Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20383334.roa
File:                     3137312e32322e37382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          prddV9UEM5RMGNi6FfCF3LT/bhOlmSUs34Fk5gtd2so=
Subject key identifier:   C3:A2:7A:B0:8F:A6:58:2A:7C:CF:F9:23:DB:F1:BE:86:8C:39:9F:58
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       413E2510CB28F3959C9BBA8FB8891C0102ED9449
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20383334.roa
Signing time:             Sun 29 Jun 2025 10:20:35 +0000
ROA not before:           Sun 29 Jun 2025 10:15:35 +0000
ROA not after:            Sun 28 Jun 2026 10:20:35 +0000
asID:                     834
IP address blocks:        171.22.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 12:33:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:3e:25:10:cb:28:f3:95:9c:9b:ba:8f:b8:89:1c:01:02:ed:94:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 29 10:15:35 2025 GMT
            Not After : Jun 28 10:20:35 2026 GMT
        Subject: CN=C3A27AB08FA6582A7CCFF923DBF1BE868C399F58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b1:9c:50:94:d3:3a:57:5f:ba:af:be:0b:f8:
                    08:e9:94:a9:ae:12:c7:1b:11:c2:e4:8d:02:85:64:
                    76:0d:d3:8a:b9:66:6b:92:22:3e:e1:f0:b9:58:f0:
                    60:66:c4:ee:c6:37:ae:d7:b2:08:b8:1a:0c:35:25:
                    ae:f1:d2:04:98:a0:26:31:7c:5f:04:fc:28:5e:94:
                    bb:0b:9e:b0:a8:24:82:c5:52:73:63:64:c1:4c:52:
                    27:22:b3:87:7a:e0:fd:49:9e:98:6f:e6:0c:4c:da:
                    fa:9e:97:f4:ce:a9:a4:3f:f5:b8:02:62:aa:42:31:
                    24:03:bd:d9:d0:04:e1:3d:ec:f1:6a:13:8d:be:f2:
                    37:cd:97:c3:b2:70:9a:d1:9e:ea:42:c9:ca:7b:63:
                    01:14:e3:a7:54:ad:1f:66:88:67:1c:e6:41:67:54:
                    87:0b:e3:a4:78:15:89:d2:96:79:ca:3f:05:51:1a:
                    9e:2e:94:a8:21:40:8c:45:b5:dc:a4:8a:4e:e7:1b:
                    71:ec:64:d1:83:53:b6:fb:4b:37:35:62:bf:b6:0a:
                    9c:c1:00:81:7c:75:78:dc:72:ec:71:5b:f7:ea:20:
                    a0:93:27:06:f1:8a:30:4d:f8:a0:ee:d1:19:2f:1e:
                    6c:59:88:f9:fb:b3:30:9b:dd:bc:b5:f0:96:7f:65:
                    8d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:A2:7A:B0:8F:A6:58:2A:7C:CF:F9:23:DB:F1:BE:86:8C:39:9F:58
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3137312e32322e37382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a4:70:7b:49:0e:d1:30:5b:55:3d:b6:e5:d0:b6:09:ba:1b:
         fe:61:f3:6f:98:a1:b8:35:6b:6b:6d:1a:c8:bf:c1:b1:85:3d:
         ef:d6:cb:29:a0:2e:33:ad:81:90:f3:7a:7d:76:d5:51:19:16:
         98:87:52:00:39:10:32:a1:df:af:b2:51:af:5c:c6:5f:49:75:
         a8:55:b6:66:a0:cf:a1:04:82:95:c4:dc:11:85:91:16:2d:0e:
         87:31:e2:1d:4a:50:0f:aa:0c:ec:5a:39:88:9e:f5:90:07:99:
         ef:d2:9b:d5:4a:b1:f7:c7:78:ef:ff:7b:bf:bc:de:7d:fb:86:
         78:53:5b:4d:67:9f:9d:1b:fd:a5:3b:e5:b1:63:82:52:a8:6e:
         f8:19:68:1d:e0:fc:49:a0:96:b9:09:da:0b:d6:b0:c7:01:3f:
         a1:39:89:3f:f6:03:9e:39:5f:38:af:18:c5:01:9b:81:92:cf:
         53:ba:6e:9f:80:e8:2d:35:4b:d1:1a:44:af:03:16:fb:93:6f:
         ce:5b:c6:bc:c8:7c:9c:ee:39:03:58:61:58:35:a3:9d:11:ff:
         3b:e7:55:a8:5e:df:62:4c:16:bb:17:2a:b4:34:5a:74:df:a2:
         b4:ba:55:73:48:e7:17:e4:42:f1:70:6d:0f:11:5c:87:5e:3e:
         82:35:f6:e9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQT4lEMso85Wcm7qPuIkcAQLtlEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MjkxMDE1MzVaFw0yNjA2MjgxMDIwMzVaMDMxMTAvBgNV
BAMTKEMzQTI3QUIwOEZBNjU4MkE3Q0NGRjkyM0RCRjFCRTg2OEMzOTlGNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpsZxQlNM6V1+6r74L+AjplKmu
EscbEcLkjQKFZHYN04q5ZmuSIj7h8LlY8GBmxO7GN67Xsgi4Ggw1Ja7x0gSYoCYx
fF8E/ChelLsLnrCoJILFUnNjZMFMUicis4d64P1Jnphv5gxM2vqel/TOqaQ/9bgC
YqpCMSQDvdnQBOE97PFqE42+8jfNl8OycJrRnupCycp7YwEU46dUrR9miGcc5kFn
VIcL46R4FYnSlnnKPwVRGp4ulKghQIxFtdykik7nG3HsZNGDU7b7Szc1Yr+2CpzB
AIF8dXjccuxxW/fqIKCTJwbxijBN+KDu0RkvHmxZiPn7szCb3by18JZ/ZY1VAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUw6J6sI+mWCp8z/kj2/G+how5n1gwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzNzMxMmUzMjMyMmUzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxZOMA0G
CSqGSIb3DQEBCwUAA4IBAQB6pHB7SQ7RMFtVPbbl0LYJuhv+YfNvmKG4NWtrbRrI
v8GxhT3v1sspoC4zrYGQ83p9dtVRGRaYh1IAORAyod+vslGvXMZfSXWoVbZmoM+h
BIKVxNwRhZEWLQ6HMeIdSlAPqgzsWjmInvWQB5nv0pvVSrH3x3jv/3u/vN59+4Z4
U1tNZ5+dG/2lO+WxY4JSqG74GWgd4PxJoJa5CdoL1rDHAT+hOYk/9gOeOV84rxjF
AZuBks9Tum6fgOgtNUvRGkSvAxb7k2/OW8a8yHyc7jkDWGFYNaOdEf8751WoXt9i
TBa7Fyq0NFp036K0ulVzSOcX5ELxcG0PEVyHXj6CNfbp
-----END CERTIFICATE-----