Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa
File:                     AS57397.roa (raw, json)
Hash identifier:          ChVNvmitGXW66SdO06fb5xLcnGML4/lxaZ41zHF9A3w=
Subject key identifier:   D8:D7:81:1F:F8:50:58:F4:11:2A:9D:CD:BD:76:F2:C3:76:F6:75:D8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       51AB117C3BCBD3A0D8D819DCDBEC91F86C996F2A
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa
Signing time:             Fri 18 Jul 2025 14:19:19 +0000
ROA not before:           Fri 18 Jul 2025 14:14:19 +0000
ROA not after:            Fri 17 Jul 2026 14:19:19 +0000
asID:                     57397
IP address blocks:        37.221.78.0/24 maxlen: 24
                          185.231.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ab:11:7c:3b:cb:d3:a0:d8:d8:19:dc:db:ec:91:f8:6c:99:6f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jul 18 14:14:19 2025 GMT
            Not After : Jul 17 14:19:19 2026 GMT
        Subject: CN=D8D7811FF85058F4112A9DCDBD76F2C376F675D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:23:cf:53:25:7f:a9:25:8c:cc:30:01:31:13:
                    bc:ed:ce:54:cb:71:55:f9:f1:84:ee:bc:03:da:50:
                    2e:ab:61:4a:83:8e:8c:6e:1c:f0:7a:bb:fd:15:51:
                    1d:51:f6:de:34:b8:9c:16:aa:f2:16:92:6a:96:47:
                    b2:5b:84:6f:5e:bc:9e:1a:8f:27:76:7f:71:46:ca:
                    1a:d3:89:7b:68:c1:c5:fe:df:f4:bf:3a:c8:47:3c:
                    36:45:0a:a8:4d:71:47:c8:6b:c5:ea:b1:37:a0:85:
                    5e:a1:94:e3:0a:cd:8d:8e:f2:b4:5c:db:8e:96:a0:
                    bc:12:73:72:f6:5f:cb:aa:c4:85:c0:ca:68:41:32:
                    6b:4a:7a:2e:ad:ae:8f:ef:41:e8:aa:83:37:a9:6d:
                    6a:9b:fa:1f:6b:0c:13:fe:53:b3:f0:f8:d7:ca:eb:
                    8f:05:7f:a2:0f:53:d0:ea:43:0a:56:d3:b2:62:b2:
                    03:90:01:8e:1f:5e:1c:46:72:7a:38:4d:8a:6d:8a:
                    bc:74:0e:de:c5:29:85:43:34:3b:10:17:13:04:d5:
                    74:10:0f:93:0b:85:fd:1b:f7:87:f2:ae:3c:68:51:
                    a7:50:10:62:e3:8e:7e:0d:cd:79:c8:f0:fd:77:15:
                    79:48:43:72:62:46:a2:cb:87:01:d9:37:1c:3c:47:
                    64:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D7:81:1F:F8:50:58:F4:11:2A:9D:CD:BD:76:F2:C3:76:F6:75:D8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS57397.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/24
                  185.231.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:43:94:f9:b3:cc:56:2a:7c:3d:d0:da:1b:b8:9d:71:21:47:
         df:ff:9c:0e:6b:32:69:5b:bb:9c:4e:f6:35:4e:fb:df:bf:2f:
         fa:f0:01:f6:57:bc:49:5c:44:64:63:78:64:7a:47:d7:5c:9b:
         dc:3d:47:1c:42:ea:48:ec:46:c0:c0:cd:a0:f1:d6:98:52:db:
         9c:a5:31:5c:09:76:62:87:b4:61:8a:20:c3:82:1b:98:35:db:
         06:1d:e2:57:2e:72:b7:e1:b0:c8:00:fc:b7:16:8d:fc:ea:f8:
         b3:78:71:75:63:b9:f9:43:02:10:3e:d5:5b:9e:8a:d7:ea:32:
         a7:3c:9e:98:55:a7:7e:9b:1a:12:74:08:db:7b:3f:1b:a8:6c:
         b6:1a:8f:cd:da:7c:fc:e8:00:2b:ce:08:95:85:24:ba:6e:18:
         d5:19:81:51:84:f0:a6:18:76:ed:8b:3e:1b:c6:c9:03:ea:df:
         73:bb:4d:8a:40:63:1d:50:c3:2b:00:6a:09:a9:13:40:cc:42:
         a6:05:f4:00:d3:b2:1c:f8:ba:e3:d4:13:a3:0b:e6:5f:b0:bb:
         1b:f0:e6:38:f7:55:52:05:13:ef:70:57:32:d6:84:09:f6:04:
         1b:74:83:e9:0c:17:a4:de:c3:0d:b7:97:01:a1:cd:17:73:0b:
         e5:6f:27:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUUasRfDvL06DY2Bnc2+yR+GyZbyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA3MTgxNDE0MTlaFw0yNjA3MTcxNDE5MTlaMDMxMTAvBgNV
BAMTKEQ4RDc4MTFGRjg1MDU4RjQxMTJBOURDREJENzZGMkMzNzZGNjc1RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGI89TJX+pJYzMMAExE7ztzlTL
cVX58YTuvAPaUC6rYUqDjoxuHPB6u/0VUR1R9t40uJwWqvIWkmqWR7JbhG9evJ4a
jyd2f3FGyhrTiXtowcX+3/S/OshHPDZFCqhNcUfIa8XqsTeghV6hlOMKzY2O8rRc
246WoLwSc3L2X8uqxIXAymhBMmtKei6tro/vQeiqgzepbWqb+h9rDBP+U7Pw+NfK
648Ff6IPU9DqQwpW07JisgOQAY4fXhxGcno4TYptirx0Dt7FKYVDNDsQFxME1XQQ
D5MLhf0b94fyrjxoUadQEGLjjn4NzXnI8P13FXlIQ3JiRqLLhwHZNxw8R2RNAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU2NeBH/hQWPQRKp3NvXbyw3b2ddgwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTNTczOTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAl3U4D
BAC55+AwDQYJKoZIhvcNAQELBQADggEBAF5DlPmzzFYqfD3Q2hu4nXEhR9//nA5r
Mmlbu5xO9jVO+9+/L/rwAfZXvElcRGRjeGR6R9dcm9w9RxxC6kjsRsDAzaDx1phS
25ylMVwJdmKHtGGKIMOCG5g12wYd4lcucrfhsMgA/LcWjfzq+LN4cXVjuflDAhA+
1VueitfqMqc8nphVp36bGhJ0CNt7PxuobLYaj83afPzoACvOCJWFJLpuGNUZgVGE
8KYYdu2LPhvGyQPq33O7TYpAYx1QwysAagmpE0DMQqYF9ADTshz4uuPUE6ML5l+w
uxvw5jj3VVIFE+9wVzLWhAn2BBt0g+kMF6Teww23lwGhzRdzC+VvJ8M=
-----END CERTIFICATE-----