Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130362e302f32342d3234203d3e203539383935.roa
File:                     37372e38332e3130362e302f32342d3234203d3e203539383935.roa (raw, json)
Hash identifier:          HHq2+WOZ1xVoIwv7jlIJXJkT20dxkIszcr13cXn1iyU=
Subject key identifier:   1B:AF:8D:D1:D7:98:74:F2:9E:F6:C0:60:25:A2:0B:8B:E9:43:5D:53
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       403AE0156300AEB7698B5F02E7389998A186D78A
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130362e302f32342d3234203d3e203539383935.roa
Signing time:             Tue 29 Oct 2024 13:43:25 +0000
ROA not before:           Tue 29 Oct 2024 13:38:25 +0000
ROA not after:            Tue 28 Oct 2025 13:43:25 +0000
asID:                     59895
IP address blocks:        77.83.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 04:46:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:3a:e0:15:63:00:ae:b7:69:8b:5f:02:e7:38:99:98:a1:86:d7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 29 13:38:25 2024 GMT
            Not After : Oct 28 13:43:25 2025 GMT
        Subject: CN=1BAF8DD1D79874F29EF6C06025A20B8BE9435D53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:29:ce:e9:e4:a3:20:5b:f0:32:ba:cf:10:
                    9c:b1:e1:e0:a6:51:73:0f:39:8a:f8:a0:51:4d:05:
                    3d:68:6b:aa:53:7c:55:53:5c:6d:0b:d3:14:71:f1:
                    8f:7b:26:d3:14:dd:e0:94:7b:16:2c:42:ec:a6:3b:
                    95:fc:80:dd:51:53:50:79:93:99:1a:b5:c3:1e:49:
                    22:78:37:a7:63:a1:0c:a7:ff:e2:4e:1c:fb:2e:6f:
                    53:27:17:3e:71:42:5f:11:6d:51:a4:d0:e7:71:f1:
                    18:c7:44:3d:7b:14:14:4a:17:e3:35:dc:9d:6c:dd:
                    12:05:50:20:7a:8d:aa:b7:33:ba:b5:2b:fb:9a:ae:
                    fc:d9:8c:75:12:63:f0:25:7d:cb:0f:cb:18:f5:e8:
                    49:31:8d:95:a1:3d:a3:6d:a1:4b:04:82:3a:4c:08:
                    2a:e9:a3:ff:23:1f:7b:c8:08:60:07:7a:8e:ca:16:
                    f5:a3:ce:4a:bf:df:6a:8b:52:c8:66:5f:16:f6:52:
                    94:34:3c:bb:49:5f:f9:2b:8a:9f:1e:94:27:a3:7c:
                    17:73:2e:2f:16:e7:44:08:ef:bf:ae:df:db:f7:83:
                    ce:91:63:90:31:2e:e3:d0:a4:72:83:ee:44:07:be:
                    52:32:b5:ae:ab:8a:d3:01:e1:e0:ec:e2:0c:9c:14:
                    57:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:AF:8D:D1:D7:98:74:F2:9E:F6:C0:60:25:A2:0B:8B:E9:43:5D:53
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/37372e38332e3130362e302f32342d3234203d3e203539383935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:12:13:05:3c:38:3c:d9:07:91:1f:c1:83:ea:9c:8d:c1:29:
         a1:c7:e3:35:65:28:d7:62:ff:aa:ff:e8:eb:51:7e:90:4e:e7:
         fa:09:5d:4c:7f:b7:3a:a5:9d:7b:6c:08:21:16:b8:1d:38:15:
         61:21:53:cb:fe:b9:87:fb:81:48:93:2d:c8:dc:a3:90:6b:d3:
         b5:7c:97:32:0a:02:d2:ba:ea:8e:c1:59:c0:d3:33:e8:e6:eb:
         b8:d8:c4:e1:c5:bb:59:d2:1d:a8:0e:2a:32:ee:33:4f:ec:90:
         31:14:89:e1:3c:20:ab:c4:f7:4e:9d:01:ae:09:ad:0f:53:a6:
         8b:f8:e4:40:15:79:73:8a:9e:8b:ef:be:eb:66:30:8c:de:33:
         ad:e1:bd:04:a7:e8:5c:c5:a4:c9:f5:c5:b2:8b:ef:10:8a:e4:
         65:0b:4b:89:e9:06:54:b0:76:9e:29:c4:91:b0:b4:24:9f:79:
         49:54:03:41:03:b5:cd:fa:2f:5b:ca:e5:44:dc:a8:53:6c:a0:
         26:33:2b:42:61:91:27:9d:b9:34:6b:f0:01:51:1c:46:94:f2:
         42:38:e7:50:ca:60:93:cd:44:57:62:d2:5f:87:45:0b:52:2d:
         41:bf:bd:43:c3:38:d8:fb:ff:76:0f:c6:d3:0b:fb:38:ba:9e:
         8d:0d:a3:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQDrgFWMArrdpi18C5ziZmKGG14owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDEwMjkxMzM4MjVaFw0yNTEwMjgxMzQzMjVaMDMxMTAvBgNV
BAMTKDFCQUY4REQxRDc5ODc0RjI5RUY2QzA2MDI1QTIwQjhCRTk0MzVENTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4oSnO6eSjIFvwMrrPEJyx4eCm
UXMPOYr4oFFNBT1oa6pTfFVTXG0L0xRx8Y97JtMU3eCUexYsQuymO5X8gN1RU1B5
k5katcMeSSJ4N6djoQyn/+JOHPsub1MnFz5xQl8RbVGk0Odx8RjHRD17FBRKF+M1
3J1s3RIFUCB6jaq3M7q1K/uarvzZjHUSY/AlfcsPyxj16EkxjZWhPaNtoUsEgjpM
CCrpo/8jH3vICGAHeo7KFvWjzkq/32qLUshmXxb2UpQ0PLtJX/krip8elCejfBdz
Li8W50QI77+u39v3g86RY5AxLuPQpHKD7kQHvlIyta6ritMB4eDs4gycFFdzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUG6+N0deYdPKe9sBgJaILi+lDXVMwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzczNzJlMzgzMzJlMzEzMDM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzOTM4MzkzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
ajANBgkqhkiG9w0BAQsFAAOCAQEAXhITBTw4PNkHkR/Bg+qcjcEpocfjNWUo12L/
qv/o61F+kE7n+gldTH+3OqWde2wIIRa4HTgVYSFTy/65h/uBSJMtyNyjkGvTtXyX
MgoC0rrqjsFZwNMz6ObruNjE4cW7WdIdqA4qMu4zT+yQMRSJ4Twgq8T3Tp0Brgmt
D1Omi/jkQBV5c4qei+++62YwjN4zreG9BKfoXMWkyfXFsovvEIrkZQtLiekGVLB2
ninEkbC0JJ95SVQDQQO1zfovW8rlRNyoU2ygJjMrQmGRJ525NGvwAVEcRpTyQjjn
UMpgk81EV2LSX4dFC1ItQb+9Q8M42Pv/dg/G0wv7OLqejQ2jbA==
-----END CERTIFICATE-----