Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38372e302f32342d3234203d3e20313336373837.roa
File:                     37372e3234332e38372e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          LnWrtugH3yD45AbBkLngYiG5Xqw02MukIi22zFKwZ1M=
Subject key identifier:   9C:6C:78:27:8C:49:A7:BB:85:34:16:B5:91:C7:8C:DC:A6:CA:1D:A4
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       5264A8C316D1519C90B426CDA7DCFAA749009A2D
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38372e302f32342d3234203d3e20313336373837.roa
Signing time:             Mon 01 Apr 2024 14:03:17 +0000
ROA not before:           Mon 01 Apr 2024 13:58:17 +0000
ROA not after:            Mon 31 Mar 2025 14:03:17 +0000
asID:                     136787
IP address blocks:        77.243.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:64:a8:c3:16:d1:51:9c:90:b4:26:cd:a7:dc:fa:a7:49:00:9a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr  1 13:58:17 2024 GMT
            Not After : Mar 31 14:03:17 2025 GMT
        Subject: CN=9C6C78278C49A7BB853416B591C78CDCA6CA1DA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:24:fe:6f:92:97:9c:1e:c8:68:1f:15:48:56:
                    41:e7:40:b7:c4:40:9a:61:97:3c:f6:08:34:c9:2b:
                    9e:49:6b:ef:3b:f2:a1:5e:c0:88:2e:01:4a:82:71:
                    a1:84:93:0a:e0:b4:34:fd:14:95:c4:61:dd:f4:cf:
                    bf:7a:58:cd:34:59:af:9c:f9:9f:71:eb:71:a9:49:
                    a3:82:cb:9c:02:e6:d7:18:c6:a5:19:8b:a0:0b:c8:
                    1e:07:4c:1c:56:66:66:e7:7d:20:ec:1b:14:1d:bc:
                    cd:51:aa:96:7b:d4:8e:82:3e:cb:89:df:a7:20:a1:
                    47:7e:26:c2:d1:a9:60:fd:6b:b7:35:17:0a:cc:2e:
                    2d:94:40:20:6a:14:7e:a0:05:8c:c7:e7:22:c0:50:
                    54:b6:38:86:80:59:17:6b:16:29:6e:f2:f1:07:24:
                    7f:7a:8e:80:b7:9f:1f:09:2c:69:c3:68:b8:16:d5:
                    4c:0a:dc:65:0e:19:c9:09:0e:2a:0d:9e:5a:3a:06:
                    88:50:04:25:9f:3f:c7:55:b9:13:2e:a8:a1:02:68:
                    69:29:e6:a8:4c:c9:ee:51:dd:e4:d0:af:60:dd:44:
                    0c:e6:e5:94:ab:98:28:30:70:01:3e:a3:c6:e6:96:
                    d4:67:c2:af:9e:da:c1:47:cf:f3:70:5b:ef:0f:67:
                    ec:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6C:78:27:8C:49:A7:BB:85:34:16:B5:91:C7:8C:DC:A6:CA:1D:A4
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/37372e3234332e38372e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:4e:06:5a:17:f8:fd:13:f2:db:6e:ea:87:46:71:33:a5:be:
         30:56:c5:e7:43:61:d3:07:a2:f9:63:ed:2e:6f:8a:2d:37:8d:
         a9:27:e8:b2:e2:7d:7f:66:65:5e:2f:9c:e5:fd:3b:aa:78:dc:
         46:c5:06:ef:d2:31:a0:78:74:7f:6f:cb:9d:a0:43:b0:fa:66:
         17:25:27:67:4f:20:0b:91:48:73:5f:47:0e:aa:19:75:34:97:
         bf:be:ee:e8:e3:dd:08:5a:07:a6:63:85:07:ba:5c:10:ae:1d:
         39:e2:4a:91:19:3c:b1:63:db:fe:2b:d8:b4:2d:fe:3e:b6:d4:
         f9:44:10:16:54:8e:de:72:93:28:a9:93:57:5e:37:84:4f:5e:
         70:f1:ad:0d:b7:12:7b:07:60:45:a7:33:39:d2:cd:19:66:0c:
         8a:37:78:57:42:fa:8d:61:c0:a4:9b:24:6f:3d:15:0a:25:b2:
         9e:fa:82:72:9c:54:a8:d1:bf:ca:d9:65:e2:96:ca:e0:4e:97:
         f6:24:41:db:65:8b:d4:77:d1:05:d5:cc:a3:81:f8:96:94:8e:
         e8:36:93:03:ff:a0:f0:97:a6:f5:ce:77:79:99:21:54:ff:1e:
         09:d5:8b:75:23:9a:fd:db:98:8d:19:40:db:01:f9:41:bc:75:
         95:a0:c3:bc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUUmSowxbRUZyQtCbNp9z6p0kAmi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MDExMzU4MTdaFw0yNTAzMzExNDAzMTdaMDMxMTAvBgNV
BAMTKDlDNkM3ODI3OEM0OUE3QkI4NTM0MTZCNTkxQzc4Q0RDQTZDQTFEQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdJP5vkpecHshoHxVIVkHnQLfE
QJphlzz2CDTJK55Ja+878qFewIguAUqCcaGEkwrgtDT9FJXEYd30z796WM00Wa+c
+Z9x63GpSaOCy5wC5tcYxqUZi6ALyB4HTBxWZmbnfSDsGxQdvM1RqpZ71I6CPsuJ
36cgoUd+JsLRqWD9a7c1FwrMLi2UQCBqFH6gBYzH5yLAUFS2OIaAWRdrFilu8vEH
JH96joC3nx8JLGnDaLgW1UwK3GUOGckJDioNnlo6BohQBCWfP8dVuRMuqKECaGkp
5qhMye5R3eTQr2DdRAzm5ZSrmCgwcAE+o8bmltRnwq+e2sFHz/NwW+8PZ+xlAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUnGx4J4xJp7uFNBa1kceM3KbKHaQwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzczNzJlMzIzNDMzMmUzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMzM2MzczODM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
TfNXMA0GCSqGSIb3DQEBCwUAA4IBAQCETgZaF/j9E/LbbuqHRnEzpb4wVsXnQ2HT
B6L5Y+0ub4otN42pJ+iy4n1/ZmVeL5zl/TuqeNxGxQbv0jGgeHR/b8udoEOw+mYX
JSdnTyALkUhzX0cOqhl1NJe/vu7o490IWgemY4UHulwQrh054kqRGTyxY9v+K9i0
Lf4+ttT5RBAWVI7ecpMoqZNXXjeET15w8a0NtxJ7B2BFpzM50s0ZZgyKN3hXQvqN
YcCkmyRvPRUKJbKe+oJynFSo0b/K2WXilsrgTpf2JEHbZYvUd9EF1cyjgfiWlI7o
NpMD/6Dwl6b1znd5mSFU/x4J1Yt1I5r925iNGUDbAflBvHWVoMO8
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:44 2024 by rpki-client on console-ams.rpki-client.org