e:
         ba:72:b0:9a:a8:bb:01:9d:cd:d2:72:bf:19:83:db:a6:00:d4:
         aa:69:97:9c:4c:8e:dd:7f:30:a2:d8:87:73:be:e0:13:13:e8:
         a3:23:86:74:69:f4:33:23:6e:be:c1:80:6b:8f:1a:c6:49:d4:
         40:b2:87:55:11:90:d4:73:ea:99:96:f6:59:86:0f:16:fe:4c:
         62:78:92:1c:3e:91:a9:7b:f8:39:df:f1:40:bd:04:69:fd:84:
         51:12:ad:6b:38:22:02:0a:f2:55:5c:38:ba:c4:0b:5a:cb:bb:
         4e:44:61:c5:a0:1c:f8:53:c7:d5:8a:6e:18:1b:b4:3d:98:7e:
         73:35:a4:6a:e9:fe:36:3c:55:0b:47:95:39:24:e0:72:51:ff:
         dc:cd:31:4c:6d:db:fc:ae:e8:3d:91:01:45:1a:7e:9f:7b:90:
         d3:96:26:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULKMpdt5jiMbHqsU1XTGfIWj27mIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjA2MDMwMjA0NDhaFw0yNzA2MDIwMjA5NDhaMDMxMTAvBgNV
BAMTKEVDQjEyREUwODk4RTVBRjExNUY5RkVCNkM5ODU2RThBOEY2NUYxMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtmSuZWyrlJEQe3cLu40MQIjf9
nfc8qWMMWPd5XenNe+LrhZr3PMxkL2wq89LmQ9Er7sxqksFQBFYr3saiKleKtHE3
k5HhyBb6xP285aR2rGTxpuhglIQMx2RCwvdowBhaKkpanN5rHelWUSD6qWS6/9MA
VboM/bH2aZCPmKwpX1qfVTYIY9Z2+qdK8YJjzWYxZ2PH6Yu2daKmHBsjNU5l9P0O
WkD28I4sie+wjinFSeT+driMwKA1dVFKnd88SQTeXx7H4YuVsj8658bZIuO/2baM
ex1n6U9D5FvqBP4SVjpjul8tBkHDbrEBmOzKX5juvo9WUs93tjYEWWaitvtRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7LEt4ImOWvEV+f62yYVuio9l8TcwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzNzM4MmUzMjMwMzgyZTMx
MzgzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbLQ
tjANBgkqhkiG9w0BAQsFAAOCAQEADgv2xllbIohw06QKD8kRRbeytO7luJe8jEvA
D1wS1+M239bVr6UossCQ7HiwqoezUpSuOwoUSZjwJO6eu1YpOh+3G9AetXYQbG/+
Ot/2lkEX1wzFHZDiexN+unKwmqi7AZ3N0nK/GYPbpgDUqmmXnEyO3X8wotiHc77g
ExPooyOGdGn0MyNuvsGAa48axknUQLKHVRGQ1HPqmZb2WYYPFv5MYniSHD6RqXv4
Od/xQL0Eaf2EURKtazgiAgryVVw4usQLWsu7TkRhxaAc+FPH1YpuGBu0PZh+czWk
aun+NjxVC0eVOSTgclH/3M0xTG3b/K7oPZEBRRp+n3uQ05YmEA==
-----END CERTIFICATE-----