Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e20313337353137.roa
File:                     37372e38312e37372e302f32342d3234203d3e20313337353137.roa (raw, json)
Hash identifier:          mnQJW4GBjGEsRXTh3Y2cxT8Pj8O29OUkMaI68Qj1ywg=
Subject key identifier:   7D:42:FD:CF:BF:2D:D1:2E:B6:44:D1:A8:B8:36:63:D7:7D:3A:A8:FC
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       1251134C5265F648DA02F4AED708E7FE13E976D8
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e20313337353137.roa
Signing time:             Tue 25 Mar 2025 06:20:15 +0000
ROA not before:           Tue 25 Mar 2025 06:15:15 +0000
ROA not after:            Tue 24 Mar 2026 06:20:15 +0000
asID:                     137517
IP address blocks:        77.81.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:51:13:4c:52:65:f6:48:da:02:f4:ae:d7:08:e7:fe:13:e9:76:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar 25 06:15:15 2025 GMT
            Not After : Mar 24 06:20:15 2026 GMT
        Subject: CN=7D42FDCFBF2DD12EB644D1A8B83663D77D3AA8FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:60:83:77:41:74:47:ea:30:6a:32:eb:e9:ee:
                    c0:35:e6:62:34:5a:7a:1d:6d:a7:4c:61:28:a7:5c:
                    5e:6f:c3:6c:a4:08:04:ed:ee:d3:55:59:d7:e3:67:
                    45:cc:9d:a6:e8:dc:5d:ea:95:c1:76:67:bc:08:29:
                    2e:03:dc:13:2e:1d:b7:ff:68:75:10:7f:38:d2:62:
                    2f:33:ca:12:db:95:82:af:30:b1:71:f3:8a:56:c1:
                    c7:8f:9b:a6:ca:13:df:37:27:25:d1:a6:7f:53:9e:
                    31:7a:9a:21:77:a6:87:ae:97:a4:02:9e:ed:51:75:
                    d3:e9:6a:f8:b2:9f:7b:3b:56:4e:45:22:8a:96:6b:
                    ee:b2:9b:9c:0d:d0:de:06:fc:29:4d:6e:ae:91:eb:
                    98:de:fb:66:4c:e3:49:c7:6b:8d:27:b6:42:91:f3:
                    d9:11:4b:17:1e:2b:7e:1c:e1:69:dd:a1:07:9b:71:
                    4b:0a:5a:13:a2:99:c8:67:4a:31:55:f4:c6:be:e6:
                    3d:1c:09:0e:33:c9:50:f7:7b:49:19:6c:41:cd:26:
                    8c:30:b7:b1:56:51:9f:c6:bf:a8:e9:4d:6d:6e:aa:
                    da:63:65:0d:e3:a0:cc:3c:06:bc:67:03:71:df:5e:
                    fd:c4:b8:88:ba:b5:e2:08:48:09:0c:1a:94:01:a9:
                    3b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:42:FD:CF:BF:2D:D1:2E:B6:44:D1:A8:B8:36:63:D7:7D:3A:A8:FC
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e20313337353137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:fe:f6:1b:3f:eb:1f:a8:7e:96:af:76:f7:c6:3b:34:e0:11:
         37:08:76:4b:df:0c:ef:79:fb:a1:03:ef:b4:2d:fc:8c:a9:7f:
         73:43:17:67:c1:ae:a4:74:5c:ac:49:55:5a:80:a3:2b:6a:81:
         7e:48:32:be:43:b8:77:81:29:99:15:0f:64:e9:20:09:e0:ef:
         ea:9e:bc:f9:3d:7c:c7:35:02:7f:ee:0d:65:dd:74:4a:d1:d9:
         56:40:b6:61:3d:a6:3d:7f:70:81:8e:31:b4:5d:22:04:a3:43:
         7d:ee:76:f6:9d:05:fb:95:8b:dc:77:ad:b9:e8:c7:65:da:0b:
         a5:ca:cc:ae:b4:0c:81:99:0c:34:6b:5a:2d:49:94:b1:8f:fe:
         72:2a:c6:96:6b:16:a7:a3:cd:df:c1:88:29:36:0d:e1:ff:a4:
         6c:55:cf:d4:3a:8b:3c:0a:1d:e0:63:89:3d:37:c6:ec:e4:45:
         b8:fb:ac:b3:01:47:0f:71:9b:aa:91:d2:c4:18:f1:08:cf:36:
         5c:22:eb:9f:bd:ee:ac:5e:a0:05:22:bf:e8:4f:2e:cf:a7:df:
         54:ba:0a:7a:57:7e:71:fa:5b:b4:58:99:96:3d:18:70:bd:8e:
         b3:a5:34:e8:a1:99:84:54:6a:d7:59:9d:2b:d9:06:7e:40:ad:
         2b:49:93:08
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUElETTFJl9kjaAvSu1wjn/hPpdtgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTAzMjUwNjE1MTVaFw0yNjAzMjQwNjIwMTVaMDMxMTAvBgNV
BAMTKDdENDJGRENGQkYyREQxMkVCNjQ0RDFBOEI4MzY2M0Q3N0QzQUE4RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfYIN3QXRH6jBqMuvp7sA15mI0
WnodbadMYSinXF5vw2ykCATt7tNVWdfjZ0XMnabo3F3qlcF2Z7wIKS4D3BMuHbf/
aHUQfzjSYi8zyhLblYKvMLFx84pWwcePm6bKE983JyXRpn9TnjF6miF3poeul6QC
nu1RddPpaviyn3s7Vk5FIoqWa+6ym5wN0N4G/ClNbq6R65je+2ZM40nHa40ntkKR
89kRSxceK34c4WndoQebcUsKWhOimchnSjFV9Ma+5j0cCQ4zyVD3e0kZbEHNJoww
t7FWUZ/Gv6jpTW1uqtpjZQ3joMw8BrxnA3HfXv3EuIi6teIISAkMGpQBqTvDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfUL9z78t0S62RNGouDZj1306qPwwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzczNzJlMzgzMTJlMzczNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM1MzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1R
TTANBgkqhkiG9w0BAQsFAAOCAQEAZv72Gz/rH6h+lq9298Y7NOARNwh2S98M73n7
oQPvtC38jKl/c0MXZ8GupHRcrElVWoCjK2qBfkgyvkO4d4EpmRUPZOkgCeDv6p68
+T18xzUCf+4NZd10StHZVkC2YT2mPX9wgY4xtF0iBKNDfe529p0F+5WL3HetuejH
ZdoLpcrMrrQMgZkMNGtaLUmUsY/+cirGlmsWp6PN38GIKTYN4f+kbFXP1DqLPAod
4GOJPTfG7ORFuPusswFHD3GbqpHSxBjxCM82XCLrn73urF6gBSK/6E8uz6ffVLoK
eld+cfpbtFiZlj0YcL2Os6U06KGZhFRq11mdK9kGfkCtK0mTCA==
-----END CERTIFICATE-----