Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
File:                     37372e38332e3235322e302f32342d3234203d3e203533313037.roa (raw, json)
Hash identifier:          3Dh0+QL4Ca7K3/8ZGEgIxNy6qmtIRAGaEkPcZns1GuY=
Subject key identifier:   F4:30:8F:F0:32:57:72:0B:5E:08:9B:55:5E:5C:23:2C:8B:37:D7:37
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       7517409A7CFE00112BDE98A48C22E8D8C1A88FEB
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa
Signing time:             Mon 15 Sep 2025 12:55:07 +0000
ROA not before:           Mon 15 Sep 2025 12:50:07 +0000
ROA not after:            Mon 14 Sep 2026 12:55:07 +0000
asID:                     53107
IP address blocks:        77.83.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 16:41:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:17:40:9a:7c:fe:00:11:2b:de:98:a4:8c:22:e8:d8:c1:a8:8f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Sep 15 12:50:07 2025 GMT
            Not After : Sep 14 12:55:07 2026 GMT
        Subject: CN=F4308FF03257720B5E089B555E5C232C8B37D737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:84:8a:49:e0:da:a3:52:1b:48:79:16:46:5d:
                    e4:61:77:f1:e5:d7:2e:81:0f:60:74:54:77:18:a8:
                    52:3a:69:b6:4b:69:fd:5d:c2:a2:db:19:eb:a1:39:
                    ef:b1:b4:38:00:ce:c0:27:bb:55:43:54:d7:03:18:
                    f4:51:33:74:75:68:1d:42:80:ec:d5:13:ea:f7:71:
                    ef:bc:5b:cb:a7:dd:4f:77:dd:1f:f5:37:09:9f:06:
                    40:d9:d4:a8:80:6c:51:75:98:b9:03:78:48:c1:4c:
                    cb:a5:71:d4:bf:f0:29:a9:37:67:14:f1:52:55:de:
                    69:5f:de:f8:69:7b:e2:95:f5:14:92:8a:d4:5e:d9:
                    f0:58:26:ef:b2:a8:d9:90:a5:77:f9:dc:86:3f:eb:
                    af:67:70:93:2f:f5:e3:ba:41:bc:3f:15:8c:cb:04:
                    12:49:a4:a4:47:53:f3:2b:1c:d8:e2:49:da:59:2f:
                    68:ba:72:13:bf:b2:8c:8e:57:90:7f:a7:4b:26:a8:
                    20:c3:12:bb:d7:8f:1f:72:bc:2f:72:30:62:60:7d:
                    0e:b6:48:ca:ed:c2:52:4d:3e:11:e2:a7:4b:01:17:
                    61:78:be:a1:b4:b8:db:3f:40:32:3e:5f:36:0e:a8:
                    87:67:e9:93:f8:df:1a:f9:ac:ad:30:dc:88:14:f0:
                    a5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:30:8F:F0:32:57:72:0B:5E:08:9B:55:5E:5C:23:2C:8B:37:D7:37
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/37372e38332e3235322e302f32342d3234203d3e203533313037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:1f:eb:da:5a:03:cd:63:64:c5:70:c7:72:35:99:d7:21:c4:
         01:75:07:58:0d:ec:26:d4:90:77:e8:2e:14:33:c5:eb:2e:ff:
         83:0d:96:e4:08:47:38:42:dd:a6:57:cb:50:95:ce:1f:54:39:
         ed:9c:84:4d:e8:57:15:1e:57:be:59:7f:6f:75:3c:93:ac:27:
         37:77:0d:76:83:f3:f1:12:d8:4f:3d:3a:a7:26:f4:30:ed:4e:
         7b:6d:36:2f:44:95:3d:95:3f:d2:59:0a:28:2a:5f:11:8b:6e:
         b5:11:51:2a:7f:a3:3e:8c:2a:4b:bc:0d:ea:7c:49:5d:3f:f5:
         54:af:7c:97:62:e5:cf:63:05:35:75:e3:de:22:44:4e:fb:21:
         f6:4a:9e:57:74:f3:4a:8c:2c:6f:9b:42:61:a4:4d:25:e1:b5:
         49:4b:ed:d9:40:74:3b:06:7d:15:24:d2:3d:09:75:54:01:ca:
         e4:c5:2c:4b:3a:88:6f:17:a3:f1:8c:d5:a5:3b:33:68:46:2d:
         78:d3:dc:7a:fd:64:01:bf:0b:00:85:e8:85:5d:15:fd:0a:6a:
         44:ce:2c:a6:d9:29:b7:46:0f:37:70:30:dd:fd:a7:e9:3b:55:
         56:3c:b0:3b:01:d5:d7:5e:6f:4f:e7:2e:33:06:8d:88:a0:c9:
         13:07:6b:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdRdAmnz+ABEr3pikjCLo2MGoj+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTA5MTUxMjUwMDdaFw0yNjA5MTQxMjU1MDdaMDMxMTAvBgNV
BAMTKEY0MzA4RkYwMzI1NzcyMEI1RTA4OUI1NTVFNUMyMzJDOEIzN0Q3MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkhIpJ4NqjUhtIeRZGXeRhd/Hl
1y6BD2B0VHcYqFI6abZLaf1dwqLbGeuhOe+xtDgAzsAnu1VDVNcDGPRRM3R1aB1C
gOzVE+r3ce+8W8un3U933R/1NwmfBkDZ1KiAbFF1mLkDeEjBTMulcdS/8CmpN2cU
8VJV3mlf3vhpe+KV9RSSitRe2fBYJu+yqNmQpXf53IY/669ncJMv9eO6Qbw/FYzL
BBJJpKRHU/MrHNjiSdpZL2i6chO/soyOV5B/p0smqCDDErvXjx9yvC9yMGJgfQ62
SMrtwlJNPhHip0sBF2F4vqG0uNs/QDI+XzYOqIdn6ZP43xr5rK0w3IgU8KX7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9DCP8DJXcgteCJtVXlwjLIs31zcwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzczNzJlMzgzMzJlMzIzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMxMzAzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1T
/DANBgkqhkiG9w0BAQsFAAOCAQEAkh/r2loDzWNkxXDHcjWZ1yHEAXUHWA3sJtSQ
d+guFDPF6y7/gw2W5AhHOELdplfLUJXOH1Q57ZyETehXFR5Xvll/b3U8k6wnN3cN
doPz8RLYTz06pyb0MO1Oe202L0SVPZU/0lkKKCpfEYtutRFRKn+jPowqS7wN6nxJ
XT/1VK98l2Llz2MFNXXj3iJETvsh9kqeV3TzSowsb5tCYaRNJeG1SUvt2UB0OwZ9
FSTSPQl1VAHK5MUsSzqIbxej8YzVpTszaEYteNPcev1kAb8LAIXohV0V/QpqRM4s
ptkpt0YPN3Aw3f2n6TtVVjywOwHV115vT+cuMwaNiKDJEwdr+Q==
-----END CERTIFICATE-----