Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130352e302f32342d3234203d3e203432383331.roa
File:                     37372e38332e3130352e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          AzMwHyfN4s7uO6VBG23V+EY1gn7QAxv5Q7jSCWt1Zao=
Subject key identifier:   D7:CB:09:19:53:1B:EB:F3:27:FB:07:9D:AB:D5:34:53:F8:F7:B6:C7
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       6E1E95DDD1432BE698D6CD188BE3402D0216BD1A
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130352e302f32342d3234203d3e203432383331.roa
Signing time:             Tue 31 Oct 2023 14:54:10 +0000
ROA not before:           Tue 31 Oct 2023 14:49:10 +0000
ROA not after:            Tue 29 Oct 2024 14:54:10 +0000
asID:                     42831
IP address blocks:        77.83.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:1e:95:dd:d1:43:2b:e6:98:d6:cd:18:8b:e3:40:2d:02:16:bd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 31 14:49:10 2023 GMT
            Not After : Oct 29 14:54:10 2024 GMT
        Subject: CN=D7CB0919531BEBF327FB079DABD53453F8F7B6C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d1:e1:8d:30:05:df:bf:e9:72:8a:c6:1b:da:
                    87:ab:b0:bb:f9:72:e5:fd:43:8b:b3:81:ec:57:86:
                    82:16:14:f7:82:02:9c:ad:08:6b:93:93:9d:9f:f8:
                    46:df:e0:9e:eb:83:7e:74:06:00:22:5a:a2:50:64:
                    0c:c6:b5:12:5e:67:e7:d2:c2:ea:2b:d9:46:8e:a8:
                    1c:e2:cd:c1:c1:18:87:25:48:51:35:1f:b4:6e:dc:
                    e3:bf:61:5d:83:d2:d5:e0:99:73:4a:f4:f1:3e:ff:
                    d1:6b:3a:47:57:dd:e3:77:7b:b3:88:b0:84:b9:87:
                    a6:e4:3e:ee:68:7e:98:0b:27:b4:03:1b:6e:1e:27:
                    22:c7:03:47:59:08:ae:cc:83:7f:23:54:d6:b8:72:
                    64:09:d2:ae:9b:63:c8:f8:04:82:15:71:43:a0:9d:
                    44:22:5e:d4:e3:b9:62:4e:e5:aa:1b:bd:b4:80:5b:
                    41:e8:af:44:4f:00:66:2f:79:1f:45:33:19:34:bc:
                    79:59:40:6c:31:70:1f:a9:aa:8f:38:f0:cd:00:ca:
                    05:e3:8f:7f:b9:cc:f2:73:68:18:bf:64:59:0d:14:
                    7b:9b:37:48:22:30:c2:52:7b:f1:81:6d:87:03:fe:
                    0f:bb:91:b8:b4:c3:91:69:d7:db:e3:51:17:f1:66:
                    cf:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CB:09:19:53:1B:EB:F3:27:FB:07:9D:AB:D5:34:53:F8:F7:B6:C7
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130352e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:ab:44:88:14:82:19:09:48:76:24:1f:d4:9c:dd:d0:8c:c1:
         2d:41:91:07:c7:bb:4d:32:07:74:2b:42:0d:c8:59:10:b3:b3:
         47:3c:bf:c9:3f:74:a5:46:19:2b:07:7c:e9:c3:c0:04:42:22:
         00:12:b2:18:2c:04:f2:47:6e:3e:ee:a0:cd:ff:34:6e:3e:e8:
         74:ce:d7:7e:3c:a1:75:cd:f2:10:9e:a0:5f:dd:6b:dd:e5:f9:
         77:a8:59:5c:40:34:30:62:c6:6e:03:ef:c1:82:91:a3:16:f1:
         e3:ad:c3:f4:36:c0:21:dc:d4:cc:0d:26:22:4b:45:f0:71:bf:
         1f:ce:be:b2:d3:d3:e2:82:40:f5:24:f6:3f:a6:14:78:9b:c7:
         76:0f:8e:10:72:1a:4d:58:20:36:6c:da:23:4d:b5:85:43:e8:
         33:df:e5:20:b9:46:b1:79:3f:01:3f:24:1e:36:ba:a0:78:53:
         49:59:37:82:51:ef:84:e7:ef:d1:05:18:6c:de:1f:70:fe:58:
         84:cb:63:98:fc:06:30:b5:d3:84:dc:c4:a8:f2:de:13:31:ae:
         b7:ce:bc:57:2a:bc:2d:ef:aa:0a:7a:c9:00:0f:75:bb:ae:c4:
         4a:63:78:ef:41:f6:bf:13:0e:19:1c:64:32:bd:e2:43:83:6f:
         96:fb:7c:d9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbh6V3dFDK+aY1s0Yi+NALQIWvRowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEwMzExNDQ5MTBaFw0yNDEwMjkxNDU0MTBaMDMxMTAvBgNV
BAMTKEQ3Q0IwOTE5NTMxQkVCRjMyN0ZCMDc5REFCRDUzNDUzRjhGN0I2QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk0eGNMAXfv+lyisYb2oersLv5
cuX9Q4uzgexXhoIWFPeCApytCGuTk52f+Ebf4J7rg350BgAiWqJQZAzGtRJeZ+fS
wuor2UaOqBzizcHBGIclSFE1H7Ru3OO/YV2D0tXgmXNK9PE+/9FrOkdX3eN3e7OI
sIS5h6bkPu5ofpgLJ7QDG24eJyLHA0dZCK7Mg38jVNa4cmQJ0q6bY8j4BIIVcUOg
nUQiXtTjuWJO5aobvbSAW0Hor0RPAGYveR9FMxk0vHlZQGwxcB+pqo848M0AygXj
j3+5zPJzaBi/ZFkNFHubN0giMMJSe/GBbYcD/g+7kbi0w5Fp19vjURfxZs8DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU18sJGVMb6/Mn+wedq9U0U/j3tscwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzczNzJlMzgzMzJlMzEzMDM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
aTANBgkqhkiG9w0BAQsFAAOCAQEAhqtEiBSCGQlIdiQf1Jzd0IzBLUGRB8e7TTIH
dCtCDchZELOzRzy/yT90pUYZKwd86cPABEIiABKyGCwE8kduPu6gzf80bj7odM7X
fjyhdc3yEJ6gX91r3eX5d6hZXEA0MGLGbgPvwYKRoxbx463D9DbAIdzUzA0mIktF
8HG/H86+stPT4oJA9ST2P6YUeJvHdg+OEHIaTVggNmzaI021hUPoM9/lILlGsXk/
AT8kHja6oHhTSVk3glHvhOfv0QUYbN4fcP5YhMtjmPwGMLXThNzEqPLeEzGut868
Vyq8Le+qCnrJAA91u67ESmN470H2vxMOGRxkMr3iQ4Nvlvt82Q==
-----END CERTIFICATE-----