Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e2039333034.roa
File:                     37382e33312e3234382e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          9IMAUR71FEE/IPAZs2sHMSwkJ4cOVoSX2fdQZyzg1U8=
Subject key identifier:   67:83:FD:05:92:F8:45:D7:E7:E2:FF:68:50:2B:00:BF:8F:28:94:3C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       50A8FDD742377884B05DD67A0B0BBBB1915E8862
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 23 Sep 2025 08:31:12 +0000
ROA not before:           Tue 23 Sep 2025 08:26:12 +0000
ROA not after:            Tue 22 Sep 2026 08:31:12 +0000
asID:                     9304
IP address blocks:        78.31.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:a8:fd:d7:42:37:78:84:b0:5d:d6:7a:0b:0b:bb:b1:91:5e:88:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Sep 23 08:26:12 2025 GMT
            Not After : Sep 22 08:31:12 2026 GMT
        Subject: CN=6783FD0592F845D7E7E2FF68502B00BF8F28943C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:78:12:63:e3:00:45:53:8b:1a:8c:9a:32:
                    c8:f6:da:d6:9f:de:84:99:05:82:ac:cb:a2:e6:84:
                    1f:e0:a5:14:87:c3:17:6a:d2:84:86:e2:aa:93:d7:
                    1b:e0:65:5d:b1:17:3b:b0:8c:91:cd:a6:bc:73:9b:
                    7b:39:b6:f0:5f:56:e9:db:51:d7:4c:94:6b:c4:65:
                    7c:fe:d4:24:4d:64:0c:16:23:1c:5f:22:c3:e7:59:
                    04:eb:8b:82:0f:34:ba:68:42:9f:38:46:a1:8b:1d:
                    d1:67:01:3f:a6:61:45:3f:f5:01:78:5f:78:bb:bd:
                    1c:de:e8:0e:73:89:8b:06:bb:ce:72:5e:2d:f9:79:
                    9f:d6:21:d9:3f:c3:91:d8:ef:e2:62:bd:92:af:1b:
                    7e:7b:42:e8:f3:b0:f6:c8:23:71:f2:8b:87:65:5f:
                    47:28:1a:c7:df:45:2c:ed:fb:ab:79:d9:70:31:bd:
                    af:8f:ef:4d:e6:32:2b:e4:a9:72:92:80:fb:f1:97:
                    fc:af:03:9c:35:74:6f:f3:82:88:49:42:d3:6a:31:
                    71:7a:46:92:ad:74:a8:e4:69:6e:ad:19:07:af:5e:
                    53:e5:e2:98:2c:5b:df:e9:b9:bb:05:f7:b4:3c:ba:
                    86:c0:f5:82:f4:29:bd:0a:1f:81:e7:a2:0a:5a:db:
                    97:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:83:FD:05:92:F8:45:D7:E7:E2:FF:68:50:2B:00:BF:8F:28:94:3C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234382e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e7:83:8a:aa:62:1e:32:dc:de:14:e1:b6:75:05:17:c2:0e:
         bc:bb:52:8a:2f:3d:7c:cf:5f:52:37:cf:ef:02:57:cd:8c:0a:
         54:ec:94:44:95:4f:77:47:27:50:00:c6:5f:5f:67:13:2d:24:
         79:11:10:cc:1e:b0:af:5a:ee:c6:df:45:70:ce:21:ce:2a:f5:
         b0:53:08:9a:f6:e2:b8:43:aa:aa:50:25:06:f6:1e:7b:82:08:
         ae:48:f3:06:0c:fb:b4:54:97:b5:00:b4:ee:96:ee:2d:b6:91:
         62:e1:67:d1:39:38:00:0f:b6:a9:66:e8:0a:85:e1:6d:9c:f7:
         e2:9c:f5:44:65:a3:23:4d:96:58:e9:55:e0:f2:8e:f8:58:27:
         14:9a:d7:a1:14:2f:a1:fd:de:63:0e:64:24:32:0c:91:dc:7e:
         a5:55:fd:41:13:ad:0f:69:83:73:21:86:af:e4:55:9a:62:5e:
         5a:6e:12:65:01:5f:7b:c0:11:89:9b:6b:0c:c6:52:8e:2f:18:
         48:3b:ad:4f:59:5a:bb:df:94:8a:0f:dc:4b:18:8d:82:38:b9:
         d1:a1:c2:ce:79:46:6c:42:39:87:1a:b3:39:e1:94:1d:1b:02:
         25:ef:a5:03:e7:fd:93:dd:d3:06:26:b7:8c:50:84:0e:b0:ba:
         95:a3:5f:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUKj910I3eISwXdZ6Cwu7sZFeiGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA5MjMwODI2MTJaFw0yNjA5MjIwODMxMTJaMDMxMTAvBgNV
BAMTKDY3ODNGRDA1OTJGODQ1RDdFN0UyRkY2ODUwMkIwMEJGOEYyODk0M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFyHgSY+MARVOLGoyaMsj22taf
3oSZBYKsy6LmhB/gpRSHwxdq0oSG4qqT1xvgZV2xFzuwjJHNprxzm3s5tvBfVunb
UddMlGvEZXz+1CRNZAwWIxxfIsPnWQTri4IPNLpoQp84RqGLHdFnAT+mYUU/9QF4
X3i7vRze6A5ziYsGu85yXi35eZ/WIdk/w5HY7+JivZKvG357QujzsPbII3Hyi4dl
X0coGsffRSzt+6t52XAxva+P703mMivkqXKSgPvxl/yvA5w1dG/zgohJQtNqMXF6
RpKtdKjkaW6tGQevXlPl4pgsW9/pubsF97Q8uobA9YL0Kb0KH4Hnogpa25dfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZ4P9BZL4Rdfn4v9oUCsAv48olDwwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABOH/gw
DQYJKoZIhvcNAQELBQADggEBAJPng4qqYh4y3N4U4bZ1BRfCDry7UoovPXzPX1I3
z+8CV82MClTslESVT3dHJ1AAxl9fZxMtJHkREMwesK9a7sbfRXDOIc4q9bBTCJr2
4rhDqqpQJQb2HnuCCK5I8wYM+7RUl7UAtO6W7i22kWLhZ9E5OAAPtqlm6AqF4W2c
9+Kc9URloyNNlljpVeDyjvhYJxSa16EUL6H93mMOZCQyDJHcfqVV/UETrQ9pg3Mh
hq/kVZpiXlpuEmUBX3vAEYmbawzGUo4vGEg7rU9ZWrvflIoP3EsYjYI4udGhws55
RmxCOYcasznhlB0bAiXvpQPn/ZPd0wYmt4xQhA6wupWjXx0=
-----END CERTIFICATE-----