Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20313734.roa
File:                     37382e33312e3235312e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          dQbOuCYK97v9QeTzUxrknb+sPC7cAXaoIqkYXR4XPSM=
Subject key identifier:   29:1D:94:02:83:54:26:71:C5:9E:72:C1:D6:E7:1D:4A:76:D3:6B:66
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       41083EBCEC1326BF1C9B83A605C53E6C02EF1742
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20313734.roa
Signing time:             Fri 24 Oct 2025 09:26:07 +0000
ROA not before:           Fri 24 Oct 2025 09:21:07 +0000
ROA not after:            Fri 23 Oct 2026 09:26:07 +0000
asID:                     174
IP address blocks:        78.31.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:27:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:08:3e:bc:ec:13:26:bf:1c:9b:83:a6:05:c5:3e:6c:02:ef:17:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 24 09:21:07 2025 GMT
            Not After : Oct 23 09:26:07 2026 GMT
        Subject: CN=291D940283542671C59E72C1D6E71D4A76D36B66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b4:4d:c7:40:17:15:8a:00:0d:9d:ed:8e:7c:
                    85:01:a7:00:fb:1d:ad:01:ac:0b:4f:fd:63:08:3d:
                    3c:8e:3d:45:30:b5:32:ce:b8:0e:92:39:b6:1e:ec:
                    6d:7c:61:fe:89:f2:29:3f:1e:da:42:51:30:13:f5:
                    bd:bf:12:d4:60:08:ea:15:2d:14:4d:09:c9:4a:15:
                    87:e3:16:b2:ee:d7:07:23:9a:4b:c4:33:a8:cb:af:
                    a6:39:d2:4f:85:ac:b1:c3:78:2b:e5:ad:58:1a:89:
                    90:a0:21:02:ec:fe:91:b8:31:4b:97:ac:ae:53:84:
                    8b:4e:8c:b3:8e:c7:3e:63:7f:01:fc:0f:8a:7b:e0:
                    75:78:22:9e:5d:15:4e:eb:8e:80:b2:d6:d5:f6:ef:
                    4a:d8:b2:8c:df:e6:9e:4e:82:d3:4d:b1:82:78:66:
                    d0:ff:78:77:71:9c:c2:fb:ee:8a:1e:f3:75:40:56:
                    04:b2:31:96:4e:1c:01:63:a5:49:75:85:10:f8:bf:
                    a4:e5:4c:71:f1:b7:e5:fe:64:29:cc:0c:c6:52:ce:
                    97:83:08:1a:47:73:50:bf:f2:f8:f5:f7:d2:ee:f1:
                    e9:94:d7:29:88:16:70:89:e7:a0:3c:3f:b8:be:38:
                    39:ac:69:5c:9c:91:34:9a:e9:f3:00:55:f1:a7:95:
                    8c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1D:94:02:83:54:26:71:C5:9E:72:C1:D6:E7:1D:4A:76:D3:6B:66
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/37382e33312e3235312e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:72:e7:25:32:60:21:a9:a6:1c:b0:22:0c:2a:b3:06:05:9b:
         a3:f7:60:59:e6:dc:4f:3c:de:f4:7e:d8:7f:b6:03:8e:51:bd:
         c8:4a:99:74:42:b2:fb:4a:e2:24:dc:20:f0:f1:37:50:1e:31:
         5c:77:ff:2c:d5:71:9d:9f:b4:80:94:48:55:27:58:be:54:3c:
         b9:da:b0:0d:63:5f:68:db:4f:a9:35:76:17:a7:64:f4:56:cd:
         3a:45:8a:08:22:49:07:d5:d9:8a:da:f4:c2:3a:a0:eb:23:bb:
         1f:68:a5:44:ec:70:cc:40:38:f5:f4:89:b6:e8:27:cb:ac:9c:
         46:0e:19:db:f2:c2:76:18:b6:69:24:aa:67:5e:a5:35:75:5e:
         73:7e:3d:57:79:d6:58:09:8f:71:be:09:7a:66:e1:7b:a4:78:
         0a:97:60:55:04:fc:ab:3a:8c:9a:93:8b:f5:68:44:eb:99:7a:
         c2:a1:5b:fa:44:9e:9f:65:4c:39:da:63:af:d4:89:6a:65:2f:
         70:8a:17:6f:06:2e:23:9d:ba:b7:b0:05:51:11:9f:be:00:15:
         72:8d:aa:02:32:18:5d:d1:bd:1f:1c:00:f3:da:11:7a:32:25:
         94:1e:6e:ce:6a:f3:a1:92:56:42:f6:28:aa:1e:69:6d:fa:e8:
         12:72:c7:87
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQQg+vOwTJr8cm4OmBcU+bALvF0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMjQwOTIxMDdaFw0yNjEwMjMwOTI2MDdaMDMxMTAvBgNV
BAMTKDI5MUQ5NDAyODM1NDI2NzFDNTlFNzJDMUQ2RTcxRDRBNzZEMzZCNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrtE3HQBcVigANne2OfIUBpwD7
Ha0BrAtP/WMIPTyOPUUwtTLOuA6SObYe7G18Yf6J8ik/HtpCUTAT9b2/EtRgCOoV
LRRNCclKFYfjFrLu1wcjmkvEM6jLr6Y50k+FrLHDeCvlrVgaiZCgIQLs/pG4MUuX
rK5ThItOjLOOxz5jfwH8D4p74HV4Ip5dFU7rjoCy1tX270rYsozf5p5OgtNNsYJ4
ZtD/eHdxnML77ooe83VAVgSyMZZOHAFjpUl1hRD4v6TlTHHxt+X+ZCnMDMZSzpeD
CBpHc1C/8vj199Lu8emU1ymIFnCJ56A8P7i+ODmsaVyckTSa6fMAVfGnlYxvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUKR2UAoNUJnHFnnLB1ucdSnbTa2YwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzczODJlMzMzMTJlMzIzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh/7MA0G
CSqGSIb3DQEBCwUAA4IBAQBycuclMmAhqaYcsCIMKrMGBZuj92BZ5txPPN70fth/
tgOOUb3ISpl0QrL7SuIk3CDw8TdQHjFcd/8s1XGdn7SAlEhVJ1i+VDy52rANY19o
20+pNXYXp2T0Vs06RYoIIkkH1dmK2vTCOqDrI7sfaKVE7HDMQDj19Im26CfLrJxG
Dhnb8sJ2GLZpJKpnXqU1dV5zfj1XedZYCY9xvgl6ZuF7pHgKl2BVBPyrOoyak4v1
aETrmXrCoVv6RJ6fZUw52mOv1IlqZS9wihdvBi4jnbq3sAVREZ++ABVyjaoCMhhd
0b0fHADz2hF6MiWUHm7OavOhklZC9iiqHmlt+ugScseH
-----END CERTIFICATE-----