Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e38302e302f32332d3233203d3e203230383630.roa
File:                     37372e38312e38302e302f32332d3233203d3e203230383630.roa (raw, json)
Hash identifier:          ENs1tyjr+QsCNkYiVs8CGb16BSmudiUVAdhDAu4V/ek=
Subject key identifier:   77:6B:70:8D:57:7E:2A:A5:85:7A:83:8B:A3:72:CB:70:27:02:5F:EF
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       5E08FA9B4588561AEA8C96732984C6C3F8C0D67C
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e38302e302f32332d3233203d3e203230383630.roa
Signing time:             Mon 07 Jul 2025 20:08:42 +0000
ROA not before:           Mon 07 Jul 2025 20:03:42 +0000
ROA not after:            Mon 06 Jul 2026 20:08:42 +0000
asID:                     20860
IP address blocks:        77.81.80.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 11:26:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:08:fa:9b:45:88:56:1a:ea:8c:96:73:29:84:c6:c3:f8:c0:d6:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Jul  7 20:03:42 2025 GMT
            Not After : Jul  6 20:08:42 2026 GMT
        Subject: CN=776B708D577E2AA5857A838BA372CB7027025FEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:10:12:9d:23:68:41:c6:3f:48:93:c7:2d:78:
                    57:b9:4f:c5:c8:e7:14:f9:56:9a:5d:6d:10:ff:8a:
                    ae:18:2a:f8:1d:2e:31:03:38:22:a9:01:20:07:14:
                    3b:0b:05:1f:8d:79:0b:c4:36:68:39:90:91:0f:11:
                    81:30:95:13:4b:b7:36:ef:46:fe:c5:b9:15:32:91:
                    a9:73:83:53:d9:94:25:66:e6:60:a3:47:bf:39:27:
                    b2:52:c8:90:5f:e7:e1:5d:6b:2f:8e:1e:dc:53:8b:
                    bb:ff:f0:83:dd:c4:26:09:b4:26:b1:16:bb:c5:73:
                    ae:a3:62:92:f1:09:a8:6b:b7:7d:be:9f:17:40:92:
                    5c:e1:3f:ec:40:b8:d3:a7:a3:92:3c:ff:36:fc:e7:
                    72:a2:72:a4:ae:fa:e7:55:9b:9b:98:76:6d:74:26:
                    a4:2b:71:5a:9b:4f:9f:1d:9e:37:a7:8e:4c:ba:52:
                    44:f3:de:0a:45:40:56:8f:42:c6:bb:18:17:b5:a3:
                    06:78:5b:f4:67:45:96:5b:61:23:1f:a2:06:73:43:
                    e9:bf:09:4f:00:b2:87:cc:b7:ae:8d:48:86:83:f7:
                    60:bb:d3:d5:54:09:ef:86:12:41:4c:ca:26:d4:f3:
                    da:de:78:0e:4b:26:df:ea:5c:ab:9d:e1:65:89:39:
                    e9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6B:70:8D:57:7E:2A:A5:85:7A:83:8B:A3:72:CB:70:27:02:5F:EF
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/37372e38312e38302e302f32332d3233203d3e203230383630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:51:ca:b7:24:2a:95:ad:b3:1a:37:fe:77:0c:70:30:82:a1:
         3a:2f:3a:01:f1:0c:a0:24:a0:59:be:9c:3b:c6:14:cd:e9:9f:
         c8:d0:0e:13:5d:54:01:2f:a6:31:b6:d2:14:2c:cd:ea:17:d9:
         b8:37:29:42:f4:27:0c:53:af:01:97:e6:16:1e:bc:60:78:8a:
         96:50:5a:89:27:49:ac:f4:51:95:a0:2c:d1:44:92:5a:29:f6:
         a8:b5:e6:c6:80:b5:f0:12:eb:5d:ad:62:83:4e:98:db:46:60:
         60:7c:75:5f:37:93:8f:4e:94:72:21:b5:22:0f:a8:67:c1:af:
         46:7a:f0:07:0b:c4:3b:8f:17:c9:8f:a9:45:9b:16:cd:03:25:
         e4:84:7f:80:c8:c5:20:73:8a:39:5a:7e:ba:6b:12:7a:b9:b9:
         c9:67:19:da:e0:a2:24:1d:f7:20:59:63:b2:1b:31:45:14:2c:
         1a:91:ac:a7:43:0d:07:31:72:02:44:f7:03:2a:0f:3f:16:13:
         fa:f4:71:c7:08:2c:3e:1b:9c:06:64:7d:2d:ac:fc:99:03:04:
         04:0f:19:56:7c:e6:24:42:9e:7d:af:e2:dc:e5:ed:1f:d7:26:
         7b:cd:69:6c:29:26:ea:68:26:e2:04:18:3c:dd:51:fe:fc:af:
         8f:aa:ae:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXgj6m0WIVhrqjJZzKYTGw/jA1nwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTA3MDcyMDAzNDJaFw0yNjA3MDYyMDA4NDJaMDMxMTAvBgNV
BAMTKDc3NkI3MDhENTc3RTJBQTU4NTdBODM4QkEzNzJDQjcwMjcwMjVGRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EBKdI2hBxj9Ik8cteFe5T8XI
5xT5VppdbRD/iq4YKvgdLjEDOCKpASAHFDsLBR+NeQvENmg5kJEPEYEwlRNLtzbv
Rv7FuRUykalzg1PZlCVm5mCjR785J7JSyJBf5+Fday+OHtxTi7v/8IPdxCYJtCax
FrvFc66jYpLxCahrt32+nxdAklzhP+xAuNOno5I8/zb853KicqSu+udVm5uYdm10
JqQrcVqbT58dnjenjky6UkTz3gpFQFaPQsa7GBe1owZ4W/RnRZZbYSMfogZzQ+m/
CU8AsofMt66NSIaD92C709VUCe+GEkFMyibU89reeA5LJt/qXKud4WWJOemZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUd2twjVd+KqWFeoOLo3LLcCcCX+8wHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzczNzJlMzgzMTJlMzgzMDJl
MzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMyMzAzODM2MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFNUVAw
DQYJKoZIhvcNAQELBQADggEBAJdRyrckKpWtsxo3/ncMcDCCoTovOgHxDKAkoFm+
nDvGFM3pn8jQDhNdVAEvpjG20hQszeoX2bg3KUL0JwxTrwGX5hYevGB4ipZQWokn
Saz0UZWgLNFEklop9qi15saAtfAS612tYoNOmNtGYGB8dV83k49OlHIhtSIPqGfB
r0Z68AcLxDuPF8mPqUWbFs0DJeSEf4DIxSBzijlafrprEnq5uclnGdrgoiQd9yBZ
Y7IbMUUULBqRrKdDDQcxcgJE9wMqDz8WE/r0cccILD4bnAZkfS2s/JkDBAQPGVZ8
5iRCnn2v4tzl7R/XJnvNaWwpJupoJuIEGDzdUf78r4+qrp8=
-----END CERTIFICATE-----