Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa
File:                     AS37988.roa (raw, json)
Hash identifier:          8xiOrzlY1tW6keUwXX1UjymhWnoyEImGxiYlxA3LuOg=
Subject key identifier:   04:51:AD:7A:12:6E:BF:F4:2C:B6:A2:D8:A4:93:E9:EF:58:53:D3:46
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1F647CD388B40486EA2D40DE9E385474B2B46DB5
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa
Signing time:             Tue 04 Feb 2025 00:17:09 +0000
ROA not before:           Tue 04 Feb 2025 00:12:09 +0000
ROA not after:            Tue 03 Feb 2026 00:17:09 +0000
asID:                     37988
IP address blocks:        2a14:7581:d000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:04:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:64:7c:d3:88:b4:04:86:ea:2d:40:de:9e:38:54:74:b2:b4:6d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb  4 00:12:09 2025 GMT
            Not After : Feb  3 00:17:09 2026 GMT
        Subject: CN=0451AD7A126EBFF42CB6A2D8A493E9EF5853D346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:10:2f:4e:3a:da:7c:19:3b:7c:b3:07:68:9f:
                    72:09:c4:97:70:66:a3:db:ab:0e:73:c6:20:37:32:
                    64:5a:de:ed:de:7f:0d:ff:44:78:da:6d:bb:58:a6:
                    ed:32:43:3c:1e:70:6f:7c:a7:77:3b:ea:fa:6f:97:
                    d7:a9:74:2b:40:64:ed:c4:b5:15:58:42:75:e0:e5:
                    d2:65:92:c2:5d:3a:02:38:e8:50:74:ea:d0:c4:80:
                    63:7b:bc:48:e0:f3:4e:52:9f:8c:70:24:8e:57:ce:
                    43:07:7c:d8:0f:8c:19:7d:9b:21:b2:83:5a:29:fb:
                    71:46:b0:68:ad:9d:6c:51:6c:07:2f:f2:ce:0f:7a:
                    61:24:a8:09:fd:7e:f0:96:aa:2d:7b:7b:be:d7:52:
                    2c:19:01:0e:d7:7f:3e:5a:7c:70:11:2f:07:de:29:
                    ee:9e:f6:ef:35:ca:c8:77:60:69:db:ce:0b:4b:51:
                    3d:ac:8c:86:a7:1d:79:5c:95:f9:c9:f2:67:58:60:
                    fa:bb:cb:30:a1:1d:7d:49:17:40:40:41:8f:33:9a:
                    68:91:98:33:61:79:0e:8e:f1:a1:3d:7f:08:36:65:
                    7c:b2:6e:35:e6:21:f7:9a:28:af:1f:82:5b:95:8c:
                    17:86:0d:ae:23:68:37:a4:42:60:92:ca:e4:af:27:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:51:AD:7A:12:6E:BF:F4:2C:B6:A2:D8:A4:93:E9:EF:58:53:D3:46
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS37988.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:d000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3d:db:c4:55:e4:90:f1:87:10:4b:c6:37:fb:35:97:07:1a:74:
         3b:6f:4d:3c:69:10:f9:3e:7c:e1:6b:a8:e7:8b:59:46:52:77:
         59:26:01:2d:19:85:f3:5c:59:71:47:68:6a:a2:aa:8f:46:1a:
         f6:39:6c:d7:33:15:a9:35:a5:b3:3e:e4:55:67:46:8c:ac:d7:
         8b:c6:16:a3:70:3f:a3:ee:cb:e8:ef:4c:97:3f:9f:01:f8:6e:
         25:20:07:2c:4b:4f:bb:9a:d9:83:fd:8c:e6:2f:24:f5:13:87:
         c5:ed:e2:be:79:0e:b4:11:47:f5:b2:ce:60:39:20:6e:4d:45:
         82:08:37:53:19:05:cc:0c:72:3f:a1:ca:ba:f4:c7:cb:25:6a:
         71:42:f6:5e:2d:08:ff:4c:2b:a2:4d:84:a1:5f:4a:c7:c5:d3:
         de:4a:88:2b:42:15:56:10:ac:ed:b4:c9:4b:ec:01:64:97:1e:
         59:db:c9:fb:f9:46:d4:07:42:e1:81:6a:e8:79:ff:d4:1b:fc:
         f2:8c:85:75:ca:d7:f0:96:8d:80:f7:72:e4:44:c0:ac:c0:2b:
         87:69:3d:c3:2c:22:3e:42:bd:50:02:a0:c1:bc:83:b0:31:83:
         ff:85:ef:64:85:2a:38:64:03:50:e9:0a:44:59:61:60:fa:db:
         c9:0b:f8:85
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUH2R804i0BIbqLUDenjhUdLK0bbUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTAyMDQwMDEyMDlaFw0yNjAyMDMwMDE3MDlaMDMxMTAvBgNV
BAMTKDA0NTFBRDdBMTI2RUJGRjQyQ0I2QTJEOEE0OTNFOUVGNTg1M0QzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZEC9OOtp8GTt8swdon3IJxJdw
ZqPbqw5zxiA3MmRa3u3efw3/RHjabbtYpu0yQzwecG98p3c76vpvl9epdCtAZO3E
tRVYQnXg5dJlksJdOgI46FB06tDEgGN7vEjg805Sn4xwJI5XzkMHfNgPjBl9myGy
g1op+3FGsGitnWxRbAcv8s4PemEkqAn9fvCWqi17e77XUiwZAQ7Xfz5afHARLwfe
Ke6e9u81ysh3YGnbzgtLUT2sjIanHXlclfnJ8mdYYPq7yzChHX1JF0BAQY8zmmiR
mDNheQ6O8aE9fwg2ZXyybjXmIfeaKK8fgluVjBeGDa4jaDekQmCSyuSvJ6dXAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUBFGtehJuv/QstqLYpJPp71hT00YwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzc5ODgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqFHWB
0DANBgkqhkiG9w0BAQsFAAOCAQEAPdvEVeSQ8YcQS8Y3+zWXBxp0O29NPGkQ+T58
4Wuo54tZRlJ3WSYBLRmF81xZcUdoaqKqj0Ya9jls1zMVqTWlsz7kVWdGjKzXi8YW
o3A/o+7L6O9Mlz+fAfhuJSAHLEtPu5rZg/2M5i8k9ROHxe3ivnkOtBFH9bLOYDkg
bk1Fggg3UxkFzAxyP6HKuvTHyyVqcUL2Xi0I/0wrok2EoV9Kx8XT3kqIK0IVVhCs
7bTJS+wBZJceWdvJ+/lG1AdC4YFq6Hn/1Bv88oyFdcrX8JaNgPdy5ETArMArh2k9
wywiPkK9UAKgwbyDsDGD/4XvZIUqOGQDUOkKRFlhYPrbyQv4hQ==
-----END CERTIFICATE-----