Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa
File:                     3137312e32322e37372e302f32342d3234203d3e203630373930.roa (raw, json)
Hash identifier:          t2E1Ajv5VL5Y3fJRH0j9jFheRMSZC/fDjNK3c37leWY=
Subject key identifier:   1A:14:30:3F:A8:C1:B7:3E:6B:8E:94:6D:41:50:1D:21:30:DB:C7:3D
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       57CA7A5A19CC45AAB529183FB338007C7DAE0466
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa
Signing time:             Wed 04 Jun 2025 12:54:08 +0000
ROA not before:           Wed 04 Jun 2025 12:49:08 +0000
ROA not after:            Wed 03 Jun 2026 12:54:08 +0000
asID:                     60790
IP address blocks:        171.22.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 18:46:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:ca:7a:5a:19:cc:45:aa:b5:29:18:3f:b3:38:00:7c:7d:ae:04:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  4 12:49:08 2025 GMT
            Not After : Jun  3 12:54:08 2026 GMT
        Subject: CN=1A14303FA8C1B73E6B8E946D41501D2130DBC73D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:88:ae:1e:f8:64:9b:3b:17:6c:47:f9:72:58:
                    4f:98:c3:ee:64:ee:16:71:5c:ef:f4:a5:f6:98:b7:
                    fc:c9:9d:95:7d:21:d6:6e:fd:45:1a:a9:16:97:94:
                    a5:38:db:f9:51:99:89:5f:23:c5:62:10:76:6b:e1:
                    22:36:b6:d0:e3:2b:00:8c:d2:22:e6:12:d8:0b:95:
                    8b:9d:34:ef:9b:39:08:e2:14:2c:aa:88:cf:e8:e2:
                    ea:4d:32:06:c4:5d:ac:73:86:f2:5d:f0:c5:4a:7a:
                    18:d1:84:e5:2c:21:5a:1e:fe:91:b8:b6:89:58:8d:
                    76:f5:7d:29:b8:32:af:a3:f0:c9:bd:68:81:3a:75:
                    04:8a:fa:91:4f:cf:17:9e:66:a5:82:30:6d:a0:79:
                    fe:f9:a5:c5:02:0d:c0:3b:95:31:d1:08:5c:6c:78:
                    94:38:5c:3f:d4:1e:97:e3:3f:f9:e4:e1:87:6d:86:
                    e0:10:ba:25:eb:1d:33:e5:41:e8:ca:30:54:2b:da:
                    a9:36:57:b7:c6:0e:eb:fb:fa:3e:7e:58:27:35:9c:
                    c5:9d:68:bb:fc:8b:cb:4b:66:02:1e:e0:c1:4a:73:
                    e1:e2:0f:e0:33:e2:81:5e:b6:cf:d6:d0:21:81:7c:
                    77:72:f6:3d:4f:b7:55:09:aa:23:48:cd:35:96:c3:
                    4a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:14:30:3F:A8:C1:B7:3E:6B:8E:94:6D:41:50:1D:21:30:DB:C7:3D
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37372e302f32342d3234203d3e203630373930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1f:95:c2:1b:88:42:90:07:c1:1b:09:e9:93:4d:09:ab:0d:
         5c:73:ea:74:9f:ae:dc:c7:e4:8f:98:9a:7c:9b:14:1a:ab:ef:
         3f:78:b1:f1:ec:f4:c1:6f:bb:36:29:08:5b:ea:2f:04:30:9c:
         f8:ca:33:f2:b8:66:ba:b0:da:17:cb:d0:b9:20:b0:bd:41:12:
         b5:f6:0c:f9:e9:ca:1e:2a:42:54:f2:36:dd:0c:df:0d:32:58:
         1d:bc:eb:15:e7:90:db:52:ab:86:9f:7e:37:7b:08:27:5c:48:
         b5:3b:bc:a2:b9:a0:4a:ec:2b:b3:80:d0:c6:a6:93:67:78:25:
         eb:7f:37:1e:ed:57:c1:9a:3d:61:7e:69:8e:1b:17:15:33:7e:
         02:03:c3:14:cd:bf:03:71:fe:98:17:06:25:26:7e:09:6d:1a:
         44:9b:4c:f1:d5:7b:78:0f:f0:b3:d4:06:da:b7:ad:c4:e3:67:
         45:2b:ff:7a:5b:a0:63:7d:ee:67:fe:64:7a:87:35:2d:cd:1c:
         60:f9:bf:d2:88:7a:72:af:84:a0:d5:66:b2:a4:b2:cc:10:90:
         1a:8e:3f:bd:61:12:87:72:fa:fc:5a:d7:09:c6:64:5a:06:0b:
         06:f2:df:41:3d:bc:b1:04:5e:c6:84:da:df:7d:d1:7c:ac:47:
         f1:6f:7b:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUV8p6WhnMRaq1KRg/szgAfH2uBGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MDQxMjQ5MDhaFw0yNjA2MDMxMjU0MDhaMDMxMTAvBgNV
BAMTKDFBMTQzMDNGQThDMUI3M0U2QjhFOTQ2RDQxNTAxRDIxMzBEQkM3M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUiK4e+GSbOxdsR/lyWE+Yw+5k
7hZxXO/0pfaYt/zJnZV9IdZu/UUaqRaXlKU42/lRmYlfI8ViEHZr4SI2ttDjKwCM
0iLmEtgLlYudNO+bOQjiFCyqiM/o4upNMgbEXaxzhvJd8MVKehjRhOUsIVoe/pG4
tolYjXb1fSm4Mq+j8Mm9aIE6dQSK+pFPzxeeZqWCMG2gef75pcUCDcA7lTHRCFxs
eJQ4XD/UHpfjP/nk4YdthuAQuiXrHTPlQejKMFQr2qk2V7fGDuv7+j5+WCc1nMWd
aLv8i8tLZgIe4MFKc+HiD+Az4oFets/W0CGBfHdy9j1Pt1UJqiNIzTWWw0qVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGhQwP6jBtz5rjpRtQVAdITDbxz0wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzNzMxMmUzMjMyMmUzNzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzkzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKsW
TTANBgkqhkiG9w0BAQsFAAOCAQEATx+VwhuIQpAHwRsJ6ZNNCasNXHPqdJ+u3Mfk
j5iafJsUGqvvP3ix8ez0wW+7NikIW+ovBDCc+Moz8rhmurDaF8vQuSCwvUEStfYM
+enKHipCVPI23QzfDTJYHbzrFeeQ21Krhp9+N3sIJ1xItTu8ormgSuwrs4DQxqaT
Z3gl6383Hu1XwZo9YX5pjhsXFTN+AgPDFM2/A3H+mBcGJSZ+CW0aRJtM8dV7eA/w
s9QG2retxONnRSv/elugY33uZ/5keoc1Lc0cYPm/0oh6cq+EoNVmsqSyzBCQGo4/
vWESh3L6/FrXCcZkWgYLBvLfQT28sQRexoTa333RfKxH8W978Q==
-----END CERTIFICATE-----