Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e203231383539.roa
File:                     37382e33312e3234382e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          Uwly7ZVJBKg2YEHlU+A8M4pIWy09Jtbc9i7ZYLS0BVM=
Subject key identifier:   93:B2:37:8B:05:B6:D4:36:2B:4D:AF:0A:05:3C:32:3E:DA:88:90:9D
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5395CCE318EF00C39CA481F66E92B242A25C5F5B
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e203231383539.roa
Signing time:             Mon 27 Oct 2025 12:17:05 +0000
ROA not before:           Mon 27 Oct 2025 12:12:05 +0000
ROA not after:            Mon 26 Oct 2026 12:17:05 +0000
asID:                     21859
IP address blocks:        78.31.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:95:cc:e3:18:ef:00:c3:9c:a4:81:f6:6e:92:b2:42:a2:5c:5f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 27 12:12:05 2025 GMT
            Not After : Oct 26 12:17:05 2026 GMT
        Subject: CN=93B2378B05B6D4362B4DAF0A053C323EDA88909D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:62:0a:9b:2c:c9:6c:54:72:76:de:99:e3:ac:
                    05:20:71:03:db:fd:d7:4f:a2:c3:c3:e7:79:f3:cb:
                    5b:50:8f:f0:37:91:00:6a:d0:62:6b:ce:f5:02:72:
                    77:b5:a2:dd:6d:98:e8:95:54:7d:fa:1b:ff:cc:ee:
                    59:9b:cd:ca:fe:ab:1b:ef:5e:28:61:21:0d:de:ec:
                    6f:bc:2b:81:f6:f6:fd:c9:c5:f2:ad:5d:04:53:7f:
                    ad:f7:09:1b:3a:11:ac:06:1c:f3:1d:17:d2:75:cf:
                    ac:8e:0d:9b:42:a9:fd:3d:62:cc:24:38:98:63:77:
                    f4:16:d7:88:d8:88:24:29:46:a7:9b:c6:3b:ab:5a:
                    6a:43:a9:b6:d9:a0:01:4e:4f:e1:18:2e:8d:95:61:
                    53:83:15:53:bc:a1:de:f5:16:0e:26:3c:c2:90:93:
                    40:9a:2c:df:d9:53:d5:1d:4c:be:0a:e6:80:01:bb:
                    27:a3:60:3f:d6:8e:bb:41:c3:09:81:87:11:93:48:
                    3e:e4:f2:4f:4b:da:57:57:29:18:4f:3a:c1:2f:13:
                    93:d8:df:71:72:41:a9:f2:e1:ec:35:63:be:01:cc:
                    7c:2f:7b:37:01:2d:11:26:8d:2f:0c:94:74:8e:23:
                    38:f9:21:95:1e:4f:15:4b:61:19:b6:33:21:dd:9c:
                    43:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B2:37:8B:05:B6:D4:36:2B:4D:AF:0A:05:3C:32:3E:DA:88:90:9D
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:ea:9b:1c:0e:3f:5e:93:92:1c:30:1a:8f:45:d9:08:8d:4d:
         5f:4a:ea:88:85:f3:9c:f4:61:9b:95:ba:ca:c5:52:b7:8f:7d:
         3c:49:d6:cc:a7:5a:71:6f:39:91:65:6b:92:b0:0f:95:46:3d:
         dc:41:b4:07:6d:a6:d8:3f:54:d1:b4:d8:8e:8a:0d:4d:78:74:
         62:ce:ef:55:54:67:84:ab:f5:ce:ed:14:ec:49:ee:d4:db:5d:
         86:ff:a8:b7:6c:39:26:5f:15:79:5e:1a:09:67:3d:97:15:5c:
         63:a6:67:b3:05:7c:18:bd:6a:85:ea:aa:b1:35:f6:40:92:40:
         af:47:5f:fb:5b:03:db:a6:71:6d:6c:47:71:d3:49:03:5b:c7:
         4b:a5:3c:98:99:4c:4a:2f:e4:1b:be:21:aa:3e:e8:ab:a8:13:
         9e:92:c4:32:07:23:61:3a:7f:c5:9a:ad:ae:0f:9f:df:4f:f0:
         da:ec:a4:46:97:8d:c8:94:38:0c:74:77:b0:f0:96:7a:b8:cf:
         84:2b:32:71:a7:31:8f:1a:11:b5:b7:f8:1b:aa:84:43:67:c0:
         5b:97:d7:25:29:49:ed:8e:d8:6e:7d:3b:de:30:81:6d:14:4d:
         b7:e9:3a:b3:2a:8e:22:6a:b9:68:a7:72:da:c9:40:c8:82:83:
         04:a9:b1:ee
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU5XM4xjvAMOcpIH2bpKyQqJcX1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMjcxMjEyMDVaFw0yNjEwMjYxMjE3MDVaMDMxMTAvBgNV
BAMTKDkzQjIzNzhCMDVCNkQ0MzYyQjREQUYwQTA1M0MzMjNFREE4ODkwOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPYgqbLMlsVHJ23pnjrAUgcQPb
/ddPosPD53nzy1tQj/A3kQBq0GJrzvUCcne1ot1tmOiVVH36G//M7lmbzcr+qxvv
XihhIQ3e7G+8K4H29v3JxfKtXQRTf633CRs6EawGHPMdF9J1z6yODZtCqf09Yswk
OJhjd/QW14jYiCQpRqebxjurWmpDqbbZoAFOT+EYLo2VYVODFVO8od71Fg4mPMKQ
k0CaLN/ZU9UdTL4K5oABuyejYD/WjrtBwwmBhxGTSD7k8k9L2ldXKRhPOsEvE5PY
33FyQany4ew1Y74BzHwvezcBLREmjS8MlHSOIzj5IZUeTxVLYRm2MyHdnENLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk7I3iwW21DYrTa8KBTwyPtqIkJ0wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4f
+DANBgkqhkiG9w0BAQsFAAOCAQEAeeqbHA4/XpOSHDAaj0XZCI1NX0rqiIXznPRh
m5W6ysVSt499PEnWzKdacW85kWVrkrAPlUY93EG0B22m2D9U0bTYjooNTXh0Ys7v
VVRnhKv1zu0U7Enu1Ntdhv+ot2w5Jl8VeV4aCWc9lxVcY6ZnswV8GL1qheqqsTX2
QJJAr0df+1sD26ZxbWxHcdNJA1vHS6U8mJlMSi/kG74hqj7oq6gTnpLEMgcjYTp/
xZqtrg+f30/w2uykRpeNyJQ4DHR3sPCWerjPhCsycacxjxoRtbf4G6qEQ2fAW5fX
JSlJ7Y7Ybn073jCBbRRNt+k6syqOImq5aKdy2slAyIKDBKmx7g==
-----END CERTIFICATE-----