Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS8075.roa
File:                     AS8075.roa (raw, json)
Hash identifier:          FTp0NX7X9tBT7WDdyWExXMRWpJoyScRkeW+0gDvonEs=
Subject key identifier:   22:D1:11:92:D7:50:FC:06:5E:2F:46:7E:6B:0C:31:7F:FB:D9:80:03
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       37FF6B23B2B9D1E66116E79DC22DD7FFF1C5E337
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS8075.roa
Signing time:             Wed 13 Aug 2025 02:56:08 +0000
ROA not before:           Wed 13 Aug 2025 02:51:08 +0000
ROA not after:            Wed 12 Aug 2026 02:56:08 +0000
asID:                     8075
IP address blocks:        45.158.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 02:42:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ff:6b:23:b2:b9:d1:e6:61:16:e7:9d:c2:2d:d7:ff:f1:c5:e3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 13 02:51:08 2025 GMT
            Not After : Aug 12 02:56:08 2026 GMT
        Subject: CN=22D11192D750FC065E2F467E6B0C317FFBD98003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cd:5a:a3:70:fe:36:c0:b2:3b:d4:20:e5:0e:
                    e9:9e:6b:52:c4:d7:2c:23:7d:95:78:1d:e2:64:bb:
                    61:62:89:90:e1:ce:52:c7:c2:f4:99:c2:c2:b7:b1:
                    d9:bf:2c:21:2e:95:ab:a0:11:cf:f8:75:31:f7:3d:
                    e8:ac:7e:95:1b:bc:e5:c8:a1:8c:95:71:88:ee:1f:
                    4a:f2:93:ca:6f:3e:81:ac:51:14:b8:9d:19:03:d5:
                    5e:3d:42:a9:34:29:4b:9e:b9:14:f8:d8:1a:3a:4b:
                    24:78:10:3d:09:bf:98:c4:26:b5:c4:56:b1:d4:7b:
                    5e:07:1b:48:5c:1f:91:09:90:2c:67:8f:6d:db:ed:
                    e4:cb:56:1e:3b:f6:9b:1d:a6:cd:fd:21:57:e7:29:
                    83:4b:97:0d:51:b6:d3:c9:4b:4a:73:aa:82:30:76:
                    a7:fd:fc:20:89:90:ff:e8:1e:c9:f8:e3:22:6b:35:
                    f5:f8:c2:4d:4a:91:04:54:ba:fa:1e:06:e1:41:88:
                    2e:a7:9e:57:6a:c7:38:89:35:fa:fd:e3:ff:ef:8c:
                    57:e0:e7:b0:13:3f:d0:28:83:63:7b:04:40:9e:2a:
                    62:07:c9:88:3c:3f:7e:e1:9e:d6:3c:f2:10:9b:f5:
                    a3:69:c0:7b:fb:d8:1a:d2:44:57:51:41:74:39:33:
                    25:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D1:11:92:D7:50:FC:06:5E:2F:46:7E:6B:0C:31:7F:FB:D9:80:03
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS8075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:50:02:26:cc:fe:9a:fb:4e:1d:13:ca:09:44:9a:ec:60:b7:
         c7:31:69:15:83:66:76:3e:61:c0:c1:6e:70:d1:ba:3b:b4:a8:
         8c:e4:60:a2:8d:b5:8f:3d:d4:48:6e:11:2f:7e:69:78:35:8d:
         31:16:1d:32:e8:79:95:03:64:fb:2a:86:3c:b6:af:84:e6:a0:
         34:06:98:c7:63:23:4e:12:8c:fc:39:32:19:28:bf:0e:e1:47:
         3a:0f:c0:dd:fe:20:17:85:08:f5:d1:40:6a:f8:29:31:da:0c:
         31:3d:e4:97:20:8e:73:4b:f1:04:8d:8f:64:04:87:9c:c7:21:
         e6:df:76:e9:9e:81:73:5d:53:72:b3:bb:11:50:b1:b2:e8:fa:
         c0:75:c2:2e:86:dd:f2:41:52:24:94:c4:f4:01:c5:29:c6:b6:
         eb:85:ba:b0:7b:f1:70:a0:73:68:a7:cf:3f:d0:88:f0:23:ad:
         e2:f0:d4:7d:8c:84:01:74:ca:26:ce:59:06:94:07:a0:d6:46:
         68:bb:c0:d7:ba:de:44:8a:00:20:a7:b3:f6:f3:11:6b:fa:bf:
         9f:4b:d3:0e:01:86:d9:94:31:60:ee:08:53:c2:7f:b2:de:f5:
         f3:3d:79:d2:57:a1:e7:3c:a2:f0:64:2f:a1:9d:9b:d3:ba:66:
         45:91:31:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUN/9rI7K50eZhFuedwi3X//HF4zcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MTMwMjUxMDhaFw0yNjA4MTIwMjU2MDhaMDMxMTAvBgNV
BAMTKDIyRDExMTkyRDc1MEZDMDY1RTJGNDY3RTZCMEMzMTdGRkJEOTgwMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7zVqjcP42wLI71CDlDumea1LE
1ywjfZV4HeJku2FiiZDhzlLHwvSZwsK3sdm/LCEulaugEc/4dTH3PeisfpUbvOXI
oYyVcYjuH0ryk8pvPoGsURS4nRkD1V49Qqk0KUueuRT42Bo6SyR4ED0Jv5jEJrXE
VrHUe14HG0hcH5EJkCxnj23b7eTLVh479psdps39IVfnKYNLlw1RttPJS0pzqoIw
dqf9/CCJkP/oHsn44yJrNfX4wk1KkQRUuvoeBuFBiC6nnldqxziJNfr94//vjFfg
57ATP9Aog2N7BECeKmIHyYg8P37hntY88hCb9aNpwHv72BrSRFdRQXQ5MyX3AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUItERktdQ/AZeL0Z+awwxf/vZgAMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODA3NS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2eCjAN
BgkqhkiG9w0BAQsFAAOCAQEAYFACJsz+mvtOHRPKCUSa7GC3xzFpFYNmdj5hwMFu
cNG6O7SojORgoo21jz3USG4RL35peDWNMRYdMuh5lQNk+yqGPLavhOagNAaYx2Mj
ThKM/DkyGSi/DuFHOg/A3f4gF4UI9dFAavgpMdoMMT3klyCOc0vxBI2PZASHnMch
5t926Z6Bc11TcrO7EVCxsuj6wHXCLobd8kFSJJTE9AHFKca264W6sHvxcKBzaKfP
P9CI8COt4vDUfYyEAXTKJs5ZBpQHoNZGaLvA17reRIoAIKez9vMRa/q/n0vTDgGG
2ZQxYO4IU8J/st718z150leh5zyi8GQvoZ2b07pmRZExaQ==
-----END CERTIFICATE-----