Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130372e302f32342d3234203d3e203134363138.roa
File:                     37372e38332e3130372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          RLkHoZIGtxNaQjM4wMrECttYr64XAttgEOdrNH21wXM=
Subject key identifier:   FF:2F:54:8D:91:B8:FD:61:E3:4F:AC:33:9D:21:2D:98:29:55:D3:04
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       13C12D32AE395C70CA6CF7C985305C9665388815
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 08 May 2024 14:24:27 +0000
ROA not before:           Wed 08 May 2024 14:19:27 +0000
ROA not after:            Wed 07 May 2025 14:24:27 +0000
asID:                     14618
IP address blocks:        77.83.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c1:2d:32:ae:39:5c:70:ca:6c:f7:c9:85:30:5c:96:65:38:88:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: May  8 14:19:27 2024 GMT
            Not After : May  7 14:24:27 2025 GMT
        Subject: CN=FF2F548D91B8FD61E34FAC339D212D982955D304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5c:bd:fa:c7:00:9a:05:9a:ab:dc:72:ec:95:
                    6f:c7:19:26:32:0a:e1:a4:04:a8:e8:26:ad:d9:d5:
                    39:e8:9a:f9:23:9a:f8:d9:5c:ef:ce:c4:5d:86:7f:
                    06:55:9e:84:89:8a:4d:a3:0c:b8:72:98:6a:9f:a1:
                    35:4d:9d:cc:5c:f3:67:02:27:fa:c6:1d:17:58:b5:
                    d3:53:34:b7:ba:0e:a5:64:88:68:02:36:f2:bb:1c:
                    71:ef:2f:55:c1:84:1f:f2:d9:78:35:45:b6:84:e2:
                    4f:31:56:41:2b:ea:b3:2a:84:3a:71:4c:bd:43:c5:
                    b9:b4:b6:0b:a5:03:c3:9a:34:c9:7b:29:43:65:97:
                    2b:91:48:e8:76:35:4e:44:50:ea:35:f3:1c:70:6d:
                    63:47:46:41:50:9c:75:52:32:c1:14:9b:ef:59:66:
                    0e:60:01:8a:e6:f3:17:fa:1c:fc:32:67:ca:f7:36:
                    f6:1b:27:3c:5b:be:74:f9:93:3e:8c:5c:e0:93:1f:
                    d7:d1:d5:05:c6:e7:21:a5:8c:37:ff:72:fb:23:21:
                    5a:ef:e2:c5:74:55:ef:dc:dc:bb:bb:b4:e9:e5:08:
                    fe:0a:6a:1b:71:14:df:94:ae:0c:41:f0:79:b8:31:
                    f8:fb:a1:99:dc:e0:66:8c:10:52:e2:1d:5d:75:75:
                    70:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:2F:54:8D:91:B8:FD:61:E3:4F:AC:33:9D:21:2D:98:29:55:D3:04
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:8e:1b:ce:05:b8:41:b4:3a:05:39:7b:e2:fd:20:8f:e0:82:
         e9:d0:24:3f:09:55:9b:87:dc:9a:7b:74:3c:43:56:af:9e:cc:
         0a:1a:02:a4:12:a2:1d:26:4b:34:a0:cb:01:59:8e:6a:7e:1f:
         df:ce:5f:2e:6d:7b:0f:56:1f:6b:47:d9:36:45:a9:89:3f:9d:
         b3:ae:32:f3:76:32:cd:9b:b8:7b:5c:06:b0:ba:32:03:90:2d:
         8e:aa:64:41:0e:20:98:60:0b:a9:9e:82:55:4e:2c:f8:ec:70:
         d4:c7:0e:bf:3d:51:d9:13:86:f5:d2:bb:87:9c:ac:36:e1:a6:
         af:e6:bd:0c:64:60:f4:d4:1e:b0:f3:09:39:f5:19:2d:fe:b8:
         40:f6:d4:94:70:84:0e:67:6a:d3:14:30:ef:82:0d:5b:95:4f:
         f1:04:b0:98:06:5b:78:c5:29:71:f1:d4:6e:44:dd:2e:c5:7a:
         67:ea:07:76:f1:78:99:71:b6:57:c0:56:d7:f8:76:2a:14:c2:
         e5:98:88:b5:97:a6:4d:d6:11:56:a1:89:df:c9:58:ce:a8:6d:
         6d:5a:0b:50:74:7f:5f:87:b4:bc:16:1c:4e:da:bf:64:87:6a:
         6e:bf:d9:13:c8:05:55:c8:ce:52:b6:55:5d:5b:89:6a:77:87:
         76:b9:05:88
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE8EtMq45XHDKbPfJhTBclmU4iBUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA1MDgxNDE5MjdaFw0yNTA1MDcxNDI0MjdaMDMxMTAvBgNV
BAMTKEZGMkY1NDhEOTFCOEZENjFFMzRGQUMzMzlEMjEyRDk4Mjk1NUQzMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4XL36xwCaBZqr3HLslW/HGSYy
CuGkBKjoJq3Z1TnomvkjmvjZXO/OxF2GfwZVnoSJik2jDLhymGqfoTVNncxc82cC
J/rGHRdYtdNTNLe6DqVkiGgCNvK7HHHvL1XBhB/y2Xg1RbaE4k8xVkEr6rMqhDpx
TL1Dxbm0tgulA8OaNMl7KUNllyuRSOh2NU5EUOo18xxwbWNHRkFQnHVSMsEUm+9Z
Zg5gAYrm8xf6HPwyZ8r3NvYbJzxbvnT5kz6MXOCTH9fR1QXG5yGljDf/cvsjIVrv
4sV0Ve/c3Lu7tOnlCP4KahtxFN+UrgxB8Hm4Mfj7oZnc4GaMEFLiHV11dXChAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/y9UjZG4/WHjT6wznSEtmClV0wQwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzczNzJlMzgzMzJlMzEzMDM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
azANBgkqhkiG9w0BAQsFAAOCAQEAmI4bzgW4QbQ6BTl74v0gj+CC6dAkPwlVm4fc
mnt0PENWr57MChoCpBKiHSZLNKDLAVmOan4f385fLm17D1Yfa0fZNkWpiT+ds64y
83YyzZu4e1wGsLoyA5AtjqpkQQ4gmGALqZ6CVU4s+Oxw1McOvz1R2ROG9dK7h5ys
NuGmr+a9DGRg9NQesPMJOfUZLf64QPbUlHCEDmdq0xQw74INW5VP8QSwmAZbeMUp
cfHUbkTdLsV6Z+oHdvF4mXG2V8BW1/h2KhTC5ZiItZemTdYRVqGJ38lYzqhtbVoL
UHR/X4e0vBYcTtq/ZIdqbr/ZE8gFVcjOUrZVXVuJaneHdrkFiA==
-----END CERTIFICATE-----