Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e203633303233.roa
File:                     3137312e32322e37382e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          AOSaJVK/kAmfni+FQKmQazrrcukuAmPXhaM27aDbAuQ=
Subject key identifier:   AC:EB:C0:0C:70:C5:B5:CF:8E:1E:44:FA:D6:CC:47:47:DE:61:33:8B
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       22BAEBDF0FF34DDF757E4DAED59A89DABCBE39A7
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e203633303233.roa
Signing time:             Mon 30 Jun 2025 16:29:39 +0000
ROA not before:           Mon 30 Jun 2025 16:24:39 +0000
ROA not after:            Mon 29 Jun 2026 16:29:39 +0000
asID:                     63023
IP address blocks:        171.22.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 03:04:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:ba:eb:df:0f:f3:4d:df:75:7e:4d:ae:d5:9a:89:da:bc:be:39:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 30 16:24:39 2025 GMT
            Not After : Jun 29 16:29:39 2026 GMT
        Subject: CN=ACEBC00C70C5B5CF8E1E44FAD6CC4747DE61338B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:56:d4:8d:b2:c9:39:c1:ae:f9:78:de:20:45:
                    2d:69:7e:01:b7:84:c4:84:b6:de:eb:af:01:99:96:
                    27:24:4c:f6:77:f1:19:ab:91:1f:b4:82:e0:38:9f:
                    4f:66:92:22:b6:42:8e:d6:cd:ca:7a:1e:93:0a:13:
                    e6:72:53:4c:a2:09:51:7b:13:1f:8d:0a:9d:ca:23:
                    2f:93:d6:4b:3c:22:4c:90:18:42:2d:42:64:11:e2:
                    43:21:78:68:a5:0e:2f:37:fd:b3:b3:ee:0e:86:34:
                    bd:39:47:e7:db:01:0f:11:79:bc:fd:f3:f6:44:cd:
                    56:74:c7:0d:65:f8:0c:91:13:f1:57:7c:8f:a3:b2:
                    4a:62:a3:48:d3:e9:07:3f:3c:0a:20:cb:79:97:91:
                    0a:80:81:c3:dd:29:9a:00:c3:e1:13:05:fd:e4:71:
                    fe:9f:e4:ae:f3:68:65:38:22:ef:86:88:63:07:7b:
                    9f:b1:3f:f6:13:ea:20:a3:90:f5:89:77:54:bc:dc:
                    1a:da:db:e4:89:f5:77:92:cb:25:9a:61:75:ed:f7:
                    0f:96:b6:69:99:b8:e6:9b:aa:94:b4:e5:1c:c9:3d:
                    4b:e5:5a:3e:8c:e0:1b:77:5d:df:cf:27:57:bd:7c:
                    a4:51:4d:df:2e:f5:e4:da:90:b8:4c:34:6e:9e:7d:
                    b3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EB:C0:0C:70:C5:B5:CF:8E:1E:44:FA:D6:CC:47:47:DE:61:33:8B
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:bc:44:5f:35:a1:69:ab:5c:15:33:f4:1e:f9:85:a5:77:51:
         30:fb:ad:15:76:5e:a9:40:bf:b3:32:62:24:63:63:2f:6c:07:
         e0:ef:54:f5:27:fd:66:34:0e:2f:55:8a:95:fa:bd:9c:79:2f:
         f4:68:12:92:01:ac:a7:2d:a1:85:f3:5b:4c:3e:3f:c0:97:d2:
         19:c8:87:9c:96:2f:b1:d9:ff:12:ea:1b:ee:47:f1:13:a4:73:
         40:6a:71:a8:a7:8d:18:43:f0:04:c2:6c:42:19:16:dc:d7:2b:
         c6:b1:e3:c1:42:d6:00:8e:6d:22:19:d9:e9:31:b8:5c:69:71:
         4e:a1:22:c0:87:63:0f:bf:5c:66:71:d3:ff:8f:2f:ee:58:e1:
         76:c8:be:5d:cb:e3:7a:27:e8:d1:c5:0e:16:38:a8:af:47:43:
         fb:14:f1:fa:84:5d:6e:f4:da:9f:a1:d3:03:f1:fc:8c:8c:8f:
         08:b8:da:45:f3:7d:9b:f4:27:73:20:70:07:8c:97:25:f1:01:
         14:e4:01:92:73:cc:1c:dd:bf:ed:5a:1d:d6:65:98:d8:3f:54:
         b8:a2:0d:59:10:56:5e:a7:55:c2:d2:0d:fa:31:1f:cc:b1:b0:
         82:c3:f1:22:75:77:61:52:49:c7:f3:e8:9a:fb:2f:6d:15:21:
         87:39:df:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIrrr3w/zTd91fk2u1ZqJ2ry+OacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MzAxNjI0MzlaFw0yNjA2MjkxNjI5MzlaMDMxMTAvBgNV
BAMTKEFDRUJDMDBDNzBDNUI1Q0Y4RTFFNDRGQUQ2Q0M0NzQ3REU2MTMzOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9VtSNssk5wa75eN4gRS1pfgG3
hMSEtt7rrwGZlickTPZ38RmrkR+0guA4n09mkiK2Qo7Wzcp6HpMKE+ZyU0yiCVF7
Ex+NCp3KIy+T1ks8IkyQGEItQmQR4kMheGilDi83/bOz7g6GNL05R+fbAQ8Rebz9
8/ZEzVZ0xw1l+AyRE/FXfI+jskpio0jT6Qc/PAogy3mXkQqAgcPdKZoAw+ETBf3k
cf6f5K7zaGU4Iu+GiGMHe5+xP/YT6iCjkPWJd1S83Bra2+SJ9XeSyyWaYXXt9w+W
tmmZuOabqpS05RzJPUvlWj6M4Bt3Xd/PJ1e9fKRRTd8u9eTakLhMNG6efbNxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrOvADHDFtc+OHkT61sxHR95hM4swHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzNzMxMmUzMjMyMmUzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMwMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKsW
TjANBgkqhkiG9w0BAQsFAAOCAQEAp7xEXzWhaatcFTP0HvmFpXdRMPutFXZeqUC/
szJiJGNjL2wH4O9U9Sf9ZjQOL1WKlfq9nHkv9GgSkgGspy2hhfNbTD4/wJfSGciH
nJYvsdn/Euob7kfxE6RzQGpxqKeNGEPwBMJsQhkW3NcrxrHjwULWAI5tIhnZ6TG4
XGlxTqEiwIdjD79cZnHT/48v7ljhdsi+Xcvjeifo0cUOFjior0dD+xTx+oRdbvTa
n6HTA/H8jIyPCLjaRfN9m/QncyBwB4yXJfEBFOQBknPMHN2/7Vod1mWY2D9UuKIN
WRBWXqdVwtIN+jEfzLGwgsPxInV3YVJJx/PomvsvbRUhhznf3g==
-----END CERTIFICATE-----