Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e20383334.roa
File:                     37372e38332e3235342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9TBOkx4uTsAnXNywhEylidWDHl1aUs1z3NRdWDIYtdc=
Subject key identifier:   D4:B1:1E:AF:66:AF:0A:6B:FD:6E:0B:AD:0B:6E:BB:86:F9:02:E5:D3
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       789F2E592F2E7C4A662303E4A1F91914ED7DE8AE
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 28 Oct 2025 00:06:02 +0000
ROA not before:           Tue 28 Oct 2025 00:01:02 +0000
ROA not after:            Tue 27 Oct 2026 00:06:02 +0000
asID:                     834
IP address blocks:        77.83.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 14:46:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:9f:2e:59:2f:2e:7c:4a:66:23:03:e4:a1:f9:19:14:ed:7d:e8:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Oct 28 00:01:02 2025 GMT
            Not After : Oct 27 00:06:02 2026 GMT
        Subject: CN=D4B11EAF66AF0A6BFD6E0BAD0B6EBB86F902E5D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:ba:5f:84:c9:eb:3b:48:4c:ff:7a:d7:85:b6:
                    a9:3a:e3:a2:0c:f4:71:1a:94:16:21:6f:78:9d:6d:
                    85:79:cb:05:5b:4e:99:72:4e:88:dd:d3:dd:b7:08:
                    3d:8f:77:10:0c:3d:66:4c:e7:09:64:5f:e4:36:8f:
                    6d:d3:d8:f4:21:d8:fb:3b:f2:d0:ba:b3:13:d4:a6:
                    c7:22:19:9c:ac:9d:54:64:1a:c3:c1:75:96:81:23:
                    72:38:58:bf:bd:6c:6f:31:b6:b8:ca:7f:b7:ee:40:
                    16:c0:b2:75:ed:cd:4e:bc:5e:9a:d4:7d:0a:1c:93:
                    25:0e:f2:34:c4:be:90:73:cc:4f:05:aa:84:bd:4f:
                    21:e3:04:56:d5:cc:a5:8c:c3:18:fe:fe:d5:8e:e7:
                    94:d4:1e:39:48:d8:f8:9c:bb:fa:dc:3c:4e:44:d8:
                    b1:71:98:4e:bd:42:1d:ac:b5:c8:70:87:1d:e5:c7:
                    04:f9:8a:ab:73:d4:64:2c:84:ef:51:15:0b:2c:07:
                    23:bd:6b:04:72:f8:24:a3:d6:18:6d:8f:08:a4:11:
                    ac:17:6d:15:57:07:c8:cd:34:fb:a0:a3:00:04:4e:
                    0f:c6:19:1b:1a:b0:02:eb:c6:0a:6f:aa:1e:74:01:
                    2b:0b:3b:54:d8:58:fc:ad:93:fd:2b:be:2b:0e:10:
                    4c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B1:1E:AF:66:AF:0A:6B:FD:6E:0B:AD:0B:6E:BB:86:F9:02:E5:D3
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:07:ae:b5:a0:1c:49:59:db:90:ce:ce:d0:d8:26:29:e5:15:
         02:05:7d:d6:1e:c8:0a:a5:91:45:bd:42:df:21:35:f7:01:29:
         e5:fd:83:03:aa:cb:5f:b5:d6:cc:70:db:21:64:de:e0:a4:40:
         50:c2:0d:57:21:c0:79:b5:48:e9:30:1d:9f:66:02:93:94:7a:
         6c:ab:6c:17:04:40:1a:f4:b7:d2:76:98:f8:b2:c2:c8:72:9e:
         13:3f:01:a1:02:2c:2d:bc:bd:18:0f:1a:db:13:13:48:75:ab:
         a9:d7:89:97:37:2f:0a:ee:91:c6:6a:ea:9b:08:84:56:0a:a5:
         64:f5:5b:20:77:cc:78:05:ad:83:81:b0:bb:e8:a6:82:8b:38:
         cd:43:13:10:b4:ae:3c:ce:88:38:ca:cb:cc:af:dd:86:bf:26:
         01:cd:68:29:df:c2:f4:c4:16:66:d9:08:cf:05:b9:e8:7d:1c:
         a5:7f:f5:a8:a4:33:d5:0d:82:cb:12:26:b3:c4:eb:1a:6d:71:
         6c:18:a7:60:ba:3a:eb:a8:99:9d:95:4c:3b:19:51:ed:fd:d6:
         4e:7b:12:88:98:ba:fb:f9:90:5b:a3:76:2f:bb:60:8c:9c:12:
         c1:94:c9:56:54:8e:51:98:7e:46:b0:c9:60:6b:09:9f:98:20:
         df:4d:31:2e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUeJ8uWS8ufEpmIwPkofkZFO196K4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTEwMjgwMDAxMDJaFw0yNjEwMjcwMDA2MDJaMDMxMTAvBgNV
BAMTKEQ0QjExRUFGNjZBRjBBNkJGRDZFMEJBRDBCNkVCQjg2RjkwMkU1RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzul+Eyes7SEz/eteFtqk646IM
9HEalBYhb3idbYV5ywVbTplyTojd0923CD2PdxAMPWZM5wlkX+Q2j23T2PQh2Ps7
8tC6sxPUpsciGZysnVRkGsPBdZaBI3I4WL+9bG8xtrjKf7fuQBbAsnXtzU68XprU
fQockyUO8jTEvpBzzE8FqoS9TyHjBFbVzKWMwxj+/tWO55TUHjlI2Picu/rcPE5E
2LFxmE69Qh2stchwhx3lxwT5iqtz1GQshO9RFQssByO9awRy+CSj1hhtjwikEawX
bRVXB8jNNPugowAETg/GGRsasALrxgpvqh50ASsLO1TYWPytk/0rvisOEExFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1LEer2avCmv9bgutC267hvkC5dMwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzczNzJlMzgzMzJlMzIzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVP+MA0G
CSqGSIb3DQEBCwUAA4IBAQCMB661oBxJWduQzs7Q2CYp5RUCBX3WHsgKpZFFvULf
ITX3ASnl/YMDqstftdbMcNshZN7gpEBQwg1XIcB5tUjpMB2fZgKTlHpsq2wXBEAa
9LfSdpj4ssLIcp4TPwGhAiwtvL0YDxrbExNIdaup14mXNy8K7pHGauqbCIRWCqVk
9Vsgd8x4Ba2DgbC76KaCizjNQxMQtK48zog4ysvMr92GvyYBzWgp38L0xBZm2QjP
BbnofRylf/WopDPVDYLLEiazxOsabXFsGKdgujrrqJmdlUw7GVHt/dZOexKImLr7
+ZBbo3Yvu2CMnBLBlMlWVI5RmH5GsMlgawmfmCDfTTEu
-----END CERTIFICATE-----