Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e2039333034.roa
File:                     37382e33312e3234392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          QnTAy844MNbc7Ages2sPy8NXEPZXR2D3LrxL0MJN05o=
Subject key identifier:   DA:67:CE:C5:5B:AE:3E:ED:67:75:47:67:C4:04:50:8D:C3:37:73:0F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       113335F09721FEC8168E5FEAAE7665E04577A7F3
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 08:29:38 +0000
ROA not before:           Tue 03 Jun 2025 08:24:38 +0000
ROA not after:            Tue 02 Jun 2026 08:29:38 +0000
asID:                     9304
IP address blocks:        78.31.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:33:35:f0:97:21:fe:c8:16:8e:5f:ea:ae:76:65:e0:45:77:a7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  3 08:24:38 2025 GMT
            Not After : Jun  2 08:29:38 2026 GMT
        Subject: CN=DA67CEC55BAE3EED67754767C404508DC337730F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0f:38:7e:27:f4:3b:7a:30:e6:8a:14:8a:d7:
                    a0:01:3d:46:9e:20:a4:42:e8:e0:18:6f:59:b1:6d:
                    7d:7e:25:d7:60:74:ec:64:ff:62:63:91:94:17:05:
                    5d:6e:60:9f:80:50:d2:1a:6e:ae:79:55:29:a3:e5:
                    02:01:e8:b0:ca:d5:9d:3a:d5:8f:69:65:b9:fb:ca:
                    4c:7a:5e:b2:99:78:28:d2:62:68:c2:e1:2e:9f:f7:
                    e8:a6:c7:b7:fd:cc:c1:cb:f8:57:05:91:9b:a7:d2:
                    43:4d:dc:10:94:29:0d:79:a9:52:a9:28:e8:d4:c3:
                    60:b6:17:f4:21:c9:22:92:f1:3a:6e:00:f5:50:76:
                    5e:00:f2:ce:3c:a1:9f:f7:f7:e4:42:97:05:80:1e:
                    a0:4d:bc:fe:84:04:73:aa:ef:6a:6c:0f:64:57:a8:
                    3d:d1:e6:cb:ce:31:c9:85:5b:c8:f7:8a:d8:5b:a8:
                    7a:8c:76:42:73:34:37:34:76:49:50:99:ae:af:dc:
                    92:58:76:ff:bc:8e:b3:80:64:50:4a:0e:78:65:de:
                    2a:62:d8:ee:ea:0a:d6:09:fe:2a:f7:64:e9:7f:84:
                    d2:29:72:52:05:7d:c1:5a:84:84:17:db:8f:71:8a:
                    f6:c2:f2:29:6e:35:34:f7:c1:6d:5c:62:38:07:c2:
                    fd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:67:CE:C5:5B:AE:3E:ED:67:75:47:67:C4:04:50:8D:C3:37:73:0F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3234392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:32:ba:86:ae:cc:4d:03:d9:6b:4f:f1:ee:4a:03:f8:8e:79:
         a5:f4:e7:cc:02:8c:e7:07:8e:99:2b:6d:3c:8d:b6:3c:8f:49:
         44:0d:a4:a8:02:f3:53:dc:71:39:71:50:47:26:5a:f9:ba:ea:
         86:32:ef:ea:f4:76:97:a4:99:67:57:5a:08:40:2f:87:8a:21:
         3b:67:be:8c:c2:10:60:b7:d9:d8:24:cf:af:60:a8:06:7c:22:
         86:54:95:27:44:7b:21:8b:78:4d:e5:04:b9:07:7e:1b:0f:20:
         46:56:27:2b:00:d4:f9:fb:8d:aa:65:a2:fb:08:f0:84:b6:63:
         79:ac:1a:46:f5:30:3e:41:44:85:31:02:ad:50:40:55:a6:05:
         b6:75:f6:bd:aa:c5:e3:7b:3a:38:50:25:2e:6b:22:a4:cf:fa:
         8a:3a:38:ab:ed:c8:2f:5d:db:70:09:3e:f5:60:c4:dc:3e:0f:
         b7:e6:14:d6:69:95:8c:e9:73:06:ad:0e:02:fe:24:02:5d:93:
         c0:fc:75:94:30:ae:73:de:26:ae:fd:8a:2e:1e:17:e9:ce:97:
         9b:8c:c3:f8:51:57:26:de:2f:3d:8a:dc:fb:7e:59:df:58:6c:
         ed:87:dd:69:b5:5b:67:88:aa:ac:20:e0:27:67:86:50:6c:ee:
         06:f3:9b:bb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUETM18Jch/sgWjl/qrnZl4EV3p/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDMwODI0MzhaFw0yNjA2MDIwODI5MzhaMDMxMTAvBgNV
BAMTKERBNjdDRUM1NUJBRTNFRUQ2Nzc1NDc2N0M0MDQ1MDhEQzMzNzczMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSDzh+J/Q7ejDmihSK16ABPUae
IKRC6OAYb1mxbX1+JddgdOxk/2JjkZQXBV1uYJ+AUNIabq55VSmj5QIB6LDK1Z06
1Y9pZbn7ykx6XrKZeCjSYmjC4S6f9+imx7f9zMHL+FcFkZun0kNN3BCUKQ15qVKp
KOjUw2C2F/QhySKS8TpuAPVQdl4A8s48oZ/39+RClwWAHqBNvP6EBHOq72psD2RX
qD3R5svOMcmFW8j3ithbqHqMdkJzNDc0dklQma6v3JJYdv+8jrOAZFBKDnhl3ipi
2O7qCtYJ/ir3ZOl/hNIpclIFfcFahIQX249xivbC8iluNTT3wW1cYjgHwv3VAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2mfOxVuuPu1ndUdnxARQjcM3cw8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABOH/kw
DQYJKoZIhvcNAQELBQADggEBADgyuoauzE0D2WtP8e5KA/iOeaX058wCjOcHjpkr
bTyNtjyPSUQNpKgC81PccTlxUEcmWvm66oYy7+r0dpekmWdXWghAL4eKITtnvozC
EGC32dgkz69gqAZ8IoZUlSdEeyGLeE3lBLkHfhsPIEZWJysA1Pn7japlovsI8IS2
Y3msGkb1MD5BRIUxAq1QQFWmBbZ19r2qxeN7OjhQJS5rIqTP+oo6OKvtyC9d23AJ
PvVgxNw+D7fmFNZplYzpcwatDgL+JAJdk8D8dZQwrnPeJq79ii4eF+nOl5uMw/hR
VybeLz2K3Pt+Wd9YbO2H3Wm1W2eIqqwg4CdnhlBs7gbzm7s=
-----END CERTIFICATE-----