Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3137382e302f32342d3234203d3e203534323532.roa
File:                     38302e38332e3137382e302f32342d3234203d3e203534323532.roa (raw, json)
Hash identifier:          0tv3vq4B1YQTHRH+wUQtR84+UrAV4oXpFHsOBeKiXfw=
Subject key identifier:   EC:F9:A9:55:23:02:99:98:AB:37:19:F9:DD:EB:4C:AB:01:11:5E:BC
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       01A7539458E2F4CFBF6C64053FED32B048DFDBA2
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3137382e302f32342d3234203d3e203534323532.roa
Signing time:             Fri 29 Aug 2025 08:14:02 +0000
ROA not before:           Fri 29 Aug 2025 08:09:02 +0000
ROA not after:            Fri 28 Aug 2026 08:14:02 +0000
asID:                     54252
IP address blocks:        80.83.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:a7:53:94:58:e2:f4:cf:bf:6c:64:05:3f:ed:32:b0:48:df:db:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:02 2025 GMT
            Not After : Aug 28 08:14:02 2026 GMT
        Subject: CN=ECF9A95523029998AB3719F9DDEB4CAB01115EBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ec:4a:a4:ad:fc:cb:f4:4b:b2:92:85:08:d5:
                    85:5a:f4:88:5d:2f:c5:84:1a:47:26:50:b9:ff:3e:
                    fd:82:8b:e3:fc:75:05:73:09:21:56:ba:05:06:53:
                    7c:e5:4a:a2:0e:97:b9:04:79:11:45:c1:f1:f3:15:
                    84:69:9f:86:6b:23:6d:b1:8e:88:53:cc:05:c2:21:
                    f6:68:81:30:ac:a2:98:9d:c1:fd:ec:1a:5a:32:a8:
                    b0:07:c2:9d:fb:c8:f6:53:26:6d:05:7c:e3:61:eb:
                    85:c7:ad:39:19:2f:29:20:07:ea:e4:3e:31:7d:fe:
                    64:33:09:cd:ae:dd:ae:30:8e:58:bb:e9:cd:7d:fa:
                    8a:18:64:7b:dd:d6:d8:37:32:37:c4:fd:2d:cd:b1:
                    17:b9:9c:c1:1c:e6:c0:51:a3:7f:f0:be:62:8e:a6:
                    96:68:57:97:ab:b1:ac:33:07:2b:5b:2e:cf:c7:22:
                    f1:9f:84:8f:d3:58:63:2e:b3:48:02:fd:a1:d7:34:
                    7e:3d:56:81:77:7e:e8:a2:d7:7c:14:b9:6e:7b:01:
                    13:53:45:4d:4c:7d:43:29:95:1d:9e:97:ad:f2:5f:
                    c0:d2:14:dd:cf:cf:d2:2f:06:c7:11:71:f4:f1:72:
                    9c:bd:75:6d:74:5d:d6:64:57:4d:20:cb:53:59:fd:
                    21:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F9:A9:55:23:02:99:98:AB:37:19:F9:DD:EB:4C:AB:01:11:5E:BC
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/38302e38332e3137382e302f32342d3234203d3e203534323532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:38:93:50:a2:29:dc:b4:4e:cb:04:a5:0b:91:a2:89:f7:c6:
         0e:8c:32:ed:02:82:eb:2c:0a:09:f0:e9:11:7b:d3:b6:ae:5c:
         42:c6:b3:bf:25:ea:16:ea:37:14:a4:3b:4d:5a:43:24:a1:9d:
         54:a7:dd:54:52:4d:5f:95:12:0e:86:85:22:e2:67:5a:0b:e2:
         11:f9:24:74:56:50:5c:85:5b:bf:8b:80:65:ea:22:38:9b:97:
         ce:27:d8:a3:74:65:f2:0b:15:de:4c:b6:23:7b:81:fb:43:f1:
         9f:ef:1d:cb:0b:9d:40:06:c0:79:56:2f:a9:0d:5d:b8:25:04:
         42:a7:ea:83:6d:c3:b2:31:69:67:96:2e:ac:ce:a5:d6:5f:60:
         e4:f6:d7:71:f0:3c:19:ec:a5:94:89:e2:a7:7d:8c:e5:f5:41:
         1f:82:18:e9:80:61:9c:75:15:c6:cf:20:33:41:99:10:04:56:
         80:52:04:67:a4:27:30:95:0a:d9:45:59:85:0c:20:05:62:f7:
         3a:4e:8b:f0:8b:bf:c0:f0:60:e1:46:22:96:5e:44:dc:b3:d5:
         1a:9f:f8:84:af:7e:ad:66:c9:bb:66:08:e0:6e:9d:cc:42:98:
         31:b8:ea:83:02:20:f8:aa:ca:d6:67:b1:9f:8b:5e:e7:ed:7a:
         6a:60:cb:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAadTlFji9M+/bGQFP+0ysEjf26IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MDJaFw0yNjA4MjgwODE0MDJaMDMxMTAvBgNV
BAMTKEVDRjlBOTU1MjMwMjk5OThBQjM3MTlGOURERUI0Q0FCMDExMTVFQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7EqkrfzL9EuykoUI1YVa9Ihd
L8WEGkcmULn/Pv2Ci+P8dQVzCSFWugUGU3zlSqIOl7kEeRFFwfHzFYRpn4ZrI22x
johTzAXCIfZogTCsopidwf3sGloyqLAHwp37yPZTJm0FfONh64XHrTkZLykgB+rk
PjF9/mQzCc2u3a4wjli76c19+ooYZHvd1tg3MjfE/S3NsRe5nMEc5sBRo3/wvmKO
ppZoV5ersawzBytbLs/HIvGfhI/TWGMus0gC/aHXNH49VoF3fuii13wUuW57ARNT
RU1MfUMplR2el63yX8DSFN3Pz9IvBscRcfTxcpy9dW10XdZkV00gy1NZ/SFtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7PmpVSMCmZirNxn53etMqwERXrwwHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzgzMDJlMzgzMzJlMzEzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDMyMzUzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBT
sjANBgkqhkiG9w0BAQsFAAOCAQEAlziTUKIp3LROywSlC5GiiffGDowy7QKC6ywK
CfDpEXvTtq5cQsazvyXqFuo3FKQ7TVpDJKGdVKfdVFJNX5USDoaFIuJnWgviEfkk
dFZQXIVbv4uAZeoiOJuXzifYo3Rl8gsV3ky2I3uB+0Pxn+8dywudQAbAeVYvqQ1d
uCUEQqfqg23DsjFpZ5YurM6l1l9g5PbXcfA8GeyllInip32M5fVBH4IY6YBhnHUV
xs8gM0GZEARWgFIEZ6QnMJUK2UVZhQwgBWL3Ok6L8Iu/wPBg4UYill5E3LPVGp/4
hK9+rWbJu2YI4G6dzEKYMbjqgwIg+KrK1mexn4te5+16amDLHQ==
-----END CERTIFICATE-----