Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e203438323636.roa
File:                     37372e38312e37372e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier:          5I0vOu7kvIMlEY7Sq8XZtvSWHaZxS4B46RvJVyxx8WI=
Subject key identifier:   5F:65:14:B1:C7:DA:44:1C:96:2A:FB:F9:B4:52:FE:23:5B:E6:BC:CF
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       2A665BD611A7E641E0ADFF677D41C2273724C4CA
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e203438323636.roa
Signing time:             Mon 02 Mar 2026 01:24:56 +0000
ROA not before:           Mon 02 Mar 2026 01:19:56 +0000
ROA not after:            Mon 01 Mar 2027 01:24:56 +0000
asID:                     48266
IP address blocks:        77.81.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:66:5b:d6:11:a7:e6:41:e0:ad:ff:67:7d:41:c2:27:37:24:c4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar  2 01:19:56 2026 GMT
            Not After : Mar  1 01:24:56 2027 GMT
        Subject: CN=5F6514B1C7DA441C962AFBF9B452FE235BE6BCCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ec:82:95:77:d4:d5:45:6e:86:42:b7:e4:51:
                    4c:7a:c4:0e:e1:c5:a7:1c:32:86:f9:5b:86:39:9f:
                    2b:1a:57:7a:bc:24:1b:ff:69:d1:d4:6d:81:c8:b5:
                    27:70:00:9f:8b:01:31:e8:77:1e:a7:71:20:c5:9c:
                    02:4b:ee:8c:c1:f9:d6:90:f2:fb:ce:52:63:4c:9d:
                    df:fc:0d:6e:c7:ed:0f:0c:ee:86:8f:1c:0e:78:9c:
                    dc:cf:5d:e9:75:ca:5d:e8:82:d5:38:8d:66:a7:10:
                    84:33:44:25:81:d1:c7:7a:0f:3a:b3:52:9f:fd:6d:
                    cb:99:fb:ae:c3:42:d4:0d:1d:bd:ad:9e:3b:46:1a:
                    d5:bd:1c:b1:74:d0:42:62:2d:df:a3:5a:55:c5:6a:
                    1c:35:c9:59:53:14:5c:2c:ce:ba:01:63:6f:13:e9:
                    d1:2a:30:4d:d7:81:fd:de:7e:26:81:28:27:7e:4a:
                    d0:6d:b1:b6:f3:3d:62:b4:26:f6:a4:8c:27:1f:45:
                    ee:cf:49:27:24:5c:b5:8e:42:95:dd:2c:3e:22:f1:
                    7a:99:12:77:93:18:ab:80:d0:eb:23:26:50:50:d3:
                    18:b1:37:a3:d6:c4:d9:7c:cb:75:36:9e:06:e5:b0:
                    21:10:84:b8:9d:f2:af:96:64:57:40:8a:3c:f4:7a:
                    30:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:65:14:B1:C7:DA:44:1C:96:2A:FB:F9:B4:52:FE:23:5B:E6:BC:CF
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e37372e302f32342d3234203d3e203438323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:09:62:68:89:fa:98:86:cb:a1:1d:b0:ba:b7:97:0f:7e:de:
         5b:97:b7:b8:0b:bd:35:0f:02:32:49:8b:6f:a9:2c:98:83:e3:
         35:6d:92:d6:5c:b0:b9:e9:b8:5e:0d:b2:69:25:9c:43:2c:a0:
         ba:05:33:d3:4e:23:26:c8:75:a2:f2:2d:d5:ca:79:d4:23:e8:
         92:f1:4e:88:0b:b2:b3:96:fa:6c:b8:4d:61:e5:02:cd:a4:76:
         57:ac:20:74:c4:84:3b:db:84:be:d3:4c:36:41:bd:77:35:fe:
         9f:b6:cb:7a:94:a0:31:9b:b2:65:1a:66:5b:6c:5a:02:6b:e5:
         b4:9c:2c:e4:e2:d7:61:98:2e:1b:35:2b:03:09:b8:35:32:31:
         a8:49:96:8c:ff:49:28:2e:80:25:b9:4b:ff:92:c2:db:89:a2:
         e5:98:ec:dd:77:32:79:f7:20:ab:9c:78:1e:12:2d:b5:03:78:
         43:95:d8:bb:7c:a8:26:98:8a:c3:e3:47:2f:cf:e0:7c:95:22:
         17:a5:41:d3:44:fd:67:03:a0:fe:1a:b0:34:f6:0d:a7:74:bd:
         de:0f:b3:7d:d0:60:35:4b:3c:f4:7e:58:d1:ab:48:98:ef:ce:
         5c:7b:7b:71:32:ac:ef:aa:52:58:f6:9d:6c:e9:11:58:36:ae:
         89:f1:0c:d5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKmZb1hGn5kHgrf9nfUHCJzckxMowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAzMDIwMTE5NTZaFw0yNzAzMDEwMTI0NTZaMDMxMTAvBgNV
BAMTKDVGNjUxNEIxQzdEQTQ0MUM5NjJBRkJGOUI0NTJGRTIzNUJFNkJDQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl7IKVd9TVRW6GQrfkUUx6xA7h
xaccMob5W4Y5nysaV3q8JBv/adHUbYHItSdwAJ+LATHodx6ncSDFnAJL7ozB+daQ
8vvOUmNMnd/8DW7H7Q8M7oaPHA54nNzPXel1yl3ogtU4jWanEIQzRCWB0cd6Dzqz
Up/9bcuZ+67DQtQNHb2tnjtGGtW9HLF00EJiLd+jWlXFahw1yVlTFFwszroBY28T
6dEqME3Xgf3efiaBKCd+StBtsbbzPWK0JvakjCcfRe7PSSckXLWOQpXdLD4i8XqZ
EneTGKuA0OsjJlBQ0xixN6PWxNl8y3U2ngblsCEQhLid8q+WZFdAijz0ejAbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUX2UUscfaRByWKvv5tFL+I1vmvM8wHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzczNzJlMzgzMTJlMzczNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzgzMjM2MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNUU0w
DQYJKoZIhvcNAQELBQADggEBABcJYmiJ+piGy6EdsLq3lw9+3luXt7gLvTUPAjJJ
i2+pLJiD4zVtktZcsLnpuF4NsmklnEMsoLoFM9NOIybIdaLyLdXKedQj6JLxTogL
srOW+my4TWHlAs2kdlesIHTEhDvbhL7TTDZBvXc1/p+2y3qUoDGbsmUaZltsWgJr
5bScLOTi12GYLhs1KwMJuDUyMahJloz/SSgugCW5S/+SwtuJouWY7N13Mnn3IKuc
eB4SLbUDeEOV2Lt8qCaYisPjRy/P4HyVIhelQdNE/WcDoP4asDT2Dad0vd4Ps33Q
YDVLPPR+WNGrSJjvzlx7e3EyrO+qUlj2nWzpEVg2ronxDNU=
-----END CERTIFICATE-----