Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa
File:                     37382e33312e3234382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          VLTheRwe8+lt4pwTzQNHIycDCq75XcSH9MB+c4WLTYY=
Subject key identifier:   3E:20:D2:12:92:5C:C2:99:84:5A:04:E3:7E:EE:98:27:25:03:86:4F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       027F04694A0CDC661201549B023B17A36A2AB37C
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 27 May 2026 12:20:29 +0000
ROA not before:           Wed 27 May 2026 12:15:29 +0000
ROA not after:            Wed 26 May 2027 12:20:29 +0000
asID:                     834
IP address blocks:        78.31.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:03:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:7f:04:69:4a:0c:dc:66:12:01:54:9b:02:3b:17:a3:6a:2a:b3:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 27 12:15:29 2026 GMT
            Not After : May 26 12:20:29 2027 GMT
        Subject: CN=3E20D212925CC299845A04E37EEE98272503864F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e5:2d:02:79:0e:3f:3b:4f:e5:64:41:54:a1:
                    fb:b1:49:38:0d:4c:1b:02:a1:3f:f8:af:a3:4d:1d:
                    86:6e:0a:97:18:b7:9a:4c:ed:2e:b5:3e:87:84:31:
                    50:ba:3c:f8:43:fe:40:28:82:39:1b:89:8d:95:d2:
                    79:29:52:70:07:20:0f:df:97:ff:62:5f:c9:ce:a8:
                    f7:44:63:4a:71:26:78:40:3f:0b:ca:4d:42:6f:de:
                    63:71:2d:7e:ae:20:c5:25:d3:22:69:eb:8b:76:b5:
                    d2:06:92:ce:9a:71:84:dd:99:40:d4:96:eb:30:c1:
                    cc:a0:f7:e5:4b:69:43:c4:b6:3f:3b:90:9e:5c:1a:
                    31:d1:ba:e3:ba:cb:d6:1d:7f:c3:a8:a5:ce:f8:27:
                    ec:c1:61:ec:c3:74:17:a2:52:0e:16:48:91:6c:16:
                    61:85:db:1e:ef:e8:b6:8b:4c:8a:ac:88:8c:a5:46:
                    f2:3e:2a:95:4b:04:91:0f:28:af:ed:9d:38:94:3c:
                    f3:41:73:fa:37:b8:3d:cb:7e:b6:ca:05:ef:3d:aa:
                    a8:a6:19:d0:51:24:63:46:c5:27:17:07:73:f5:33:
                    5b:90:b6:18:ef:fe:a3:bd:ff:dc:f6:f8:01:4d:57:
                    51:9f:41:6a:86:1c:c8:69:07:ba:83:c5:76:19:60:
                    db:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:20:D2:12:92:5C:C2:99:84:5A:04:E3:7E:EE:98:27:25:03:86:4F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:10:c4:72:73:37:87:ba:c4:eb:79:9a:6f:9f:14:d8:6d:51:
         fc:c3:b7:eb:bf:ec:76:85:d4:fc:b1:3e:d2:00:0e:43:8f:86:
         c4:92:20:c3:a4:6e:0b:25:de:96:3a:53:b9:0f:49:e6:ae:d4:
         f3:2c:a5:65:48:ab:83:3e:14:90:bc:5f:aa:2c:d4:6d:09:95:
         86:e0:1f:0d:5a:fc:6e:02:ef:d3:04:d5:f9:75:9a:77:c7:cc:
         8c:90:34:ee:9f:d9:6f:1b:44:2e:13:09:6e:59:c1:2b:a7:6f:
         b6:e0:84:06:95:83:e6:ce:8f:8f:d5:1f:ee:c8:9f:b0:0c:e6:
         c5:84:e1:66:61:45:7e:0f:b0:37:40:b7:7d:cb:c8:e5:eb:ee:
         33:85:63:79:7a:0c:6e:84:64:85:5c:5c:22:c4:c0:13:eb:6c:
         f7:19:df:cf:20:76:c4:cb:b0:07:bd:8c:ca:cc:44:f2:b8:6e:
         f6:2e:48:ee:d6:cb:0d:42:38:19:9e:ef:52:87:ed:a6:6f:b3:
         5f:45:88:0b:31:d8:3b:4e:e5:38:95:cf:e0:01:7b:6d:50:d7:
         e8:eb:e9:25:83:bc:14:39:35:07:11:02:07:93:be:f2:5d:7c:
         75:b4:1d:24:f1:fa:c4:5c:12:38:7b:a8:9c:05:f6:50:cf:0a:
         4e:33:21:a9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAn8EaUoM3GYSAVSbAjsXo2oqs3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA1MjcxMjE1MjlaFw0yNzA1MjYxMjIwMjlaMDMxMTAvBgNV
BAMTKDNFMjBEMjEyOTI1Q0MyOTk4NDVBMDRFMzdFRUU5ODI3MjUwMzg2NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL5S0CeQ4/O0/lZEFUofuxSTgN
TBsCoT/4r6NNHYZuCpcYt5pM7S61PoeEMVC6PPhD/kAogjkbiY2V0nkpUnAHIA/f
l/9iX8nOqPdEY0pxJnhAPwvKTUJv3mNxLX6uIMUl0yJp64t2tdIGks6acYTdmUDU
luswwcyg9+VLaUPEtj87kJ5cGjHRuuO6y9Ydf8Oopc74J+zBYezDdBeiUg4WSJFs
FmGF2x7v6LaLTIqsiIylRvI+KpVLBJEPKK/tnTiUPPNBc/o3uD3LfrbKBe89qqim
GdBRJGNGxScXB3P1M1uQthjv/qO9/9z2+AFNV1GfQWqGHMhpB7qDxXYZYNsjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUPiDSEpJcwpmEWgTjfu6YJyUDhk8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/4MA0G
CSqGSIb3DQEBCwUAA4IBAQAUEMRyczeHusTreZpvnxTYbVH8w7frv+x2hdT8sT7S
AA5Dj4bEkiDDpG4LJd6WOlO5D0nmrtTzLKVlSKuDPhSQvF+qLNRtCZWG4B8NWvxu
Au/TBNX5dZp3x8yMkDTun9lvG0QuEwluWcErp2+24IQGlYPmzo+P1R/uyJ+wDObF
hOFmYUV+D7A3QLd9y8jl6+4zhWN5egxuhGSFXFwixMAT62z3Gd/PIHbEy7AHvYzK
zETyuG72Lkju1ssNQjgZnu9Sh+2mb7NfRYgLMdg7TuU4lc/gAXttUNfo6+klg7wU
OTUHEQIHk77yXXx1tB0k8frEXBI4e6icBfZQzwpOMyGp
-----END CERTIFICATE-----