Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130342e302f32342d3234203d3e203531303832.roa
File:                     37372e38332e3130342e302f32342d3234203d3e203531303832.roa (raw, json)
Hash identifier:          cPaUnFGEFa3LLtcINVpDXdadHfjpZgAv0da2n/WKQ90=
Subject key identifier:   F2:CB:6F:81:94:2A:A4:F8:08:21:E4:CD:CA:CB:B8:31:63:CB:6A:B2
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       7887B6151D3E792B2AEB44618238A43EB9B53A46
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130342e302f32342d3234203d3e203531303832.roa
Signing time:             Thu 03 Oct 2024 10:29:54 +0000
ROA not before:           Thu 03 Oct 2024 10:24:54 +0000
ROA not after:            Thu 02 Oct 2025 10:29:54 +0000
asID:                     51082
IP address blocks:        77.83.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:87:b6:15:1d:3e:79:2b:2a:eb:44:61:82:38:a4:3e:b9:b5:3a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct  3 10:24:54 2024 GMT
            Not After : Oct  2 10:29:54 2025 GMT
        Subject: CN=F2CB6F81942AA4F80821E4CDCACBB83163CB6AB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5f:7f:e6:16:6e:ea:57:a8:f7:1f:a2:6e:63:
                    09:81:f1:1f:61:9e:a7:42:a8:bd:39:dd:f3:93:a6:
                    5d:b8:d3:00:5c:74:b9:f0:0a:56:1e:b7:80:ea:6a:
                    09:96:a0:70:4a:27:38:92:d9:c1:2b:7a:b7:f8:89:
                    6c:2a:c2:99:f4:79:f4:c5:b0:2a:b9:f6:f4:de:3d:
                    00:a6:83:f5:27:5c:89:15:4e:a5:cf:83:55:fc:35:
                    13:16:a1:17:59:56:11:af:3c:a4:e9:a3:f0:58:8c:
                    bc:63:69:c3:b4:14:cc:a0:8a:7f:50:45:e7:c1:0b:
                    bf:0d:ee:1a:1a:cb:52:a6:d0:de:54:eb:c2:1e:7a:
                    25:5f:be:18:b4:a9:7f:2e:45:b3:38:ba:98:36:99:
                    ad:38:f6:99:56:bc:46:82:73:de:8c:21:1c:9d:94:
                    9e:f0:fa:9b:cc:63:c8:66:53:af:c8:c8:cd:81:b4:
                    ab:fc:13:c2:c4:07:f2:b6:4a:03:36:e7:56:be:31:
                    2e:40:84:fe:be:94:d3:97:5d:e6:98:31:c7:13:5f:
                    dd:62:f9:08:6f:a4:08:9e:ab:f1:42:dd:fb:a0:fa:
                    2f:58:90:0f:7f:6c:53:16:46:f0:58:d5:16:09:ca:
                    ff:80:d5:22:01:ac:b9:6e:06:05:36:6b:32:41:39:
                    c2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CB:6F:81:94:2A:A4:F8:08:21:E4:CD:CA:CB:B8:31:63:CB:6A:B2
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130342e302f32342d3234203d3e203531303832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:85:5f:df:07:00:2c:56:4f:ba:ff:c1:86:68:fb:52:36:6d:
         1a:1c:77:51:47:59:fd:c7:f9:ee:51:ef:b1:51:23:2b:8d:e7:
         c4:98:5d:0c:2c:fd:02:6d:de:03:b1:80:8a:52:12:d4:da:dd:
         69:e0:96:b8:1a:f3:5a:4f:e0:24:47:db:41:b0:64:a1:db:26:
         03:2c:36:95:24:ca:a1:b1:28:f6:21:02:d8:e4:2c:6f:18:89:
         b8:31:e5:7a:e8:94:0c:b5:73:9a:1b:3c:3d:df:76:5f:dc:7f:
         92:6a:fe:83:61:4d:06:62:c2:b3:d3:99:d4:16:db:ce:fa:58:
         7b:6f:09:e5:27:6d:d5:4c:43:43:03:3c:67:24:e0:7d:80:6e:
         64:f2:c7:a9:16:aa:02:82:6b:9e:65:66:1f:04:3c:57:14:cc:
         a0:49:68:1d:05:8d:8f:b2:03:43:27:b8:c6:5f:c3:f6:46:bb:
         78:01:79:e9:2f:ba:69:39:89:b9:2c:ac:d1:7a:2b:98:7d:0f:
         bb:93:49:20:7c:28:29:fd:82:fb:c4:47:97:25:17:8d:3a:0e:
         12:fc:cf:45:1d:44:85:e3:d8:91:51:c4:49:dd:37:97:87:47:
         9f:a8:1c:51:65:a6:9e:33:cf:7c:bb:19:52:d8:7a:69:75:a5:
         b4:bf:7d:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeIe2FR0+eSsq60RhgjikPrm1OkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDEwMDMxMDI0NTRaFw0yNTEwMDIxMDI5NTRaMDMxMTAvBgNV
BAMTKEYyQ0I2RjgxOTQyQUE0RjgwODIxRTRDRENBQ0JCODMxNjNDQjZBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwX3/mFm7qV6j3H6JuYwmB8R9h
nqdCqL053fOTpl240wBcdLnwClYet4DqagmWoHBKJziS2cErerf4iWwqwpn0efTF
sCq59vTePQCmg/UnXIkVTqXPg1X8NRMWoRdZVhGvPKTpo/BYjLxjacO0FMygin9Q
RefBC78N7hoay1Km0N5U68IeeiVfvhi0qX8uRbM4upg2ma049plWvEaCc96MIRyd
lJ7w+pvMY8hmU6/IyM2BtKv8E8LEB/K2SgM251a+MS5AhP6+lNOXXeaYMccTX91i
+QhvpAieq/FC3fug+i9YkA9/bFMWRvBY1RYJyv+A1SIBrLluBgU2azJBOcJ9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8stvgZQqpPgIIeTNysu4MWPLarIwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzczNzJlMzgzMzJlMzEzMDM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMTMwMzgzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
aDANBgkqhkiG9w0BAQsFAAOCAQEAiIVf3wcALFZPuv/Bhmj7UjZtGhx3UUdZ/cf5
7lHvsVEjK43nxJhdDCz9Am3eA7GAilIS1NrdaeCWuBrzWk/gJEfbQbBkodsmAyw2
lSTKobEo9iEC2OQsbxiJuDHleuiUDLVzmhs8Pd92X9x/kmr+g2FNBmLCs9OZ1Bbb
zvpYe28J5Sdt1UxDQwM8ZyTgfYBuZPLHqRaqAoJrnmVmHwQ8VxTMoEloHQWNj7ID
Qye4xl/D9ka7eAF56S+6aTmJuSys0XormH0Pu5NJIHwoKf2C+8RHlyUXjToOEvzP
RR1EhePYkVHESd03l4dHn6gcUWWmnjPPfLsZUth6aXWltL99LA==
-----END CERTIFICATE-----