Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa
File:                     37372e37382e37302e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          sS9Kefb+eulI1D5RVansDWO6nIF7xmayxOME6+WX4eU=
Subject key identifier:   95:47:81:92:5E:2B:6B:3E:5A:75:96:BC:A5:F3:6F:7B:8E:3A:67:72
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       506E10749CC86B349D06CC48B4FA74047EC20089
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa
Signing time:             Wed 19 Feb 2025 08:45:45 +0000
ROA not before:           Wed 19 Feb 2025 08:40:45 +0000
ROA not after:            Wed 18 Feb 2026 08:45:45 +0000
asID:                     209854
IP address blocks:        77.78.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:6e:10:74:9c:c8:6b:34:9d:06:cc:48:b4:fa:74:04:7e:c2:00:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 19 08:40:45 2025 GMT
            Not After : Feb 18 08:45:45 2026 GMT
        Subject: CN=954781925E2B6B3E5A7596BCA5F36F7B8E3A6772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0d:f5:c2:19:cf:43:4c:41:df:17:7e:79:97:
                    62:69:99:c9:f1:ae:33:05:99:86:49:20:51:af:2b:
                    d4:f9:59:1a:c4:90:68:15:a1:e6:83:9e:bb:e3:73:
                    a7:87:c2:c6:5f:52:f4:2c:de:5f:90:4c:aa:c9:5e:
                    f1:f7:bf:b1:56:57:d3:19:47:42:2c:0c:6e:22:fe:
                    d1:6b:34:6d:27:b0:0c:e9:cd:31:a7:cc:b8:d1:71:
                    34:6a:32:e9:cc:45:1a:ba:0c:00:b7:14:3b:75:0f:
                    45:34:1d:78:3d:5f:43:ef:8d:7d:93:69:39:13:30:
                    b6:5f:33:ae:c7:25:85:d7:f3:42:f3:8e:ae:0b:1d:
                    64:37:60:14:a9:f3:9b:d0:fd:77:d8:75:13:73:11:
                    47:62:a5:24:6b:74:85:65:eb:34:06:ec:da:0c:6a:
                    65:9c:1a:c7:34:7d:be:a5:ef:37:46:44:0a:10:d1:
                    79:dd:14:68:5e:08:4b:0f:ef:d8:ea:46:38:82:30:
                    d6:ed:a7:92:a2:54:85:33:53:08:a9:8d:53:6b:96:
                    5e:60:bd:26:e2:f7:4f:97:98:31:88:11:4a:86:1b:
                    d2:e0:e1:38:7c:e7:54:5a:65:c5:51:4b:5c:58:ca:
                    af:62:3b:1a:ff:b1:38:bd:59:00:ec:c8:f7:8b:95:
                    21:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:47:81:92:5E:2B:6B:3E:5A:75:96:BC:A5:F3:6F:7B:8E:3A:67:72
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/37372e37382e37302e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:38:02:d7:eb:1e:e0:42:03:ca:3f:8c:2b:78:bb:71:7c:f8:
         17:1a:b1:0d:b6:c8:c4:5d:9b:f5:be:e2:e8:6a:98:32:57:4b:
         98:47:5f:83:5c:dd:6a:48:aa:92:19:4d:e5:19:57:5f:0a:e1:
         a6:c5:30:fa:ad:17:f6:cb:36:6c:bf:22:08:08:49:8a:83:16:
         ca:26:b7:14:55:21:41:20:07:3e:c0:16:73:e0:3a:77:ff:d9:
         0a:76:c0:e8:8a:37:84:a6:b0:d5:75:b8:b5:3b:5d:47:0b:60:
         ed:b5:39:0e:d1:7b:f9:bb:df:51:ec:c0:9f:64:95:fd:0a:0c:
         19:a9:a2:ee:20:bf:9d:53:60:73:53:fd:2c:b5:e3:18:55:e6:
         73:4a:b0:3a:21:16:e9:ce:e2:c1:0f:a2:cc:95:0f:4f:2c:e9:
         1d:32:f3:cc:b1:37:19:e9:fc:48:94:30:61:58:44:10:de:21:
         03:5a:7b:c3:4b:7c:22:1c:9b:6a:6b:dd:1f:1c:ee:85:49:97:
         43:95:44:ba:12:79:8e:a8:b0:d3:1c:bf:1c:da:3f:72:29:a9:
         2d:de:62:0f:ec:a7:eb:27:cf:5a:7c:c5:72:ca:36:8b:1f:31:
         28:8f:bc:dc:3d:80:dc:59:60:12:72:de:8b:63:98:67:02:65:
         7b:dd:cb:29
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUG4QdJzIazSdBsxItPp0BH7CAIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAyMTkwODQwNDVaFw0yNjAyMTgwODQ1NDVaMDMxMTAvBgNV
BAMTKDk1NDc4MTkyNUUyQjZCM0U1QTc1OTZCQ0E1RjM2RjdCOEUzQTY3NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChDfXCGc9DTEHfF355l2Jpmcnx
rjMFmYZJIFGvK9T5WRrEkGgVoeaDnrvjc6eHwsZfUvQs3l+QTKrJXvH3v7FWV9MZ
R0IsDG4i/tFrNG0nsAzpzTGnzLjRcTRqMunMRRq6DAC3FDt1D0U0HXg9X0PvjX2T
aTkTMLZfM67HJYXX80Lzjq4LHWQ3YBSp85vQ/XfYdRNzEUdipSRrdIVl6zQG7NoM
amWcGsc0fb6l7zdGRAoQ0XndFGheCEsP79jqRjiCMNbtp5KiVIUzUwipjVNrll5g
vSbi90+XmDGIEUqGG9Lg4Th851RaZcVRS1xYyq9iOxr/sTi9WQDsyPeLlSHDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUlUeBkl4raz5adZa8pfNve446Z3IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzczNzJlMzczODJlMzczMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1O
RjANBgkqhkiG9w0BAQsFAAOCAQEAJjgC1+se4EIDyj+MK3i7cXz4FxqxDbbIxF2b
9b7i6GqYMldLmEdfg1zdakiqkhlN5RlXXwrhpsUw+q0X9ss2bL8iCAhJioMWyia3
FFUhQSAHPsAWc+A6d//ZCnbA6Io3hKaw1XW4tTtdRwtg7bU5DtF7+bvfUezAn2SV
/QoMGami7iC/nVNgc1P9LLXjGFXmc0qwOiEW6c7iwQ+izJUPTyzpHTLzzLE3Gen8
SJQwYVhEEN4hA1p7w0t8IhybamvdHxzuhUmXQ5VEuhJ5jqiw0xy/HNo/cimpLd5i
D+yn6yfPWnzFcso2ix8xKI+83D2A3FlgEnLei2OYZwJle93LKQ==
-----END CERTIFICATE-----