Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39362e302f31392d3234203d3e20383334.roa
File:                     37382e3130352e39362e302f31392d3234203d3e20383334.roa (raw, json)
Hash identifier:          LwEZOfBYuP+hOqJH4943YtE5vuFUsV65iBrThv1AWtU=
Subject key identifier:   C3:FD:0E:05:07:A5:38:36:79:A7:FD:AC:C9:ED:34:9B:82:53:1A:9A
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       0747663A882A6481302779397F7C6B87ABD7C6DB
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39362e302f31392d3234203d3e20383334.roa
Signing time:             Tue 03 Mar 2026 13:07:39 +0000
ROA not before:           Tue 03 Mar 2026 13:02:39 +0000
ROA not after:            Tue 02 Mar 2027 13:07:39 +0000
asID:                     834
IP address blocks:        78.105.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:47:66:3a:88:2a:64:81:30:27:79:39:7f:7c:6b:87:ab:d7:c6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  3 13:02:39 2026 GMT
            Not After : Mar  2 13:07:39 2027 GMT
        Subject: CN=C3FD0E0507A5383679A7FDACC9ED349B82531A9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:3d:d8:49:e0:82:96:7c:cd:30:0b:5e:bd:
                    df:e1:15:66:2f:ed:3f:95:56:fd:82:1d:3a:95:69:
                    1c:31:e8:3b:e5:f4:71:fb:e9:46:c9:43:11:ac:8a:
                    46:ab:49:bd:1b:8c:a9:7d:98:11:64:30:b3:2a:15:
                    00:f4:42:08:b0:8d:1d:6e:21:5b:94:25:9b:44:4c:
                    70:4e:10:a8:7a:20:15:f0:b2:15:26:9e:27:b3:40:
                    5c:c7:a8:d5:3c:ca:c6:bf:b4:46:f4:84:76:55:95:
                    eb:96:3f:06:eb:37:bc:6b:01:6b:e4:69:f6:78:7d:
                    80:9e:5c:49:06:f4:c2:04:e2:e3:02:bc:7d:87:6f:
                    55:11:2f:68:c8:9a:41:66:45:2a:d9:93:1a:e7:2b:
                    29:e0:4b:72:c6:e7:69:86:c9:91:44:1c:e1:36:c1:
                    27:45:0d:9a:7e:30:c1:0c:bf:23:2c:78:c3:22:2f:
                    ac:ea:cc:ec:2d:0a:e6:76:1c:0a:8b:3e:41:3d:28:
                    cc:2c:8f:cb:e7:f3:02:ee:01:3c:01:6c:e8:02:ac:
                    b8:bf:df:b3:95:2d:18:70:d0:18:eb:19:ca:73:af:
                    4b:a4:5d:68:59:6a:66:a0:e3:a7:0b:ac:12:2d:70:
                    e6:44:a7:f3:34:a0:73:c9:64:29:66:f8:23:ed:bf:
                    bf:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FD:0E:05:07:A5:38:36:79:A7:FD:AC:C9:ED:34:9B:82:53:1A:9A
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/37382e3130352e39362e302f31392d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2d:63:de:7c:c0:47:46:50:a2:02:9a:56:e4:8e:53:6c:90:49:
         3e:92:ad:61:d2:ba:f1:80:16:da:10:a9:01:49:4e:5a:65:8b:
         1d:f7:20:ef:36:14:a8:bb:e4:84:5b:05:ca:f8:f9:19:fb:98:
         3c:92:a2:5f:4c:17:5b:3e:30:12:95:43:81:54:a9:7d:84:9d:
         5e:67:68:83:f3:bb:2e:a4:f5:80:3b:76:03:c3:90:2d:4b:18:
         14:5f:90:ca:40:5c:2e:85:30:69:96:fe:f6:d6:9b:0d:90:fa:
         72:06:6b:79:99:42:f6:ac:6a:64:50:53:d8:b8:d3:26:ad:42:
         85:b1:51:bd:ce:8b:35:c2:f6:e7:91:ce:f8:96:7f:bf:d6:b7:
         e1:d7:16:85:c4:be:00:db:34:85:8f:ab:91:5b:e2:e5:f4:04:
         2c:5e:69:72:8f:3d:5e:ce:4b:98:9c:e4:dc:5c:ed:df:e5:ca:
         34:e8:6d:da:9d:54:66:dc:be:3a:0d:53:78:09:38:eb:a3:31:
         11:46:ee:9c:70:b8:3c:32:4f:19:4a:38:d4:5d:75:03:4e:be:
         bf:2f:fb:45:35:bb:5e:f4:fb:e4:ee:56:e4:be:3f:50:6a:f9:
         3f:b7:9d:8d:f0:57:4f:b3:d5:88:4c:9c:3c:15:1f:84:f5:99:
         b3:ec:aa:3d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUB0dmOogqZIEwJ3k5f3xrh6vXxtswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDMxMzAyMzlaFw0yNzAzMDIxMzA3MzlaMDMxMTAvBgNV
BAMTKEMzRkQwRTA1MDdBNTM4MzY3OUE3RkRBQ0M5RUQzNDlCODI1MzFBOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeTT3YSeCClnzNMAtevd/hFWYv
7T+VVv2CHTqVaRwx6Dvl9HH76UbJQxGsikarSb0bjKl9mBFkMLMqFQD0QgiwjR1u
IVuUJZtETHBOEKh6IBXwshUmniezQFzHqNU8ysa/tEb0hHZVleuWPwbrN7xrAWvk
afZ4fYCeXEkG9MIE4uMCvH2Hb1URL2jImkFmRSrZkxrnKyngS3LG52mGyZFEHOE2
wSdFDZp+MMEMvyMseMMiL6zqzOwtCuZ2HAqLPkE9KMwsj8vn8wLuATwBbOgCrLi/
37OVLRhw0BjrGcpzr0ukXWhZamag46cLrBItcOZEp/M0oHPJZClm+CPtv7+XAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUw/0OBQelODZ5p/2sye00m4JTGpowHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzczODJlMzEzMDM1MmUzOTM2
MmUzMDJmMzEzOTJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTmlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAtY958wEdGUKICmlbkjlNskEk+kq1h0rrxgBbaEKkB
SU5aZYsd9yDvNhSou+SEWwXK+PkZ+5g8kqJfTBdbPjASlUOBVKl9hJ1eZ2iD87su
pPWAO3YDw5AtSxgUX5DKQFwuhTBplv721psNkPpyBmt5mUL2rGpkUFPYuNMmrUKF
sVG9zos1wvbnkc74ln+/1rfh1xaFxL4A2zSFj6uRW+Ll9AQsXmlyjz1ezkuYnOTc
XO3f5co06G3anVRm3L46DVN4CTjrozERRu6ccLg8Mk8ZSjjUXXUDTr6/L/tFNbte
9Pvk7lbkvj9Qavk/t52N8FdPs9WITJw8FR+E9Zmz7Ko9
-----END CERTIFICATE-----